[exim-dev] [Bug 1400] New: 4.82 breaks GnuTLS support on var…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 1400] 4.82 breaks GnuTLS support on various platforms
Subject: [exim-dev] [Bug 1400] New: 4.82 breaks GnuTLS support on various platforms
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1400
           Summary: 4.82 breaks GnuTLS support on various platforms
           Product: Exim
           Version: 4.82
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: bug
          Priority: critical
         Component: TLS
        AssignedTo: pdp@???
        ReportedBy: pdp@???
                CC: exim-dev@???



Per Wolfgang Breyha in bug 1397, GnuTLS is often not built with p11-kit
support, so the security fix we provide with the gnutls_enable_pkcs11 option
(4.82 PP/09) introduces a compatibility regression which should be fixed before
release.

A work around is, ironically, to set the option "gnutls_enable_pkcs11".
Because setting the option does not enable it, it _permits_ GnuTLS to init
PKCS11, instead of Exim forcibly disabling it.

So there are two issues:

* should the option be renamed, before the first release that includes it, to
something like "gnutls_allow_auto_pkcs11" ?

* the symbol simply isn't available sometimes, so this needs to become
conditional compilation; the sanest way to deal with this being a problem on
older OSes is to add an Exim Makefile option, AVOID_GNUTLS_PKCS11, then use
#ifndef that in the tls-gnu,c file.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email