test for TLS SNI extension

2 files changed, 21 insertions, 0 deletions

diff --git a/configure.ac b/configure.ac
index 38568978..e242067f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1294,6 +1294,25 @@ AM_CONDITIONAL([HAVE_GCM_CRYPTO], [test $EXPERIMENTAL_GCM_CRYPTO = yes])
 ##chl
 
 ##gilles
+OPENSSL_SUPPORTS_SNI=no
+AC_MSG_CHECKING([if programs using TLSEXT_NAMETYPE_host_name will link])
+AC_LINK_IFELSE(
+	[AC_LANG_PROGRAM([[ #include <openssl/ssl.h> ]],
+	[[ SSL_CTX_set_tlsext_servername_callback(NULL, NULL); ]])],
+	[
+		AC_MSG_RESULT([yes])
+		AC_DEFINE([HAVE_TLSEXT_SERVERNAME], [1],
+			[Define if you want to enable TLS extension SERVERNAME])
+		OPENSSL_SUPPORTS_SNI=yes
+	],
+	[
+		AC_MSG_RESULT([no])
+	]
+)
+AM_CONDITIONAL([HAVE_TLSEXT_SERVERNAME], [test $OPENSSL_SUPPORTS_SNI = yes])
+##gilles
+
+##gilles
 AC_MSG_CHECKING([if SSL_OP_NO_TICKET is supported])
 AC_EGREP_CPP(HAVE_SSL_OP_NO_TICKET, [
 #include <openssl/ssl.h>
diff --git a/smtpd/ssl_smtpd.c b/smtpd/ssl_smtpd.c
index da60de13..a8455f4c 100644
--- a/smtpd/ssl_smtpd.c
+++ b/smtpd/ssl_smtpd.c
@@ -107,10 +107,12 @@ ssl_smtp_init(void *ssl_ctx, char *cert, off_t cert_len, char *key, off_t key_le
 
 	SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, dummy_verify);
 
+#if defined HAVE_TLSEXT_SERVERNAME
 	if (cb) {
 		SSL_CTX_set_tlsext_servername_callback(ssl_ctx, cb);
 		SSL_CTX_set_tlsext_servername_arg(ssl_ctx, arg);
 	}
+#endif
 
 	if ((ssl = SSL_new(ssl_ctx)) == NULL)
 		goto err;