TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
TLS_INCLUDE=-I/usr/local/openssl/include/
.endd
+.new
+.cindex "pkg-config" "OpenSSL"
+If you have &'pkg-config'& available, then instead you can just use:
+.code
+SUPPORT_TLS=yes
+USE_OPENSSL_PC=openssl
+.endd
+.wen
.cindex "USE_GNUTLS"
If GnuTLS is installed, you should set
.code
TLS_LIBS=-L/usr/gnu/lib -lgnutls -ltasn1 -lgcrypt
TLS_INCLUDE=-I/usr/gnu/include
.endd
+.new
+.cindex "pkg-config" "GnuTLS"
+If you have &'pkg-config'& available, then instead you can just use:
+.code
+SUPPORT_TLS=yes
+USE_GNUTLS=yes
+USE_GNUTLS_PC=gnutls
+.endd
+.wen
+
You do not need to set TLS_INCLUDE if the relevant directory is already
specified in INCLUDE. Details of how to configure Exim to make use of TLS are
given in chapter &<<CHAPTLS>>&.
errors.
.new
-.cindex "pkg-config" "specifying"
+.cindex "pkg-config" "lookups"
+.cindex "pkg-config" "authenticators"
Many systems now use a tool called &'pkg-config'& to encapsulate information
about how to compile against a library; Exim has some initial support for
being able to use pkg-config for lookups and authenticators. For any given
command, which can be found in the separate document entitled &'Exim's
interfaces to mail filtering'&.
+.new
+.vitem &$tls_bits$&
+.vindex "&$tls_bits$&"
+Contains an approximation of the TLS cipher's bit-strength; the meaning of
+this depends upon the TLS implementation used.
+If TLS has not been negotiated, the value will be 0.
+The value of this is automatically fed into the Cyrus SASL authenticator
+when acting as a server, to specify the "external SSF" (a SASL term).
+.wen
+
.vitem &$tls_certificate_verified$&
.vindex "&$tls_certificate_verified$&"
This variable is set to &"1"& if a TLS certificate was verified when the
server_set_id = $auth1
.endd
-.option server_realm cyrus_sasl string unset
+.new
+.option server_realm cyrus_sasl string&!! unset
This specifies the SASL realm that the server claims to be in.
+.wen
.option server_service cyrus_sasl string &`smtp`&
.next
.vindex "&$auth2$&"
&$auth2$&: the &'authorization id'&, sent within SASL encapsulation after
-authentication.
+authentication. If that was empty, this will also be set to the
+GSS Display Name.
.endlist
.wen