diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 4 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 7 | ||||
| -rw-r--r-- | doc/doc-txt/NewStuff | 9 | ||||
| -rw-r--r-- | doc/doc-txt/OptionLists.txt | 2 |
4 files changed, 17 insertions, 5 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d839df80b..ec01e1669 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -13039,7 +13039,7 @@ listed in more than one group. .section "TLS" "SECID108" .table2 .row &%gnutls_compat_mode%& "use GnuTLS compatibility mode" -.row &%gnutls_enable_pkcs11%& "allow GnuTLS to autoload PKCS11 modules" +.row &%gnutls_allow_auto_pkcs11%& "allow GnuTLS to autoload PKCS11 modules" .row &%openssl_options%& "adjust OpenSSL compatibility options" .row &%tls_advertise_hosts%& "advertise TLS to these hosts" .row &%tls_certificate%& "location of server certificate" @@ -14077,7 +14077,7 @@ implementations of TLS. .new -option gnutls_enable_pkcs11 main boolean unset +option gnutls_allow_auto_pkcs11 main boolean unset This option will let GnuTLS (2.12.0 or later) autoload PKCS11 modules with the p11-kit configuration files in &_/etc/pkcs11/modules/_&. diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 1d848c9aa..928f377b1 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -60,7 +60,9 @@ NM/01 Bugzilla 1197 - Spec typo JH/03 Add expansion operators ${listnamed:name} and ${listcount:string} -PP/09 Add gnutls_enable_pkcs11 option. +PP/09 Add gnutls_allow_auto_pkcs11 option (was originally called + gnutls_enable_pkcs11, but renamed to more accurately indicate its + function. PP/10 Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC. Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler. @@ -259,6 +261,9 @@ TL/18 Had previously added a -CONTINUE option to runtest in the test suite. TL/19 Bugzilla 1402 - Test 533 fails if any part of the path to the test suite contains upper case chars. Make router use caseful_local_part. +TL/20 Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS + support when GnuTLS has been built with p11-kit. + Exim version 4.80.1 ------------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 7f54b8f6c..d308f0485 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -88,7 +88,7 @@ Version 4.82 8. New expansion operators ${listnamed:name} to get the content of a named list and ${listcount:string} to count the items in a list. - 9. New global option "gnutls_enable_pkcs11", defaults false. The GnuTLS + 9. New global option "gnutls_allow_auto_pkcs11", defaults false. The GnuTLS rewrite in 4.80 combines with GnuTLS 2.12.0 or later, to autoload PKCS11 modules. For some situations this is desirable, but we expect admin in those situations to know they want the feature. More commonly, it means @@ -97,6 +97,13 @@ Version 4.82 through, thus breakage. So we explicitly inhibit the PKCS11 initialisation unless this new option is set. + Some older OS's with earlier versions of GnuTLS might not have pkcs11 ability, + so have also added a build option which can be used to build Exim with GnuTLS + but without trying to use any kind of PKCS11 support. Uncomment this in the + Local/Makefile: + + AVOID_GNUTLS_PKCS11=yes + 10. The "acl = name" condition on an ACL now supports optional arguments. New expansion item "${acl {name}{arg}...}" and expansion condition "acl {{name}{arg}...}" are added. In all cases up to nine arguments diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index 8787d4888..9c909f2f8 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -248,8 +248,8 @@ from string* unset autoreply gecos_name string* unset main gecos_pattern string unset main gethostbyname boolean false smtp +gnutls_allow_auto_pkcs11 boolean false main 4.82 gnutls_compat_mode boolean unset main 4.70 -gnutls_enable_pkcs11 boolean false main 4.82 gnutls_require_kx string* unset main 4.67 deprecated, warns string* unset smtp 4.67 deprecated, warns gnutls_require_mac string* unset main 4.67 deprecated, warns |