Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-06-01 | tls_dh_min_bits smtp transport option | Phil Pennock | |
Could not find an API for use with OpenSSL, so GnuTLS only | |||
2012-06-01 | Make -n combine with -bP to inhibit names | Phil Pennock | |
2012-06-01 | Add -bI:help and -bI:sieve | Phil Pennock | |
2012-05-31 | Doc: drop .new/.wen, update previousversion. | Phil Pennock | |
Also, drop fix one place which claimed TLS SNI support was OpenSSL only. | |||
2012-05-30 | Revert "Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512."exim-4_80 | Phil Pennock | |
This reverts commit 83f4c7515f3eb06dc070e78edd2694c1d088e5fd. This was not a new check! The call to gnutls_dh_set_prime_bits() was made with DH_BITS in Exim 4.77, so the only difference is that now an administrator can choose at compile time to change the lower bound. So keeping this at 1024 is not a regression and if we can't talk to them now, we couldn't before, and we shouldn't lower security by default. The reverted commit was only acceptable IF it was still better than what we had in Exim 4.77. | |||
2012-05-30 | Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512. | Phil Pennock | |
Wolfgang Breyha saw a real-world site using 768 bits. | |||
2012-05-28 | Merge openssl_disable_ssl2 branchexim-4_80_RC7 | Phil Pennock | |
2012-05-27 | typo fix: "overriden" -> "overridden" from Andreas Metzler | Phil Pennock | |
2012-05-27 | release: don't try to sign .tar.lz files | Phil Pennock | |
2012-05-27 | Test: update for new tls_dhparam (suite used on Scientific Linux 6 test host). | Jeremy Harris | |
2012-05-27 | Doc: fix glitchexim-4_80_RC6 | Phil Pennock | |
2012-05-27 | Test: update for new tls_dhparam | Phil Pennock | |
2012-05-27 | Doc: SECTgnutlsparam referencing tls_dhparam | Phil Pennock | |
2012-05-27 | For DH, use standard primes from RFCs | Phil Pennock | |
2012-05-27 | ">" -> ">=" for EXIM_CLIENT_DH_MIN_BITS+10 | Phil Pennock | |
2012-05-27 | Deal with GnuTLS DH generation overshoot | Phil Pennock | |
2012-05-26 | FAQ for GnuTLS | Phil Pennock | |
2012-05-26 | teach sprint_vformat() size_t z modifier (jgh) | Phil Pennock | |
Jeremy wrote this, mostly; I just fixed up a comment and pedantically numbered the enum values | |||
2012-05-26 | fix size param for gnutls_dh_params_export_pkcs3() again | Phil Pennock | |
2012-05-25 | Ignore vim swap files and test/* temporary files/dirs | Todd Lyons | |
2012-05-25 | release: no .lz by default for now | Phil Pennock | |
2012-05-25 | Doc: Provide context for bare numbers from CHAP/SECT. | Phil Pennock | |
2012-05-25 | Cyrus SASL auth: SSF retrieval was incorrect. | Phil Pennock | |
Exim thought protection layer was required, which is not implemented. Patch from Wolfgang Breyha. Fixes bug 1254 | |||
2012-05-25 | It's 2012, not 1012. Noted by Jay Rouman | Phil Pennock | |
2012-05-24 | Added some more .gitignore entries | Nigel Metheringham | |
Ignore more build side effects | |||
2012-05-24 | Moved pdkim declaration to satisfy older compilers | Nigel Metheringham | |
As suggested by Dennis Davis to fix an error with gcc 2.95.2 which threw the following error:- gcc pdkim.c pdkim.c: In function `pdkim_feed_finish': pdkim.c:1389: parse error before `*' pdkim.c:1390: `hdrs' undeclared (first use in this function) pdkim.c:1390: (Each undeclared identifier is reported only once pdkim.c:1390: for each function it appears in.) gmake[2]: *** [pdkim.o] Error 1 See https://lists.exim.org/lurker/message/20120524.094800.89928246.en.html | |||
2012-05-24 | ReleaseTools: support .lz lzip archives | Phil Pennock | |
2012-05-23 | _ISOC99_SOURCE -> _GNU_SOURCEexim-4_80_RC5 | Phil Pennock | |
_ISOC99_SOURCE broke build on Linux (Ubuntu 11.10) because it broke <resolv.h>, <arpa/nameser.h>, etc. Their u_char and u_int usage relies upon BSD source being enabled too. So use _GNU_SOURCE. | |||
2012-05-23 | Define _ISOC99_SOURCE in exim.h | Phil Pennock | |
Done before os.h is pulled in so an OS can override it. | |||
2012-05-23 | Doc: move -bmalware into alphabetic place | Phil Pennock | |
2012-05-23 | Doc: s/DNS/domains/ in new text | Phil Pennock | |
2012-05-23 | Doc: document when dnslookup will decline | Phil Pennock | |
2012-05-23 | Doc: tls_require_ciphers examples | Phil Pennock | |
Note how to test strings, provide examples which distinguish port 25 from other ports. Carefully used short examples, but allows two different strings per implementation and demonstrates how the strings are very different. | |||
2012-05-23 | Manually control locale, setting to "C" in runtest script. | Todd Lyons | |
Fixes the output of 'ls' command to a standard format (test 345). | |||
2012-05-23 | expanded comment, noting size types and API issue | Phil Pennock | |
2012-05-22 | README.UPDATING: emphasise more the LDAP issue | Phil Pennock | |
2012-05-22 | OCSP description: minor nits | Phil Pennock | |
2012-05-21 | Enable PCRE_CONFIG by default | Phil Pennock | |
With this, src/EDITME as Local/Makefile *only* needs EXIM_USER to be set and EXIM_MONITOR commented out for Exim to build on my box. I think this is a reasonable default; if there are releases of PCRE which do not include pcre-config, then on those boxes a slight change will be needed, but only where the file was already having to be edited anyway. | |||
2012-05-21 | Guard SNI usage better (client-side) | Phil Pennock | |
2012-05-21 | Testsuite: more robust fix for SHELL vs /bin/sh, take two. | Jeremy Harris | |
2012-05-21 | Revert "Testsuite: more robust fix for SHELL vs /bin/sh" | Jeremy Harris | |
This reverts commit 8dedb69a41c30fd82ab6e084fe567f7ee7aaa562. Kills testcase 0137. | |||
2012-05-21 | Testsuite: more robust fix for SHELL vs /bin/sh | Jeremy Harris | |
2012-05-21 | OpenBSD compat, DNS resolver library | Phil Pennock | |
Report and point to fix from Dennis Davis. | |||
2012-05-21 | Update binary's copyright message. | Phil Pennock | |
Rough text per suggestion from Tony. Amended ACKNOWLEDGEMENTS briefly, but need to actually add people. Like, er, me. | |||
2012-05-21 | avoid NUL in dh params file | Phil Pennock | |
gnutls_dh_params_export_pkcs3() returns 2 different sizes. NUL observed by Janne Snabb | |||
2012-05-21 | .end -> .wenexim-4_80_RC4 | Phil Pennock | |
2012-05-21 | Add tls_dh_max_bits to OptionLists.txt | Phil Pennock | |
2012-05-21 | features.h; tls_validate_require_cipher: log flag & testsexim-4_80_RC3 | Phil Pennock | |
Pull in <features.h> on Linux. Switch readconf log from D_all (bug) to D_tls (though D_any would have worked). Modified runtest to handle clamped DH bits and tls_validate_require_cipher added debug logging. | |||
2012-05-20 | only drop privs for TLS if still root | Phil Pennock | |
2012-05-20 | Update docs for latest state of TLS affairs. | Phil Pennock | |
gnutls-params bits count no longer necessarily what GnuTLS says to use. The OpenSSL-vs-GnuTLS text needed some updating. Catches a ChangeLog addition made during the previous commit, so not picked up by it. |