Support optional server certificate name checking. Bug 1479

[exim.git] / src / src / EDITME

diff --git a/src/src/EDITME b/src/src/EDITME
index c6edf9095c8ecca4c365de2a5196fa78222cfaae..83ca43cd1ab2d3407e25a69bcbf8e7cacc17eb47 100644 (file)
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -347,7 +347,7 @@ LOOKUP_DNSDB=yes
 # to find the include files and libraries, else use PCRE_LIBS and set INCLUDE
 # too if needed.
 
-# PCRE_CONFIG=yes
+PCRE_CONFIG=yes
 # PCRE_LIBS=-lpcre
 
 
@@ -410,6 +410,18 @@ EXIM_MONITOR=eximon.bin
 
 # DISABLE_DKIM=yes
 
+#------------------------------------------------------------------------------
+# Uncomment the following line to remove Per-Recipient-Data-Response support.
+
+# DISABLE_PRDR=yes
+
+#------------------------------------------------------------------------------
+# By default, Exim has support for checking the AD bit in a DNS response, to
+# determine if DNSSEC validation was successful.  If your system libraries
+# do not support that bit, then set DISABLE_DNSSEC to "yes"
+
+# DISABLE_DNSSEC=yes
+
 
 #------------------------------------------------------------------------------
 # Compiling Exim with experimental features. These are documented in
@@ -448,10 +460,34 @@ EXIM_MONITOR=eximon.bin
 # LDFLAGS += -lxml2_single -lbmiclient_single -L/opt/brightmail/bsdk-6.0/lib
 
 # Uncomment the following line to add OCSP stapling support in TLS, if Exim
-# was built using OpenSSL.
+# was built using OpenSSL, or with GnuTLS 3.1.3 or later.
 
 # EXPERIMENTAL_OCSP=yes
 
+# Uncomment the following line to add DMARC checking capability, implemented
+# using libopendmarc libraries.
+# EXPERIMENTAL_DMARC=yes
+# CFLAGS += -I/usr/local/include
+# LDFLAGS += -lopendmarc
+
+
+# Uncomment the following line to support Transport post-delivery actions,
+# eg. for logging to a database.
+# EXPERIMENTAL_TPDA=yes
+
+# Uncomment the following line to add Redis lookup support
+# You need to have hiredis installed on your system (https://github.com/redis/hiredis).
+# Depending on where it is installed you may have to edit the CFLAGS and LDFLAGS lines.
+# EXPERIMENTAL_REDIS=yes
+# CFLAGS += -I/usr/local/include
+# LDFLAGS += -lhiredis
+
+# Uncomment the following line to enable Experimental Proxy Protocol
+# EXPERIMENTAL_PROXY=yes
+
+# Uncomment the following line to enable support for checking certiticate
+# ownership
+# EXPERIMENTAL_CERTNAMES=yes
 
 
 ###############################################################################
@@ -701,6 +737,13 @@ HEADERS_CHARSET="ISO-8859-1"
 # USE_GNUTLS_PC=gnutls
 # TLS_LIBS=-lgnutls -ltasn1 -lgcrypt
 
+# The security fix we provide with the gnutls_allow_auto_pkcs11 option
+# (4.82 PP/09) introduces a compatibility regression.  The symbol is
+# not available if GnuTLS is build without p11-kit (--without-p11-kit
+# configure option).  In this case use AVOID_GNUTLS_PKCS11=yes when
+# building Exim.
+# AVOID_GNUTLS_PKCS11=yes
+
 # If you are running Exim as a server, note that just building it with TLS
 # support is not all you need to do. You also need to set up a suitable
 # certificate, and tell Exim about it by means of the tls_certificate