On 2004-02-26 Philip Hazel <ph10@???> wrote:
> I have just started to look at the patch to GnuTLS to add CRL
> functionality. It seems that it requires GnuTLS 1.0.x, which is now the
> stable release. This release has some incompatibilities with the
> previous 0.8.x stable releases.
[...]
Exim4 compiles fine with
- --------------
- --- exim/src/tls-gnu.c.orig Mon May 19 14:17:07 2003
+++ exim/src/tls-gnu.c Mon Feb 23 17:33:34 2004
@@ -204,7 +204,8 @@
if ((verify & GNUTLS_CERT_NOT_TRUSTED) != 0 ||
(verify & GNUTLS_CERT_INVALID) != 0 ||
- - (verify & GNUTLS_CERT_CORRUPTED) != 0 ||
+/* missing in gnutls10 and a noop anyway
+ (verify & GNUTLS_CERT_CORRUPTED) != 0 ||*/
(verify & GNUTLS_CERT_REVOKED) != 0)
[...]
- --------------
using the gnutls8-compatibility mode
(/usr/include/gnutls/compat8.h).
> Question: How many people are using 0.8.x and will be dismayed if the
> next release of Exim supports only GnuTLS 1.0.x?
> In other words, how much is my time worth trying to maintain
> compatibility? I *suspect* that there are only a few GnuTLS users at
> present, as GnuTLS is relatively new. I don't want to waste time (this
> is unexpected work as it is) for a GnuTLS release that is becoming
> obsolete.
We at Debian use GnuTLS, but because I have switched exim4 to use
GnuTLS 1.0.x three days ago on monday I don't care for 0.8.x
compatibilty. - Feel free to drop it.
I think most other vendors are using OpenSSL instead of GnuTLS anyway.
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
