------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1400
Summary: 4.82 breaks GnuTLS support on various platforms
Product: Exim
Version: 4.82
Platform: Other
OS/Version: All
Status: NEW
Severity: bug
Priority: critical
Component: TLS
AssignedTo: pdp@???
ReportedBy: pdp@???
CC: exim-dev@???
Per Wolfgang Breyha in bug 1397, GnuTLS is often not built with p11-kit
support, so the security fix we provide with the gnutls_enable_pkcs11 option
(4.82 PP/09) introduces a compatibility regression which should be fixed before
release.
A work around is, ironically, to set the option "gnutls_enable_pkcs11".
Because setting the option does not enable it, it _permits_ GnuTLS to init
PKCS11, instead of Exim forcibly disabling it.
So there are two issues:
* should the option be renamed, before the first release that includes it, to
something like "gnutls_allow_auto_pkcs11" ?
* the symbol simply isn't available sometimes, so this needs to become
conditional compilation; the sanest way to deal with this being a problem on
older OSes is to add an Exim Makefile option, AVOID_GNUTLS_PKCS11, then use
#ifndef that in the tls-gnu,c file.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
