X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/9775396084feef071a7c565d6d9b42839ae6098e..f1e05cc79778c693a1a2bad478ced44791922cce:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 9b59f0578..9c39b4aa2 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1868,6 +1868,14 @@ SUPPORT_TLS=yes TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto TLS_INCLUDE=-I/usr/local/openssl/include/ .endd +.new +.cindex "pkg-config" "OpenSSL" +If you have &'pkg-config'& available, then instead you can just use: +.code +SUPPORT_TLS=yes +USE_OPENSSL_PC=openssl +.endd +.wen .cindex "USE_GNUTLS" If GnuTLS is installed, you should set .code @@ -1883,6 +1891,16 @@ USE_GNUTLS=yes TLS_LIBS=-L/usr/gnu/lib -lgnutls -ltasn1 -lgcrypt TLS_INCLUDE=-I/usr/gnu/include .endd +.new +.cindex "pkg-config" "GnuTLS" +If you have &'pkg-config'& available, then instead you can just use: +.code +SUPPORT_TLS=yes +USE_GNUTLS=yes +USE_GNUTLS_PC=gnutls +.endd +.wen + You do not need to set TLS_INCLUDE if the relevant directory is already specified in INCLUDE. Details of how to configure Exim to make use of TLS are given in chapter &<>&. @@ -2110,6 +2128,28 @@ files or libraries are required. When a lookup type is not included in the binary, attempts to configure Exim to use it cause run time configuration errors. +.new +.cindex "pkg-config" "lookups" +.cindex "pkg-config" "authenticators" +Many systems now use a tool called &'pkg-config'& to encapsulate information +about how to compile against a library; Exim has some initial support for +being able to use pkg-config for lookups and authenticators. For any given +makefile variable which starts &`LOOKUP_`& or &`AUTH_`&, you can add a new +variable with the &`_PC`& suffix in the name and assign as the value the +name of the package to be queried. The results of querying via the +&'pkg-config'& command will be added to the appropriate Makefile variables +with &`+=`& directives, so your version of &'make'& will need to support that +syntax. For instance: +.code +LOOKUP_SQLITE=yes +LOOKUP_SQLITE_PC=sqlite3 +AUTH_GSASL=yes +AUTH_GSASL_PC=libgsasl +AUTH_HEIMDAL_GSSAPI=yes +AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi +.endd +.wen + .cindex "Perl" "including support for" Exim can be linked with an embedded Perl interpreter, allowing Perl subroutines to be called during string expansion. To enable this facility, @@ -11784,6 +11824,16 @@ command in a filter file. Its use is explained in the description of that command, which can be found in the separate document entitled &'Exim's interfaces to mail filtering'&. +.new +.vitem &$tls_bits$& +.vindex "&$tls_bits$&" +Contains an approximation of the TLS cipher's bit-strength; the meaning of +this depends upon the TLS implementation used. +If TLS has not been negotiated, the value will be 0. +The value of this is automatically fed into the Cyrus SASL authenticator +when acting as a server, to specify the "external SSF" (a SASL term). +.wen + .vitem &$tls_certificate_verified$& .vindex "&$tls_certificate_verified$&" This variable is set to &"1"& if a TLS certificate was verified when the @@ -24449,8 +24499,8 @@ ANONYMOUS: only &$auth1$& is set, to the possibly empty &'anonymous token'&; the &%server_condition%& option must be present. .next .cindex "authentication" "GSSAPI" -GSSAPI: &$auth1$& will be set to the &'authorization id'&, -&$auth2$& will be set to the &'GSSAPI Display Name'&; +GSSAPI: &$auth1$& will be set to the &'GSSAPI Display Name'&; +&$auth2$& will be set to the &'authorization id'&, the &%server_condition%& option must be present. .endlist @@ -24483,9 +24533,6 @@ If set, then Heimdal will not use the system default keytab (typically &_/etc/krb5.keytab_&) but instead the pathname given in this option. The value should be a pathname, with no &"file:"& prefix. -.option server_realm heimdal_gssapi string&!! unset -Er, unused. XXXFIXMEXXX - .option server_service heimdal_gssapi string&!! "smtp" This option specifies the service identifier used, in conjunction with &%server_hostname%&, for building the identifer for finding credentials