#------------------------------------------------------------------------------
# Comment out the following line to remove DANE support
# Note: Enabling this unconditionally overrides DISABLE_DNSSEC
-# For DANE under GnuTLS we need an additional library. See TLS_LIBS below.
+# forces you to have SUPPORT_TLS enabled (the default). For DANE under
+# GnuTLS we need an additional library. See TLS_LIBS or USE_GNUTLS_PC
+# below.
SUPPORT_DANE=yes
#------------------------------------------------------------------------------
# Exim can be built to support the SMTP STARTTLS command, which implements
# Transport Layer Security using SSL (Secure Sockets Layer). To do this, you
# must install the OpenSSL library package or the GnuTLS library. Exim contains
-# no cryptographic code of its own. Uncomment the following lines if you want
-# to build Exim with TLS support. If you don't know what this is all about,
-# leave these settings commented out.
+# no cryptographic code of its own.
+#
+# If you are running Exim as a (TLS) server, just building it with TLS support
+# is all you need to do, as tls_advertise_hosts is set to '*' by
+# default. But you are advised to create a suiteable certificate, and tell
+# Exim about it by means of the tls_certificate and tls_privatekey run
+# time options, otherwise Exim will create a self signed certificate on
+# the fly. If you are running Exim only as a (TLS) client, building it with
+# TLS support is all you need to do.
+#
+# If you are using pkg-config then you should not need to worry where
+# the libraries and headers are installed, as the pkg-config .pc
+# specification should include all -L/-I information necessary.
+# Enabling the USE_*_PC options should be sufficient. If not using
+# pkg-config, then you have to specify the libraries, and you mmight
+# need to specify the locations too.
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
-# SUPPORT_TLS=yes
+SUPPORT_TLS=yes
# Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
+# and an optional location.
# USE_OPENSSL_PC=openssl
# TLS_LIBS=-lssl -lcrypto
+# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
-# Uncomment the first and either the second or the third of these if you
-# are using GnuTLS. If you have pkg-config, then the second, else the third.
-# If you disabled SUPPORT_DANE support above, you do not need the gnutls-dane
-# libraries here.
+# Uncomment one of these settings if you are using GnuTLS; pkg-config vs not
+# and an optional location. If you disabled SUPPORT_DANE above, you
+# can remove the gnutls-dane references here.
# USE_GNUTLS=yes
# USE_GNUTLS_PC=gnutls gnutls-dane
# TLS_LIBS=-lgnutls -ltasn1 -lgcrypt -lgnutls-dane
+# TLS_LIBS=-L/usr/local/gnu/lib -lgnutls -ltasn1 -lgcrypt -lgnutls-dane
# If using GnuTLS older than 2.10 and using pkg-config then note that Exim's
# build process will require libgcrypt-config to exist in your $PATH. A
# building Exim.
# AVOID_GNUTLS_PKCS11=yes
-# If you are running Exim as a server, note that just building it with TLS
-# support is not all you need to do. You also need to set up a suitable
-# certificate, and tell Exim about it by means of the tls_certificate
-# and tls_privatekey run time options. You also need to set tls_advertise_hosts
-# to specify the hosts to which Exim advertises TLS support. On the other hand,
-# if you are running Exim only as a client, building it with TLS support
-# is all you need to do.
-
-# If you are using pkg-config then you should not need to worry where the
-# libraries and headers are installed, as the pkg-config .pc specification
-# should include all -L/-I information necessary. If not using pkg-config
-# then you might need to specify the locations too.
-
-# Additional libraries and include files are required for both OpenSSL and
-# GnuTLS. The TLS_LIBS settings above assume that the libraries are installed
-# with all your other libraries. If they are in a special directory, you may
-# need something like
-
-# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
-
-# or
-
-# TLS_LIBS=-L/opt/gnu/lib -lgnutls -ltasn1 -lgcrypt -lgnutls-dane
-# If not using DANE under GnuTLS we can lose one library
-# TLS_LIBS=-L/opt/gnu/lib -lgnutls -ltasn1 -lgcrypt
-
-# TLS_LIBS is included only on the command for linking Exim itself, not on any
-# auxiliary programs. If the include files are not in a standard place, you can
-# set TLS_INCLUDE to specify where they are, for example:
+# If the include files for your TLS libraries are not in a standard
+# place and you didn't use the pkg-config route, you you can set
+# TLS_INCLUDE to specify where they are, for example:
# TLS_INCLUDE=-I/usr/local/openssl/include/
# or