From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 6 Oct 2019 15:35:26 +0000 (+0100)
Subject: GnuTLS: pkcs11-init no longer needed for recent library versions
X-Git-Tag: exim-4.93-RC0~21
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/9f707b896c28e71a6365bab01977f13b97219e64

GnuTLS: pkcs11-init no longer needed for recent library versions
---

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index f2e741f3c..deeb04253 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -72,6 +72,7 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
 #endif
 #if GNUTLS_VERSION_NUMBER >= 0x030300
 # define GNUTLS_AUTO_GLOBAL_INIT
+# define GNUTLS_AUTO_PKCS11_MANUAL
 #endif
 #if GNUTLS_VERSION_NUMBER >= 0x030500
 # define SUPPORT_GNUTLS_KEYLOG
@@ -1500,7 +1501,7 @@ if (!exim_gnutls_base_init_done)
   {
   DEBUG(D_tls) debug_printf("GnuTLS global init required.\n");
 
-#ifdef HAVE_GNUTLS_PKCS11
+#if defined(HAVE_GNUTLS_PKCS11) && !defined(GNUTLS_AUTO_PKCS11_MANUAL)
   /* By default, gnutls_global_init will init PKCS11 support in auto mode,
   which loads modules from a config file, which sounds good and may be wanted
   by some sysadmin, but also means in common configurations that GNOME keyring
@@ -3438,7 +3439,7 @@ if (exim_gnutls_base_init_done)
   log_write(0, LOG_MAIN|LOG_PANIC,
       "already initialised GnuTLS, Exim developer bug");
 
-#ifdef HAVE_GNUTLS_PKCS11
+#if defined(HAVE_GNUTLS_PKCS11) && !defined(GNUTLS_AUTO_PKCS11_MANUAL)
 if (!gnutls_allow_auto_pkcs11)
   {
   rc = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);