Output newline after list of message IDs output by "-Mxxx" operations

[exim.git] / src / src / tls.c

diff --git a/src/src/tls.c b/src/src/tls.c
index 63d98c806689fe39029e3471527feb62e2bf0631..a541a3c7a3210546aae49bc79435adb0e0623864 100644 (file)
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -371,9 +371,14 @@ return FALSE;
 }
 
 
-/* Environment cleanup: The GnuTLS library spots SSLKEYLOGFILE in the envonment
-and writes a file by that name.  We might make the OpenSSL support do the same,
-in some future release.  Restrict that filename to be under the spool directory.
+/* Environment cleanup: The GnuTLS library uses SSLKEYLOGFILE in the environment
+and writes a file by that name.  Our OpenSSL code does the same, using keying
+info from the library API.
+The GnuTLS support only works if exim is run by root, not taking advantage of
+the setuid bit.
+You can use either the external environment (modulo the keep_environment config)
+or the add_environment config option for SSLKEYLOGFILE; the latter takes
+precedence.
 
 If the path is absolute, require it starts with the spooldir; otherwise delete
 the env variable.  If relative, prefix the spooldir.
@@ -394,7 +399,7 @@ if (path)
   else if (Ustrncmp(path, spool_directory, Ustrlen(spool_directory)) != 0)
     {
     DEBUG(D_tls)
-      debug_printf("removing env SSLKEYLOGFILE: not under spooldir\n");
+      debug_printf("removing env SSLKEYLOGFILE=%s: not under spooldir\n", path);
     unsetenv("SSLKEYLOGFILE");
     }
 }