From a5f239e4959d4df6a4a341d8855e14d17399d671 Mon Sep 17 00:00:00 2001
From: Phil Pennock <pdp@exim.org>
Date: Sun, 24 Jun 2012 02:55:29 -0700
Subject: Add gnutls_enable_pkcs11 option.

GnuTLS 2.12.0 adds PKCS11 support using p11-kit and by default will
autoload modules, which interoperates badly with GNOME keyring
integration, configured via paths in environment variables, and Exim
invoked by the user (eg, mailq) will then try to load the modules, fail
and spew warnings from the module for a library loaded by a library.

http://www.gnu.org/software/gnutls/manual/gnutls.html#Smart-cards-and-HSMs
documents that to prevent this, explicitly init PKCS11 before calling
gnutls_global_init().  So we do so, unless the admin sets the new
option.

Reported by Andreas Metzler, who confirmed that the added calls fixed
the problem for him.
---
 doc/doc-txt/OptionLists.txt | 1 +
 1 file changed, 1 insertion(+)

(limited to 'doc/doc-txt/OptionLists.txt')

diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt
index 1c7881e76..05074bba7 100644
--- a/doc/doc-txt/OptionLists.txt
+++ b/doc/doc-txt/OptionLists.txt
@@ -243,6 +243,7 @@ gecos_name                           string*         unset         main
 gecos_pattern                        string          unset         main
 gethostbyname                        boolean         false         smtp
 gnutls_compat_mode                   boolean         unset         main              4.70
+gnutls_enable_pkcs11                 boolean         false         main              4.81
 gnutls_require_kx                    string*         unset         main              4.67 deprecated, warns
                                      string*         unset         smtp              4.67 deprecated, warns
 gnutls_require_mac                   string*         unset         main              4.67 deprecated, warns
-- 
cgit v1.2.3