X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Ftls.c;h=a541a3c7a3210546aae49bc79435adb0e0623864;hb=152481a026745132f8cd90fac166e6f4ecb6ea58;hp=63d98c806689fe39029e3471527feb62e2bf0631;hpb=6b5cbf740022f7f57a425d212499f156b1641d49;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/tls.c b/src/src/tls.c
index 63d98c806..a541a3c7a 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -371,9 +371,14 @@ return FALSE;
 }
 
 
-/* Environment cleanup: The GnuTLS library spots SSLKEYLOGFILE in the envonment
-and writes a file by that name.  We might make the OpenSSL support do the same,
-in some future release.  Restrict that filename to be under the spool directory.
+/* Environment cleanup: The GnuTLS library uses SSLKEYLOGFILE in the environment
+and writes a file by that name.  Our OpenSSL code does the same, using keying
+info from the library API.
+The GnuTLS support only works if exim is run by root, not taking advantage of
+the setuid bit.
+You can use either the external environment (modulo the keep_environment config)
+or the add_environment config option for SSLKEYLOGFILE; the latter takes
+precedence.
 
 If the path is absolute, require it starts with the spooldir; otherwise delete
 the env variable.  If relative, prefix the spooldir.
@@ -394,7 +399,7 @@ if (path)
   else if (Ustrncmp(path, spool_directory, Ustrlen(spool_directory)) != 0)
     {
     DEBUG(D_tls)
-      debug_printf("removing env SSLKEYLOGFILE: not under spooldir\n");
+      debug_printf("removing env SSLKEYLOGFILE=%s: not under spooldir\n", path);
     unsetenv("SSLKEYLOGFILE");
     }
 }