From: Heiko Schlittermann (HS12) Date: Sun, 10 May 2015 20:48:28 +0000 (+0200) Subject: Override DISABLE_DNSSEC when EXPERIMENTAL_DANE is in use X-Git-Tag: exim-4_86_RC1~40 X-Git-Url: https://git.exim.org/users/heiko/exim.git/commitdiff_plain/afe12dd0d6fae1da98dabdab607f5dab22b14345?ds=sidebyside Override DISABLE_DNSSEC when EXPERIMENTAL_DANE is in use --- diff --git a/src/src/EDITME b/src/src/EDITME index 866987c25..9b649c6cf 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -426,6 +426,7 @@ EXIM_MONITOR=eximon.bin # By default, Exim has support for checking the AD bit in a DNS response, to # determine if DNSSEC validation was successful. If your system libraries # do not support that bit, then set DISABLE_DNSSEC to "yes" +# Note: Enabling EXPERIMENTAL_DANE unconditionally overrides this setting. # DISABLE_DNSSEC=yes @@ -492,6 +493,7 @@ EXIM_MONITOR=eximon.bin # EXPERIMENTAL_CERTNAMES=yes # Uncomment the following line to add DANE support +# Note: Enabling this unconditionally overrides DISABLE_DNSSEC # EXPERIMENTAL_DANE=yes # Uncomment the following line to add SOCKS support diff --git a/src/src/exim.h b/src/src/exim.h index 48cf8c146..75d14660f 100644 --- a/src/src/exim.h +++ b/src/src/exim.h @@ -591,4 +591,9 @@ default to EDQUOT if it exists, otherwise ENOSPC. */ #endif #endif +/* DANE w/o DNSSEC is useless */ +#if defined(EXPERIMENTAL_DANE) && defined(DISABLE_DNSSEC) + #undef DISABLE_DNSSEC +#endif + /* End of exim.h */