On 18/03/18 03:05, Phil Pennock wrote:
> On 2018-03-17 at 15:00 +0000, Jeremy Harris via Exim-dev wrote:
>>> Enabling DMARC without enabling
>>> SPF led to a build failure almost at the very end.
>>
>> Compile-time or link-time failure? Do you think we need
>> a specific check early in the build?
>
> I think it was compile-time, but am not 100% sure. I did also have a
> link-time failure, but that was my fault and led to my commit to
> openssl.txt: the EXPERIMENTAL_DMARC coming above the TLS config meant
> that using `LDFLAGS=` instead of `LDFLAGS+=` stomped on the DMARC
> library. Oops.
>
> Shame there's no `.pc` file for opendmarc.
>
> Oh: any preferences around OpenSSL 1.1.X for exim.org box? We currently
> "drink our own champagne" when it comes to advice around OpenSSL
> libraries and deprecation, with 1.0.2n in /opt/openssl/.
Anything "reasonably recent" on the main-use is fine.
Heading towards the bleeding edge is valuable for shaking out
problems, but does mean effort (probably for you).
> I'm tentatively thinking that we can wait for OpenSSL 1.1.1 to reach
> Beta status, then have /opt/openssl111/ for that, and have port-25 Exim
> use 1.0.2 and port-26 Exim use 1.1.1, just skipping 1.1.0 entirely.
That's fine by me. We'd want to move the main-use to 1.1.1 after
that went official, and after we'd had enough testing done on the
port-26.
In other news, I finally got DKIM Ed25519 working with 1.1.1 last night.
That code will be in RC2.
--
Cheers,
Jeremy