summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-07-18Docs: clarify rolled-up dkim status availability in data ACLJeremy Harris
2018-07-13doc: DANE: don't claim TA can be elided from chainPhil Pennock
While technically an implementation can choose to use a public TA from DNS or elsewhere to populate a missing TA from the chain, that creates interoperability issues and the OpenSSL integration code, at least, doesn't support that and after a bit of work drilling through layers of abstraction, I've not figured out what GnuTLS does and I've decided I don't care. So I'm heeding Viktor's advice and changing the docs to just say to publish the TA in the chain sent by the server.
2018-07-10nit typoPhil Pennock
2018-07-10Document problems with SHA-1 in certs with DANE-TAPhil Pennock
Very few domains are using SHA-1 in EE certs issued from a CA used in DANE-TA anchoring, but some are. Meanwhile apparently GnuTLS now defaults to disabling SHA-1 in chains. Which is eminently reasonable. I do not believe that Exim should re-enable use of SHA-1 here. Let it die. Document with warnings that folks using a private CA for certs to be publicly trusted via DANE-TA should follow decent operational issuance practices. Also update my Channel Binding docs for GSASL to warn that Channel Binding is Broken™.
2018-06-28Callouts: enhance debug messageJeremy Harris
2018-06-28Testsuite: tweak instructions for running the suiteJeremy Harris
2018-06-27Restore rsmapd supportJeremy Harris
Following discussions on the exim-user mailinglist it seems that the conclusion that the interface was nonfunctioning was unwarranted.
2018-06-26tidyingJeremy Harris
2018-06-26Merge branch 'rspamd-removal'Jeremy Harris
2018-06-26Revert "Support Rspamd. Patch from Andrew Lewis, lightly editorialised"Jeremy Harris
This reverts commit c5f280e20a8e3ecd5f016b8fb34a436588915ed2.
2018-06-26Revert "Rspamd: add $authenticated_id as User to scan command"Jeremy Harris
This reverts commit 6c54be6459b83b955fbd2fd6d6a844f80c98427a.
2018-06-26Revert "Spamd: add missing initialiser. Rspamd mode was incorrectly ↵Jeremy Harris
sometimes seen." This reverts commit e718bd6285cb0fb45b74b6fc00b7737590dcaa60.
2018-06-26Revert "Do not use shutdown() when talking to rspamd. Fixes 1802"Jeremy Harris
This reverts commit 416a0be6df0697848ca551dd3243b652e763792d.
2018-06-26Revert "Testsuite: limited support for Content-length:"Jeremy Harris
This reverts commit f6f239461fd62b3a4f3142b6b2a85f8f65eee486.
2018-06-26Revert "Avoid repeated string-copy building command-string for rspamd"Jeremy Harris
This reverts commit 5df838645bcdb135355205a115bf918c85987caf.
2018-06-26Unbreak non-DANE buildJeremy Harris
Broken-by: afdb5e9cf0
2018-06-25Expansions: A tls option on ${readsocket }. Bug 2282Jeremy Harris
2018-06-25ARC: Fix verification to do AS checks in reverse orderJeremy Harris
Broken from the original introduction (617d39327e)
2018-06-24Fix mutiple message send under TLSJeremy Harris
Broken-by: 74f1a42304
2018-06-24TLS: rework client-side use with an explicit context rather than a globalJeremy Harris
2018-06-21Testsuite: workaround older-perl bugJeremy Harris
2018-06-21Testsuite: missing output filesJeremy Harris
2018-06-21DKIM: Fix signing for body lines starting with a pair of dots. Bug 2284Jeremy Harris
Broken-by: 42055a3385
2018-06-21Docs: spellingKirill Miazine
2018-06-20OpenSSL: TLSv1.3 notesJeremy Harris
2018-06-14OpenSSL: enable use of TLS 1.3 (with OpenSSL 1.1.0 and later)Jeremy Harris
2018-06-14Add client-ip info to non-pass iprev ${authres } linesJeremy Harris
2018-06-12Clarify the socket address family (UNIX) for server_socket (dovecot)Heiko Schlittermann (HS12-RIPE)
Wishlist item (#2280) is created for INET connections. See https://bugs.exim.org/show_bug.cgi?id=2280
2018-06-09DKIM: support timestamp and expiry tags in signing. Bug 2260Jeremy Harris
2018-06-07Follow CNAME chains only one step. Bug 2264Jeremy Harris
2018-06-07ARC: Fix signing for case when DKIM signing failedJeremy Harris
2018-06-06Change-logJeremy Harris
2018-06-06Fix logging of cmdline args when starting in an unlinked cwd. Bug 2274Jeremy Harris
2018-05-24Use serial number 1 for self-generated selfsigned certificateJeremy Harris
Broken-by: 23bb69826c
2018-05-20ARC: better diagnostics for keyfile issuesJeremy Harris
2018-05-20DMARC: do not wipe values set by config options, between message receptionsJeremy Harris
Broken-by: b4757e3611
2018-05-19Docs: add note on DKIM signing-limit securityJeremy Harris
2018-05-19Safer handling of argument-logging memory of cwdPhil Pennock
2018-05-16Testsuite: output changes arisingJeremy Harris
2018-05-16Callouts: record succeeding random local-part tests. Bug 177Jeremy Harris
2018-05-16Content scanning: Fix locking on message spool files. Bug 2275Jeremy Harris
2018-05-15Don't open spool data-files which are symlinksPhil Pennock
2018-05-11ARC: fix crash on signing with missing key fileJeremy Harris
2018-05-09-bV: include the CONFIGURE_FILE path if it contains a ':'Heiko Schlittermann (HS12-RIPE)
2018-05-07tidyingJeremy Harris
2018-05-05Cutthrough: fix race resulting in duplicate-delivery. Bug 2273Jeremy Harris
2018-05-05tidyingJeremy Harris
2018-05-03Fix typo in readconf.cHeiko Schlittermann (HS12-RIPE)
2018-05-01Expansions: new ${lheader:<name>}. Bug 2272Jeremy Harris
2018-04-29tidyingJeremy Harris
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-04 02:27:51 +0000