20120425 Workaround: bugs in 10-year old gcc versions break compilation with #ifdef inside a macro invocation (NOT: definition). Files: tls/tls.h, tls/tls_client.c, tls/tls_server.c. diff -cr /var/tmp/postfix-2.10-20120422/src/tls/tls.h src/tls/tls.h *** /var/tmp/postfix-2.10-20120422/src/tls/tls.h Sun Apr 22 18:28:54 2012 --- src/tls/tls.h Wed Apr 25 08:48:36 2012 *************** *** 177,187 **** --- 177,191 ---- #define TLS_PROTOCOL_TLSv1_1 (1<<3) /* TLSv1_1 */ #else #define TLS_PROTOCOL_TLSv1_1 0 /* Unknown */ + #undef SSL_OP_NO_TLSv1_1 + #define SSL_OP_NO_TLSv1_1 0L /* Noop */ #endif #ifdef SSL_TXT_TLSV1_2 #define TLS_PROTOCOL_TLSv1_2 (1<<4) /* TLSv1_2 */ #else #define TLS_PROTOCOL_TLSv1_2 0 /* Unknown */ + #undef SSL_OP_NO_TLSv1_2 + #define SSL_OP_NO_TLSv1_2 0L /* Noop */ #endif #define TLS_KNOWN_PROTOCOLS \ ( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \ diff -cr /var/tmp/postfix-2.10-20120422/src/tls/tls_client.c src/tls/tls_client.c *** /var/tmp/postfix-2.10-20120422/src/tls/tls_client.c Sun Apr 22 18:12:25 2012 --- src/tls/tls_client.c Wed Apr 25 08:46:54 2012 *************** *** 859,870 **** if (protomask != 0) SSL_set_options(TLScontext->con, ((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L) - #ifdef SSL_OP_NO_TLSv1_1 | ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L) - #endif - #ifdef SSL_OP_NO_TLSv1_2 | ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L) - #endif | ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L) | ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L)); --- 859,866 ---- diff -cr /var/tmp/postfix-2.10-20120422/src/tls/tls_server.c src/tls/tls_server.c *** /var/tmp/postfix-2.10-20120422/src/tls/tls_server.c Sun Apr 22 18:13:25 2012 --- src/tls/tls_server.c Wed Apr 25 08:47:01 2012 *************** *** 403,414 **** if (protomask != 0) SSL_CTX_set_options(server_ctx, ((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L) - #ifdef SSL_OP_NO_TLSv1_1 | ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L) - #endif - #ifdef SSL_OP_NO_TLSv1_2 | ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L) - #endif | ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L) | ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L)); --- 403,410 ----