Folks, I'm seeking help from Exim/GnuTLS users.
Two things:
(1) If you're experienced in programming to GnuTLS, the current
interface could really use some maintenance; we're using a
deprecated API and having to code much stuff we shouldn't. If
you're prepared to code fixes, we're prepared to accept them. :)
You get to drop support for old versions of GnuTLS as you deem fit,
but we do ask that you try _very_ hard to make sure that any
options exposed to the exim configuration file for administrators
to tune would remain valid.
(2) In order to support TLS 1.2 and TLS 1.1, I've done some minimal
tinkering to the existing setup. I've also pulled in a fix from
Andreas Metzler so that Exim builds against GnuTLS 3.
It compiles, it accepts options, with these changes "TLS1.1",
"TLS1.2" and "TLS1.0" are all valid items to appear in the
"gnutls_require_protocols" option. These changes need to be tested
properly.
If you're willing to test the GnuTLS changes, could you please check out
the git source on the "gnutls_fixes" branch:
git clone --branch gnutls_fixes git://git.exim.org/exim.git
and compile and provide feedback? Note that the git tree layout is
based one level higher than the layout we provide in the release
tarballs, so you'll need to cd into the top-level "src/" directory to
get back to a familiar environment.
(Yes, we have src/src/ as a path in the git repo. Lovely jubbly).
Thanks,
-Phil
