https://bugs.exim.org/show_bug.cgi?id=1691
Bug ID: 1691
Summary: GnuTLS version check for
tls_verify_certificates=system seems to be broken
Product: Exim
Version: 4.86+ HEAD
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: pdp@???
Reporter: eximusers@???
CC: exim-dev@???
Hello,
spec says:
----------------------
The "system" value for the option will use a
system default location compiled into the SSL library.
This is not available for GnuTLS versions preceding 3.0.20,
and will be taken as empty; an explicit location
must be specified.
----------------------
OTOH
src/src/tls-gnu.c contains:
#if GNUTLS_VERSION_NUMBER >= 0x030314
# define SUPPORT_SYSDEFAULT_CABUNDLE
#endif
GNUTLS_VERSION_NUMBER is a hex number, generated by
printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION
0x030314 is 3.3.20. Therefore exim disable the feature for all systems, except
for those running the latest GnuTLS development release 3.4.x. (Latest GnuTLS
3.3. is 3.3.18). If the check wanted to test for 3.0.20 it would need to test
for >= 0x030014.
cu Andreas
--
You are receiving this mail because:
You are on the CC list for the bug.
