diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/scripts/Configure-Makefile | 16 | ||||
| -rw-r--r-- | src/src/EDITME | 4 | ||||
| -rw-r--r-- | src/src/sha_ver.h | 7 |
3 files changed, 27 insertions, 0 deletions
diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile index 4aa7d76cd..3e486a6bb 100755 --- a/src/scripts/Configure-Makefile +++ b/src/scripts/Configure-Makefile @@ -136,13 +136,16 @@ then USE_*_PC) eval "pc_value=\"\$$var\"" need_this='' + need_core='' if [ ".$SUPPORT_TLS" = "." ]; then # no TLS, not referencing true elif [ ".$var" = ".USE_GNUTLS_PC" ] && [ ".$USE_GNUTLS" != "." ]; then need_this=t + need_core="gnutls-special" elif [ ".$var" = ".USE_OPENSSL_PC" ] && [ ".$USE_GNUTLS" = "." ]; then need_this=t + need_core=t fi if [ ".$need_this" != "." ]; then tls_include=`pkg-config --cflags $pc_value` @@ -153,6 +156,19 @@ then tls_libs=`pkg-config --libs $pc_value` echo "TLS_INCLUDE=$tls_include" echo "TLS_LIBS=$tls_libs" + # With hash.h pulling crypto into the core, we need to also handle that + if [ ".$need_this" = ".t" ]; then + echo "CFLAGS += $tls_include" + echo "LDFLAGS += $tls_libs" + elif [ ".$need_this" = ".gnutls-special" ]; then + if pkg-config --atleast-version=2.10 gnutls ; then + echo "CFLAGS += $tls_include" + echo "LDFLAGS += $tls_libs" + else + echo "CFLAGS += $(libgcrypt-config --cflags)" + echo "LDFLAGS += $(libgcrypt-config --libs)" + fi + fi fi ;; diff --git a/src/src/EDITME b/src/src/EDITME index e2d8cf921..69293467e 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -746,6 +746,10 @@ HEADERS_CHARSET="ISO-8859-1" # USE_GNUTLS_PC=gnutls # TLS_LIBS=-lgnutls -ltasn1 -lgcrypt +# If using GnuTLS older than 2.10 and using pkg-config then note that Exim's +# build process will require libgcrypt-config to exist in your $PATH. A +# version that old is likely to become unsupported by Exim in 2017. + # The security fix we provide with the gnutls_allow_auto_pkcs11 option # (4.82 PP/09) introduces a compatibility regression. The symbol is # not available if GnuTLS is build without p11-kit (--without-p11-kit diff --git a/src/src/sha_ver.h b/src/src/sha_ver.h index fd1a4d083..387ac52c1 100644 --- a/src/src/sha_ver.h +++ b/src/src/sha_ver.h @@ -9,6 +9,13 @@ #include "exim.h" +/* Please be aware that pulling in extra headers which are not in the system + * includes may require careful juggling of CFLAGS in + * scripts/Configure-Makefile -- that logic should be kept in sync with this. + * In particular, building with just something like USE_OPENSSL_PC=openssl + * and not massaging CFLAGS in Local/Makefile is fully supported. + */ + #ifdef SUPPORT_TLS # define EXIM_HAVE_SHA2 |