X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/e682570f275e60cf75f013c234a0561a451ab559..d85cdeb5e554b59bf4c43c54461409c15c6ee9c5:/src/src/dane.c diff --git a/src/src/dane.c b/src/src/dane.c index 54fd00cee..5ba61961a 100644 --- a/src/src/dane.c +++ b/src/src/dane.c @@ -2,15 +2,14 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2012 */ +/* Copyright (c) University of Cambridge 1995 - 2012, 2014 */ /* See the file NOTICE for conditions of use and distribution. */ -/* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is -based on a patch that was originally contributed by Steve Haslam. It was -adapted from stunnel, a GPL program by Michal Trojnara. The code for GNU TLS is -based on a patch contributed by Nikos Mavroyanopoulos. Because these packages -are so very different, the functions for each are kept in separate files. The -relevant file is #included as required, after any any common functions. +/* This module provides DANE (RFC6659) support for Exim. See also +the draft RFC for DANE-over-SMTP, "SMTP security via opportunistic DANE TLS" +(V. Dukhovni, W. Hardaker) - version 10, dated May 25, 2014. + +The code for DANE support with Openssl was provided by V.Dukhovni. No cryptographic code is included in Exim. All this module does is to call functions from the OpenSSL or GNU TLS libraries. */ @@ -25,22 +24,25 @@ reference itself to stop picky compilers complaining that it is unused, and put in a dummy argument to stop even pickier compilers complaining about infinite loops. */ -#ifndef EXPERIMENTAL_DANE +#ifndef SUPPORT_DANE static void dummy(int x) { dummy(x-1); } #else /* Enabling DANE without enabling TLS cannot work. Abort the compilation. */ -#ifndef SUPPORT_TLS -#error DANE support requires that TLS support must be enabled. Abort build. -#endif +# ifdef DISABLE_TLS +# error DANE support requires that TLS support must be enabled. Abort build. +# endif -#ifdef USE_GNUTLS -#include "dane-gnu.c" -#else -#include "dane-openssl.c" -#endif +/* DNSSEC support is also required */ +# ifndef RES_USE_DNSSEC +# error DANE support requires that the DNS resolver library supports DNSSEC +# endif + +# ifdef USE_OPENSSL +# include "dane-openssl.c" +# endif -#endif /* EXPERIMENTAL_DANE */ +#endif /* SUPPORT_DANE */ /* End of dane.c */