Re: [exim] Future OpenSSL configuration: sketch 1

Top Page
Delete this message
Reply to this message
Author: Andrew C Aitchison
Date:  
To: exim-users
Subject: Re: [exim] Future OpenSSL configuration: sketch 1
On Sun, 8 Apr 2018, Phil Pennock via Exim-users wrote:

> Several years ago, I added the openssl_options config knob to Exim,
> which at least made things a bit better, but we're creaking now.
>
> This is a rough proposal, with not a single line of code written to
> support it, but I'm looking for considered informed feedback as to
> whether it makes sense to postmasters out there.



> ~~~~~~~~~~~~~~~~~~~~~~~~8< new config section >8~~~~~~~~~~~~~~~~~~~~~~~~
> # This section is ignored if built against GnuTLS
> #
> # Warning: no string expansion is performed here (but may be in future).
> # Macros are allowed.
>
> begin openssl


As I understand this, these sections have to be in a particular order,
so we need to declare where and in what order begin openssl, begin gnutls
(begin libressl ?) will go.
We could declare that only one is valid but, for people experimenting with
switching tls library, would it make sense to allow more than one since we
have declared that the openssl section will be ignored if the binary is
built with GnuTLS ?

-- 
Andrew C. Aitchison                    Cambridge, UK
             andrew@???