On 2012-05-21 at 07:40 -0700, Todd Lyons wrote: > On Sun, May 20, 2012 at 4:32 PM, Phil Pennock <p...@exim.org> wrote: > > On 2012-05-20 at 08:02 -0700, Todd Lyons wrote: > >> Do we need to add some detection of openssl version or is this also going > >> to be a backwards incompatible change? > > There's some around registering the callback but not around defining the > > content, an oversight. I'll clean it up a little. > > Is this possibly one more of those functions that needs a little detection > wrapping?
It's the client-side sending of SNI. Try this. diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index eeab9c1..ebc5a62 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -46,7 +46,9 @@ static BOOL verify_callback_called = FALSE; static const uschar *sid_ctx = US"exim"; static SSL_CTX *ctx = NULL; +#ifdef EXIM_HAVE_OPENSSL_TLSEXT static SSL_CTX *ctx_sni = NULL; +#endif static SSL *ssl = NULL; static char ssl_errstring[256]; @@ -1257,8 +1259,14 @@ if (sni) tls_sni = NULL; else { +#ifdef EXIM_HAVE_OPENSSL_TLSEXT DEBUG(D_tls) debug_printf("Setting TLS SNI \"%s\"\n", tls_sni); SSL_set_tlsext_host_name(ssl, tls_sni); +#else + DEBUG(D_tls) + debug_printf("OpenSSL at build-time lacked SNI support, ignoring \"%s\"\n", + tls_sni); +#endif } } -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##