From 7832b9aa09dc312a137a1a56924d270085fad39e Mon Sep 17 00:00:00 2001
From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
Date: Wed, 12 Feb 2020 23:41:03 +0100
Subject: [PATCH] GnuTLS: Clarify the use of SSLKEYFILE

---
 src/src/tls-gnu.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 2e69c5936..826a3fdc5 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -2307,11 +2307,12 @@ if (TRUE)
   }
 else
   debug_printf("To get keying info for TLS1.3 is hard:\n"
-    " set environment variable SSLKEYLOGFILE to a filename writable by uid exim\n"
-    " add SSLKEYLOGFILE to keep_environment in the exim config\n"
-    " run exim as root\n"
-    " if using sudo, add SSLKEYLOGFILE to env_keep in /etc/sudoers\n"
-    " (works for TLS1.2 also, and saves cut-paste into file)"
+    " Set environment variable SSLKEYLOGFILE to a filename relative to the spool directory,\n"
+    " and make sure it is writable by the Exim runtime user.\n"
+    " Add SSLKEYLOGFILE to keep_environment in the exim config.\n"
+    " Start Exim as root.\n"
+    " If using sudo, add SSLKEYLOGFILE to env_keep in /etc/sudoers\n"
+    " (works for TLS1.2 also, and saves cut-paste into file).\n"
     " Trying to use add_environment for this will not work\n");
 #endif
 }
-- 
2.25.1