If using pkg-config to get the paths for various packages and the crypto
library headers are not in the system headers, then the hash work broke
the Exim build by requiring the CFLAGS manipulation for _all_ builds,
not just the TLS libraries.
Shows up on MacOS where there's a system OpenSSL but not system OpenSSL
headers (because only SecureTransport is supported) and using
brew-installed OpenSSL.
I've also coded the fix for GnuTLS on the same basis, but that's
untested.
Fixes bug 1906
PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
by me. Added RFC7919 DH primes as an alternative.
PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
by me. Added RFC7919 DH primes as an alternative.
+PP/02 Unbreak build via pkg-config with new hash support when crypto headers
+ are not in the system include path.
+
Exim version 4.87
-----------------
Exim version 4.87
-----------------
USE_*_PC)
eval "pc_value=\"\$$var\""
need_this=''
USE_*_PC)
eval "pc_value=\"\$$var\""
need_this=''
if [ ".$SUPPORT_TLS" = "." ]; then
# no TLS, not referencing
true
elif [ ".$var" = ".USE_GNUTLS_PC" ] && [ ".$USE_GNUTLS" != "." ]; then
need_this=t
if [ ".$SUPPORT_TLS" = "." ]; then
# no TLS, not referencing
true
elif [ ".$var" = ".USE_GNUTLS_PC" ] && [ ".$USE_GNUTLS" != "." ]; then
need_this=t
+ need_core="gnutls-special"
elif [ ".$var" = ".USE_OPENSSL_PC" ] && [ ".$USE_GNUTLS" = "." ]; then
need_this=t
elif [ ".$var" = ".USE_OPENSSL_PC" ] && [ ".$USE_GNUTLS" = "." ]; then
need_this=t
fi
if [ ".$need_this" != "." ]; then
tls_include=`pkg-config --cflags $pc_value`
fi
if [ ".$need_this" != "." ]; then
tls_include=`pkg-config --cflags $pc_value`
tls_libs=`pkg-config --libs $pc_value`
echo "TLS_INCLUDE=$tls_include"
echo "TLS_LIBS=$tls_libs"
tls_libs=`pkg-config --libs $pc_value`
echo "TLS_INCLUDE=$tls_include"
echo "TLS_LIBS=$tls_libs"
+ # With hash.h pulling crypto into the core, we need to also handle that
+ if [ ".$need_this" = ".t" ]; then
+ echo "CFLAGS += $tls_include"
+ echo "LDFLAGS += $tls_libs"
+ elif [ ".$need_this" = ".gnutls-special" ]; then
+ if pkg-config --atleast-version=2.10 gnutls ; then
+ echo "CFLAGS += $tls_include"
+ echo "LDFLAGS += $tls_libs"
+ else
+ echo "CFLAGS += $(libgcrypt-config --cflags)"
+ echo "LDFLAGS += $(libgcrypt-config --libs)"
+ fi
+ fi
# USE_GNUTLS_PC=gnutls
# TLS_LIBS=-lgnutls -ltasn1 -lgcrypt
# USE_GNUTLS_PC=gnutls
# TLS_LIBS=-lgnutls -ltasn1 -lgcrypt
+# If using GnuTLS older than 2.10 and using pkg-config then note that Exim's
+# build process will require libgcrypt-config to exist in your $PATH. A
+# version that old is likely to become unsupported by Exim in 2017.
+
# The security fix we provide with the gnutls_allow_auto_pkcs11 option
# (4.82 PP/09) introduces a compatibility regression. The symbol is
# not available if GnuTLS is build without p11-kit (--without-p11-kit
# The security fix we provide with the gnutls_allow_auto_pkcs11 option
# (4.82 PP/09) introduces a compatibility regression. The symbol is
# not available if GnuTLS is build without p11-kit (--without-p11-kit
+/* Please be aware that pulling in extra headers which are not in the system
+ * includes may require careful juggling of CFLAGS in
+ * scripts/Configure-Makefile -- that logic should be kept in sync with this.
+ * In particular, building with just something like USE_OPENSSL_PC=openssl
+ * and not massaging CFLAGS in Local/Makefile is fully supported.
+ */
+
#ifdef SUPPORT_TLS
# define EXIM_HAVE_SHA2
#ifdef SUPPORT_TLS
# define EXIM_HAVE_SHA2
git://git.exim.org / exim.git / commitdiff