X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/19411b971b43385bbc15f1c9cfb4a2665cd5ebb5..00c626ff05455c94d926c31371ea966abf7abc1e:/sbr/netsec.c

diff --git a/sbr/netsec.c b/sbr/netsec.c
index b8806a17..e0dd0c28 100644
--- a/sbr/netsec.c
+++ b/sbr/netsec.c
@@ -1,6 +1,4 @@
-
-/*
- * netsec.c -- Network security routines for handling protocols that
+/* netsec.c -- Network security routines for handling protocols that
  *	       require SASL and/or TLS.
  *
  * This code is Copyright (c) 2016, by the authors of nmh.  See the
@@ -1011,14 +1009,13 @@ netsec_set_sasl_params(netsec_context *nsc, const char *service,
     nsc->sasl_creds = nmh_get_credentials(nsc->ns_hostname, nsc->ns_userid);
 
 #else /* CYRUS_SASL */
-    NMH_UNUSED(hostname);
     NMH_UNUSED(service);
     NMH_UNUSED(errstr);
 #endif /* CYRUS_SASL */
 
     /*
      * According to the RFC, mechanisms can only be uppercase letter, numbers,
-     * and a hypen or underscore.  So make sure we uppercase any letters
+     * and a hyphen or underscore.  So make sure we uppercase any letters
      * in case the user passed in lowercase.
      */
 
@@ -1543,7 +1540,9 @@ netsec_set_tls(netsec_context *nsc, int tls, int noverify, char **errstr)
 	 */
 
 	if (! noverify) {
+#ifdef HAVE_X509_VERIFY_PARAM_SET1_HOST
 	    X509_VERIFY_PARAM *param;
+#endif /* HAVE_X509_VERIFY_PARAM_SET1_HOST */
 
 	    SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL);
 	    if (! nsc->ns_hostname) {
@@ -1553,6 +1552,7 @@ netsec_set_tls(netsec_context *nsc, int tls, int noverify, char **errstr)
 		return NOTOK;
 	    }
 
+#ifdef HAVE_X509_VERIFY_PARAM_SET1_HOST
 	    param = SSL_get0_param(ssl);
 
 	    if (! X509_VERIFY_PARAM_set1_host(param, nsc->ns_hostname, 0)) {
@@ -1562,6 +1562,7 @@ netsec_set_tls(netsec_context *nsc, int tls, int noverify, char **errstr)
 		SSL_free(ssl);
 		return NOTOK;
 	    }
+#endif /* HAVE_X509_VERIFY_PARAM_SET1_HOST */
 	}
 
 	ssl_bio = BIO_new(BIO_f_ssl());