From: Phil Pennock Date: Sat, 18 Feb 2012 16:20:18 +0000 (-0500) Subject: Merge branch 'sasl_fixes' X-Git-Tag: exim-4_80_RC1~80 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/f1e05cc79778c693a1a2bad478ced44791922cce Merge branch 'sasl_fixes' --- f1e05cc79778c693a1a2bad478ced44791922cce diff --cc doc/doc-txt/ChangeLog index 699da323c,0212a51ae..3f43ef83d --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@@ -15,19 -15,10 +15,23 @@@ NM/02 Bugzilla 1093 - eximstats DATA re NM/03 Bugzilla 1169 - primary_hostname spelling was incorrect in docs. -PP/02 New expansion variable $tls_bits; Cyrus SASL server connection +PP/02 Implemented gsasl authenticator. + +PP/03 Implemented heimdal_gssapi authenticator with "server_keytab" option. + +PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use + `pkg-config foo` for cflags/libs. + +PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent + with rest of GSASL and with heimdal_gssapi. + +PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use + `pkg-config foo` for cflags/libs for the TLS implementation. + ++PP/07 New expansion variable $tls_bits; Cyrus SASL server connection + properties get this fed in as external SSF. A number of robustness + and debugging improvements to the cyrus_sasl authenticator. + Exim version 4.77 ----------------- diff --cc doc/doc-txt/NewStuff index 487ce30b3,fdbb07488..057656c24 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@@ -7,28 -7,9 +7,30 @@@ test from the snapshots or the CVS befo the documentation is updated, this file is reduced to a short list. Version 4.78 +------------ + + 1. New authenticator driver, "gsasl". Server-only (at present). + This is a SASL interface, licensed under GPL, which can be found at + http://www.gnu.org/software/gsasl/. + This system does not provide sources of data for authentication, so + careful use needs to be made of the conditions in Exim. Note that + this can not yet be used as a drop-in replacement for Cyrus SASL, as + Exim is currently unable to construct strings with embedded NULs for + use as keys in lookups against sasldb2. + + 2. New authenticator driver, "heimdal_gssapi". Server-only. + A replacement for using cyrus_sasl with Heimdal, now that $KRB5_KTNAME + is no longer honoured for setuid programs by Heimdal. Use the + "server_keytab" option to point to the keytab. + + 3. The "pkg-config" system can now be used when building Exim to reference + cflags and library information for lookups and authenticators, rather + than having to update "CFLAGS", "AUTH_LIBS", "LOOKUP_INCLUDE" and + "LOOKUP_LIBS" directly. Similarly for handling the TLS library support + without adjusting "TLS_INCLUDE" and "TLS_LIBS". - 1. New expansion variable $tls_bits. ++ 4. New expansion variable $tls_bits. + Version 4.77 ------------ diff --cc src/src/tls-gnu.c index 2d1a327de,dc09d4720..2f952e47b --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@@ -854,10 -854,7 +854,11 @@@ construct_cipher_name(gnutls_session se { static uschar cipherbuf[256]; uschar *ver; - int bits, c, kx, mac, rc; + int c, kx, mac; +#ifdef GNUTLS_CB_TLS_UNIQUE ++int rc; +gnutls_datum_t channel; +#endif ver = string_copy( US gnutls_protocol_get_name(gnutls_protocol_get_version(session)));