| Age | Commit message (Collapse) | Author |
|---|
|
|
|
I got a cookie-cutter email from folks noting the modssl.org doc links
were broken and asking us to use their site instead, which was both
helpful and a rather heavy page with advertising on it, so not something
I want our docs to link to.
Fixed the modssl link to point to the correct current Apache docs, since
mod_ssl has not been a separate project for … a very long time.
Audited every `http:` link in the Spec, replacing with https if
available, updating URLs as needed, or trimming deadwood as appropriate.
This did edit one license text, but in a way which I believe is
reasonable and in the license holder's best interests.
* Use comments with a datestamp for any remaining http: URLs, showing
when they were last audited
* Suggest migrating away from Berkeley DB.
* Drop mention of a patched `pam_unix` module which is no longer available.
* In revamping the CDB tools links, add my own tools.
* Redo the intro text for the mod_ssl stuff (first person voice of PH).
* Rescorla's book's online examples appear to be gone; drop mention of
them and point to Ristić's more recent book too.
* Point to wikipedia list of DNSxL services as an overview, in part
because I dropped the reference to the defunct rfc-ignorant.org and
there was no good candidate as an exemplar for domain-based lists.
* Note that mksd is a candidate for removal from Exim since mks_vir
is dead.
* Drop LogReport/lire reference (dead/gone and can't find it).
* Redo proxy protocol spec-linking text.
* Replace FAQ A1701 with text saying "don't do that" (self-signed certs)
and just telling people to use a CA instead, pointing strongly to
Let's Encrypt. We did nobody any favors with that old text still
being present today (it was entirely appropriate when written).
|
|
|
|
|
|
arc4random_stir should not be used directly (it's fully automated after
FreeBSD r227520, or approximately __FreeBSD_version 1000002), the
interface will be removed from FreeBSD soon (bugs.freebsd.org/230756).
Patch was from bugs.freebsd.org/230826.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Before, it was just dropped, but we document that it's replaced by ?.
Tests updated, manual test-case for -be prompt is:
${utf8clean:${length_1:フィル}}
|
|
|
|
Bug 2296
|
|
|
|
Incorrect at introduction in 71c158466d.
|
|
|
|
Have `exim -n -bP macro FOO` just print the value of the macro `FOO`,
without the `name=` prefix.
This is the same handling as used for option values.
If the invoker asks for multiple macros in one invocation, with `-n`,
then that's their problem.
|
|
|
|
|
|
Broken-by: c4b57fddca
|
|
Missed from 611b1961b8.
|
|
|
|
|
|
|
|
While technically an implementation can choose to use a public TA from
DNS or elsewhere to populate a missing TA from the chain, that creates
interoperability issues and the OpenSSL integration code, at least,
doesn't support that and after a bit of work drilling through layers of
abstraction, I've not figured out what GnuTLS does and I've decided I
don't care.
So I'm heeding Viktor's advice and changing the docs to just say to
publish the TA in the chain sent by the server.
|
|
|
|
Very few domains are using SHA-1 in EE certs issued from a CA used in
DANE-TA anchoring, but some are. Meanwhile apparently GnuTLS now
defaults to disabling SHA-1 in chains. Which is eminently reasonable.
I do not believe that Exim should re-enable use of SHA-1 here. Let it
die. Document with warnings that folks using a private CA for certs to
be publicly trusted via DANE-TA should follow decent operational
issuance practices.
Also update my Channel Binding docs for GSASL to warn that Channel
Binding is Broken™.
|
|
|
|
|
|
Following discussions on the exim-user mailinglist it seems that the conclusion
that the interface was nonfunctioning was unwarranted.
|
|
|
|
|
|
This reverts commit c5f280e20a8e3ecd5f016b8fb34a436588915ed2.
|
|
This reverts commit 6c54be6459b83b955fbd2fd6d6a844f80c98427a.
|
|
sometimes seen."
This reverts commit e718bd6285cb0fb45b74b6fc00b7737590dcaa60.
|
|
This reverts commit 416a0be6df0697848ca551dd3243b652e763792d.
|
|
This reverts commit f6f239461fd62b3a4f3142b6b2a85f8f65eee486.
|
|
This reverts commit 5df838645bcdb135355205a115bf918c85987caf.
|
|
Broken-by: afdb5e9cf0
|
|
|
|
Broken from the original introduction (617d39327e)
|
|
Broken-by: 74f1a42304
|
