From fea4bca6d58bf154207c7670236eab751e22f766 Mon Sep 17 00:00:00 2001 From: "Heiko Schlittermann (HS12-RIPE)" Date: Thu, 23 May 2019 00:16:19 +0200 Subject: [PATCH] Build: Enable SUPPORT_TLS by default --- doc/doc-txt/NewStuff | 2 ++ src/src/EDITME | 67 +++++++++++++++++++------------------------- 2 files changed, 31 insertions(+), 38 deletions(-) diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index b0ae9c132..c437b38fd 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -28,6 +28,8 @@ Version 4.93 8. Expansion operator ${sha2_N:} for N=256, 384, 512. + 9. Build options SUPPORT_DANE and SUPPORT_TLS default to yes + Version 4.92 -------------- diff --git a/src/src/EDITME b/src/src/EDITME index a37037265..58756e1bd 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -369,7 +369,9 @@ PCRE_CONFIG=yes #------------------------------------------------------------------------------ # Comment out the following line to remove DANE support # Note: Enabling this unconditionally overrides DISABLE_DNSSEC -# For DANE under GnuTLS we need an additional library. See TLS_LIBS below. +# forces you to have SUPPORT_TLS enabled (the default). For DANE under +# GnuTLS we need an additional library. See TLS_LIBS or USE_GNUTLS_PC +# below. SUPPORT_DANE=yes #------------------------------------------------------------------------------ @@ -759,24 +761,39 @@ HEADERS_CHARSET="ISO-8859-1" # Exim can be built to support the SMTP STARTTLS command, which implements # Transport Layer Security using SSL (Secure Sockets Layer). To do this, you # must install the OpenSSL library package or the GnuTLS library. Exim contains -# no cryptographic code of its own. Uncomment the following lines if you want -# to build Exim with TLS support. If you don't know what this is all about, -# leave these settings commented out. +# no cryptographic code of its own. +# +# If you are running Exim as a (TLS) server, just building it with TLS support +# is all you need to do, as tls_advertise_hosts is set to '*' by +# default. But you are advised to create a suiteable certificate, and tell +# Exim about it by means of the tls_certificate and tls_privatekey run +# time options, otherwise Exim will create a self signed certificate on +# the fly. If you are running Exim only as a (TLS) client, building it with +# TLS support is all you need to do. +# +# If you are using pkg-config then you should not need to worry where +# the libraries and headers are installed, as the pkg-config .pc +# specification should include all -L/-I information necessary. +# Enabling the USE_*_PC options should be sufficient. If not using +# pkg-config, then you have to specify the libraries, and you mmight +# need to specify the locations too. # This setting is required for any TLS support (either OpenSSL or GnuTLS) -# SUPPORT_TLS=yes +SUPPORT_TLS=yes # Uncomment one of these settings if you are using OpenSSL; pkg-config vs not +# and an optional location. # USE_OPENSSL_PC=openssl # TLS_LIBS=-lssl -lcrypto +# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto -# Uncomment the first and either the second or the third of these if you -# are using GnuTLS. If you have pkg-config, then the second, else the third. -# If you disabled SUPPORT_DANE support above, you do not need the gnutls-dane -# libraries here. +# Uncomment one of these settings if you are using GnuTLS; pkg-config vs not +# and an optional location. If you disabled SUPPORT_DANE above, you +# can remove the gnutls-dane references here. # USE_GNUTLS=yes # USE_GNUTLS_PC=gnutls gnutls-dane # TLS_LIBS=-lgnutls -ltasn1 -lgcrypt -lgnutls-dane +# TLS_LIBS=-L/usr/local/gnu/lib -lgnutls -ltasn1 -lgcrypt -lgnutls-dane # If using GnuTLS older than 2.10 and using pkg-config then note that Exim's # build process will require libgcrypt-config to exist in your $PATH. A @@ -789,35 +806,9 @@ HEADERS_CHARSET="ISO-8859-1" # building Exim. # AVOID_GNUTLS_PKCS11=yes -# If you are running Exim as a server, note that just building it with TLS -# support is not all you need to do. You also need to set up a suitable -# certificate, and tell Exim about it by means of the tls_certificate -# and tls_privatekey run time options. You also need to set tls_advertise_hosts -# to specify the hosts to which Exim advertises TLS support. On the other hand, -# if you are running Exim only as a client, building it with TLS support -# is all you need to do. - -# If you are using pkg-config then you should not need to worry where the -# libraries and headers are installed, as the pkg-config .pc specification -# should include all -L/-I information necessary. If not using pkg-config -# then you might need to specify the locations too. - -# Additional libraries and include files are required for both OpenSSL and -# GnuTLS. The TLS_LIBS settings above assume that the libraries are installed -# with all your other libraries. If they are in a special directory, you may -# need something like - -# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto - -# or - -# TLS_LIBS=-L/opt/gnu/lib -lgnutls -ltasn1 -lgcrypt -lgnutls-dane -# If not using DANE under GnuTLS we can lose one library -# TLS_LIBS=-L/opt/gnu/lib -lgnutls -ltasn1 -lgcrypt - -# TLS_LIBS is included only on the command for linking Exim itself, not on any -# auxiliary programs. If the include files are not in a standard place, you can -# set TLS_INCLUDE to specify where they are, for example: +# If the include files for your TLS libraries are not in a standard +# place and you didn't use the pkg-config route, you you can set +# TLS_INCLUDE to specify where they are, for example: # TLS_INCLUDE=-I/usr/local/openssl/include/ # or -- 2.30.2