From: Phil Pennock <pdp@exim.org>
Date: Wed, 16 May 2012 16:35:40 +0000 (-0400)
Subject: Merge branch 'experimental_ocsp'
X-Git-Tag: exim-4_80_RC1~18
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/53947857fdb3c00bb673f6d2ac326dc4ccf01c6e

Merge branch 'experimental_ocsp'
---

53947857fdb3c00bb673f6d2ac326dc4ccf01c6e
diff --cc doc/doc-txt/ChangeLog
index fdb0074ab,7c6ce246f..991f59f08
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@@ -91,22 -91,8 +91,24 @@@ PP/20 Revert part of NM/04, it broke lo
  
  PP/21 Defaulting "accept_8bitmime" to true, not false.
  
 -PP/22 Added EXPERIMENTAL_OCSP for OpenSSL.
 +PP/22 Added -bw for inetd wait mode support.
 +
 +PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to
 +      locate the relevant includes and libraries.  Made this the default.
 +
 +PP/24 Fixed headers_only on smtp transports (was not sending trailing dot).
 +      Bugzilla 1246, report and most of solution from Tomasz Kusy.
 +
 +JH/02 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m").
 +      This may cause build issues on older platforms.
 +
 +PP/25 Revamped GnuTLS support, passing tls_require_ciphers to
 +      gnutls_priority_init, ignoring Exim options gnutls_require_kx,
 +      gnutls_require_mac & gnutls_require_protocols (no longer supported).
 +      Added SNI support via GnuTLS too.
 +
++PP/26 Added EXPERIMENTAL_OCSP for OpenSSL.
+ 
  
  Exim version 4.77
  -----------------
diff --cc doc/doc-txt/NewStuff
index 57102958a,96839cde6..d41d79c83
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@@ -63,23 -62,14 +63,31 @@@ Version 4.7
      Those who disagree, or know that they are talking to mail servers that,
      even today, are not 8-bit clean, need to turn off this option.
  
 - 9. With OpenSSL, if built with EXPERIMENTAL_OCSP, a new option tls_ocsp_file
 + 9. Exim can now be started with -bw (with an optional timeout, given as
 +    -bw<timespec>).  With this, stdin at startup is a socket that is
 +    already listening for connections.  This has a more modern name of
 +    "socket activation", but forcing the activated socket to fd 0.  We're
 +    interested in adding more support for modern variants.
 +
 +10. ${eval } now uses 64-bit values on supporting platforms.  A new "G" suffux
 +    for numbers indicates multiplication by 1024^3.
 +
 +11. The GnuTLS support has been revamped; the three options gnutls_require_kx,
 +    gnutls_require_mac & gnutls_require_protocols are no longer supported.
 +    tls_require_ciphers is now parsed by gnutls_priority_init(3) as a priority
 +    string, documentation for which is at:
 +    http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html
 +
 +    SNI support has been added to Exim's GnuTLS integration too.
 +
++12. With OpenSSL, if built with EXPERIMENTAL_OCSP, a new option tls_ocsp_file
+     is now available.  If the contents of the file are valid, then Exim will
+     send that back in response to a TLS status request; this is OCSP Stapling.
+     Exim will not maintain the contents of the file in any way: administrators
+     are responsible for ensuring that it is up-to-date.
+ 
+     See "experimental-spec.txt" for more details.
+ 
  
  Version 4.77
  ------------