| Age | Commit message (Collapse) | Author |
|---|
|
This maintains visibility of the cert choice required by the auth-method configuration.
Leave the bogus results from pre-1.1.1 OpenSSL library bug while the fixed version is not in common use.
|
|
|
|
Use this to deal with fallout from TLS negotiation failure, where the
server sees leftover encrypted data as garbage commands.
|
|
Also, use safer interface for error-strings.
|
|
|
|
Broken-by: 75c121f07a
|
|
Broken-by: 75c121f07a
|
|
|
|
|
|
This tracks changes in the ARC draft.
The Received-SPF headers remain unchanged.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2322
|
|
2314
|
|
Broken-by: e6d2a9894d
|
|
|
|
|
|
It didn't used to be documented as possibly returning NULL, but now it is.
|
|
|
|
|
|
Broken-by: 8008accd32
|
|
|
|
|
|
|
|
Broken-by: 8008accd32
|
|
We have lost one log line, for a ciphers-negotiation failure on an early
host in a list from routing. We still get something indicative if the
last one fails, so I'm going to let this pass.
Test 2025 will fail on earlier GnuTLS library versions as a result.
NONE no longer works as documented, in priority string for GnuTLS.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
With openssl installed by brew on macOS, OpenSSL headers are not in a
normal place. I can fiddle with LDFLAGS/CPPFLAGS to get them available,
but then the `./configure` step succeeds and build fails.
Propagating the CPPFLAGS into the generated Makefile lets the build
succeed and we get a `client-ssl` binary output.
|
|
MacStadium are providing us with free Mac Mini hosting as part of their
FOSS support. I'm about to set it up. Let's have out-of-repo tuning in
place before I begin.
|
|
|
|
|
|
Patch from Matthias, with additional code indentation tweaks from JGH
|
|
I've created a homebrew tap with sdop and xfpt in it, so I can install
those more easily on macOS in the future, and now have bothered actually
building the docs. `.url()` should have been `&url()` in two places.
The `make spec.pdf` pipeline yields a document where those are not
clickable links, but if i use `make spec.ps` and let macOS auto-convert
to PDF upon open, those are proper clickable hyperlinks. So this switch
is definitely for the better.
|
|
|
|
|
|
I got a cookie-cutter email from folks noting the modssl.org doc links
were broken and asking us to use their site instead, which was both
helpful and a rather heavy page with advertising on it, so not something
I want our docs to link to.
Fixed the modssl link to point to the correct current Apache docs, since
mod_ssl has not been a separate project for … a very long time.
Audited every `http:` link in the Spec, replacing with https if
available, updating URLs as needed, or trimming deadwood as appropriate.
This did edit one license text, but in a way which I believe is
reasonable and in the license holder's best interests.
* Use comments with a datestamp for any remaining http: URLs, showing
when they were last audited
* Suggest migrating away from Berkeley DB.
* Drop mention of a patched `pam_unix` module which is no longer available.
* In revamping the CDB tools links, add my own tools.
* Redo the intro text for the mod_ssl stuff (first person voice of PH).
* Rescorla's book's online examples appear to be gone; drop mention of
them and point to Ristić's more recent book too.
* Point to wikipedia list of DNSxL services as an overview, in part
because I dropped the reference to the defunct rfc-ignorant.org and
there was no good candidate as an exemplar for domain-based lists.
* Note that mksd is a candidate for removal from Exim since mks_vir
is dead.
* Drop LogReport/lire reference (dead/gone and can't find it).
* Redo proxy protocol spec-linking text.
* Replace FAQ A1701 with text saying "don't do that" (self-signed certs)
and just telling people to use a CA instead, pointing strongly to
Let's Encrypt. We did nobody any favors with that old text still
being present today (it was entirely appropriate when written).
|
