Gitweb:
https://git.exim.org/exim.git/commitdiff/9f707b896c28e71a6365bab01977f13b97219e64
Commit: 9f707b896c28e71a6365bab01977f13b97219e64
Parent: 4d2a62a38d8a28dab2ee026ebf5e02df01bf5c87
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Oct 6 16:35:26 2019 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sun Oct 6 16:57:31 2019 +0100
GnuTLS: pkcs11-init no longer needed for recent library versions
---
src/src/tls-gnu.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index f2e741f..deeb042 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -72,6 +72,7 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
#endif
#if GNUTLS_VERSION_NUMBER >= 0x030300
# define GNUTLS_AUTO_GLOBAL_INIT
+# define GNUTLS_AUTO_PKCS11_MANUAL
#endif
#if GNUTLS_VERSION_NUMBER >= 0x030500
# define SUPPORT_GNUTLS_KEYLOG
@@ -1500,7 +1501,7 @@ if (!exim_gnutls_base_init_done)
{
DEBUG(D_tls) debug_printf("GnuTLS global init required.\n");
-#ifdef HAVE_GNUTLS_PKCS11
+#if defined(HAVE_GNUTLS_PKCS11) && !defined(GNUTLS_AUTO_PKCS11_MANUAL)
/* By default, gnutls_global_init will init PKCS11 support in auto mode,
which loads modules from a config file, which sounds good and may be wanted
by some sysadmin, but also means in common configurations that GNOME keyring
@@ -3438,7 +3439,7 @@ if (exim_gnutls_base_init_done)
log_write(0, LOG_MAIN|LOG_PANIC,
"already initialised GnuTLS, Exim developer bug");
-#ifdef HAVE_GNUTLS_PKCS11
+#if defined(HAVE_GNUTLS_PKCS11) && !defined(GNUTLS_AUTO_PKCS11_MANUAL)
if (!gnutls_allow_auto_pkcs11)
{
rc = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
