diff options
author | Gilles Chehade <gilles@poolp.org> | 2013-12-14 20:41:41 +0100 |
---|---|---|
committer | Gilles Chehade <gilles@poolp.org> | 2013-12-14 20:41:41 +0100 |
commit | 5ddeae14290783f0257f55016c4f281f459fb550 (patch) | |
tree | b58f694ec6d596b216510db4bba185b8fa5dbd8a | |
parent | Merge branch 'master' into portable (diff) | |
download | OpenSMTPD-5ddeae14290783f0257f55016c4f281f459fb550.tar.xz OpenSMTPD-5ddeae14290783f0257f55016c4f281f459fb550.zip |
test for TLS SNI extension
-rw-r--r-- | configure.ac | 19 | ||||
-rw-r--r-- | smtpd/ssl_smtpd.c | 2 |
2 files changed, 21 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 38568978..e242067f 100644 --- a/configure.ac +++ b/configure.ac @@ -1294,6 +1294,25 @@ AM_CONDITIONAL([HAVE_GCM_CRYPTO], [test $EXPERIMENTAL_GCM_CRYPTO = yes]) ##chl ##gilles +OPENSSL_SUPPORTS_SNI=no +AC_MSG_CHECKING([if programs using TLSEXT_NAMETYPE_host_name will link]) +AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ #include <openssl/ssl.h> ]], + [[ SSL_CTX_set_tlsext_servername_callback(NULL, NULL); ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_TLSEXT_SERVERNAME], [1], + [Define if you want to enable TLS extension SERVERNAME]) + OPENSSL_SUPPORTS_SNI=yes + ], + [ + AC_MSG_RESULT([no]) + ] +) +AM_CONDITIONAL([HAVE_TLSEXT_SERVERNAME], [test $OPENSSL_SUPPORTS_SNI = yes]) +##gilles + +##gilles AC_MSG_CHECKING([if SSL_OP_NO_TICKET is supported]) AC_EGREP_CPP(HAVE_SSL_OP_NO_TICKET, [ #include <openssl/ssl.h> diff --git a/smtpd/ssl_smtpd.c b/smtpd/ssl_smtpd.c index da60de13..a8455f4c 100644 --- a/smtpd/ssl_smtpd.c +++ b/smtpd/ssl_smtpd.c @@ -107,10 +107,12 @@ ssl_smtp_init(void *ssl_ctx, char *cert, off_t cert_len, char *key, off_t key_le SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, dummy_verify); +#if defined HAVE_TLSEXT_SERVERNAME if (cb) { SSL_CTX_set_tlsext_servername_callback(ssl_ctx, cb); SSL_CTX_set_tlsext_servername_arg(ssl_ctx, arg); } +#endif if ((ssl = SSL_new(ssl_ctx)) == NULL) goto err; |