From afe12dd0d6fae1da98dabdab607f5dab22b14345 Mon Sep 17 00:00:00 2001
From: "Heiko Schlittermann (HS12)" <hs@schlittermann.de>
Date: Sun, 10 May 2015 22:48:28 +0200
Subject: [PATCH] Override DISABLE_DNSSEC when EXPERIMENTAL_DANE is in use

---
 src/src/EDITME | 2 ++
 src/src/exim.h | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/src/src/EDITME b/src/src/EDITME
index 866987c25..9b649c6cf 100644
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -426,6 +426,7 @@ EXIM_MONITOR=eximon.bin
 # By default, Exim has support for checking the AD bit in a DNS response, to
 # determine if DNSSEC validation was successful.  If your system libraries
 # do not support that bit, then set DISABLE_DNSSEC to "yes"
+# Note: Enabling EXPERIMENTAL_DANE unconditionally overrides this setting.
 
 # DISABLE_DNSSEC=yes
 
@@ -492,6 +493,7 @@ EXIM_MONITOR=eximon.bin
 # EXPERIMENTAL_CERTNAMES=yes
 
 # Uncomment the following line to add DANE support
+# Note: Enabling this unconditionally overrides DISABLE_DNSSEC
 # EXPERIMENTAL_DANE=yes
 
 # Uncomment the following line to add SOCKS support
diff --git a/src/src/exim.h b/src/src/exim.h
index 48cf8c146..75d14660f 100644
--- a/src/src/exim.h
+++ b/src/src/exim.h
@@ -591,4 +591,9 @@ default to EDQUOT if it exists, otherwise ENOSPC. */
   #endif
 #endif
 
+/* DANE w/o DNSSEC is useless */
+#if defined(EXPERIMENTAL_DANE) && defined(DISABLE_DNSSEC)
+  #undef DISABLE_DNSSEC
+#endif
+
 /* End of exim.h */
-- 
2.30.2