Testcases for dane_require_tls_ciphers

[users/heiko/exim.git] / src / src / tls-gnu.c

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 0d20fea34ba3df75c876c4a940cbeb54e610dc21..d73188277be2b6171d419023b70f5b56e7814c0b 100644 (file)
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -2271,16 +2271,14 @@ BOOL request_ocsp = require_ocsp ? TRUE
 DEBUG(D_tls) debug_printf("initialising GnuTLS as a client on fd %d\n", fd);
 
 #ifdef SUPPORT_DANE
-if (ob->dane_require_tls_ciphers)
+if (tlsa_dnsa && ob->dane_require_tls_ciphers)
   {
   /* not using expand_check_tlsvar because not yet in state */
   if (!expand_check(ob->dane_require_tls_ciphers, US"dane_require_tls_ciphers",
       &cipher_list, errstr))
     return DEFER;
-  if (cipher_list && *cipher_list)
-    cipher_list = ob->dane_require_tls_ciphers;
-  else
-    cipher_list = ob->tls_require_ciphers;
+  cipher_list = cipher_list && *cipher_list
+    ? ob->dane_require_tls_ciphers : ob->tls_require_ciphers;
   }
 #endif