summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-06-02Fix tiny ChangeLog typoTodd Lyons
2014-05-31Support service names for tls_on_connect_ports. Bug 72Jeremy Harris
2014-05-30Fix doc for $sender_host_dnssec. Bug 1485Jeremy Harris
2014-05-30Fix no-ssl buildJeremy Harris
2014-05-29Fix delivery $host in client authenticator in verify/callout. Bug 1476Jeremy Harris
2014-05-29Log warnings on presence of deperecated optionsJeremy Harris
2014-05-29Fix dnssec dnsdb lookup in defer_never modeJeremy Harris
2014-05-28Bug 1444: Fix \r\n handling writing spool fileTodd Lyons
Fix a bug which causes DKIM signatures to fail because what gets written to the spool file is different than what gets passed through the DKIM code.
2014-05-28Merge tag 'exim-4_82_1'exim-4_83_RC1Todd Lyons
Fix Conflicts: src/src/dmarc.c
2014-05-26SECURITY: DMARC uses From header untrusted dataexim-4_82_1Todd Lyons
CVE-2014-2957 To find the sending domain, expand_string() was used to directly parse the contents of the From header. This passes untrusted data directly into an internal function. Convert to use standard internal parsing functions.
2014-05-26Increase limit of smtp_confirmation logging from 100 to 256 chars. Bug 1408Jeremy Harris
2014-05-26Errorcheck TLS library callsJeremy Harris
2014-05-26Restrict certificate name checkin for wildcards.Jeremy Harris
On more recent OpenSSL library versions the builtin wildcard checking can take a restriction option that we want, to disallow the more complex possibilities of wildcarding.
2014-05-25Missing initialiserJeremy Harris
2014-05-23Add OpenSSL version checkJeremy Harris
2014-05-23Add GnuTLS version checkJeremy Harris
2014-05-23Move OCSP out of EXPERIMENTALJeremy Harris
2014-05-22Compiler quietening. Bug 907Jeremy Harris
2014-05-22Bug 1394: Document how to do per host conn limitsTodd Lyons
Since the max connections per host setting is computed and enforced in the master listening process before the fork, there is no easy way to get an accurate connection count once the Proxy Protocol negotiation has been done (i.e. in a child process, after the fork). Rather than try to use a shared mmap file using CAS in the children to manipulate it, we just advise of a crude version of max connections per IP be achieved by using ratelimit per_conn in the connect ACL.
2014-05-22Fix doc for dovecot authenticator. Bugs 1448, 1483Jeremy Harris
2014-05-21RFC3461 support - MIME DSN messages. Bug 118Wolfgang Breyha
2014-05-21Eliminate one foolish way to break the buildJeremy Harris
2014-05-21Add PRDR feature output in -bVTodd Lyons
2014-05-20Support optional server certificate name checking. Bug 1479Jeremy Harris
Enable EXPERIMENTAL_CERTNAMES to include.
2014-05-20Final tidyout of EXPERIMENTAL_PRDRJeremy Harris
2014-05-17Use accessor functions for OpenSSL internal dataJeremy Harris
2014-05-16General tidyingJeremy Harris
2014-05-16Tidy certificate verification logic under OpenSSLJeremy Harris
2014-05-13Extractors for certificate time fields support integer output modifierJeremy Harris
2014-05-13Extractor for named RDN element types from a certificate DN field.Jeremy Harris
2014-05-13Updated changelog.Todd Lyons
Accidentally included the fix for Bug 1119 in the same commit fixing Proxy Protocol version 2 to match the API change in May 2014.
2014-05-13Bug 1394: PPv2 header modifedTodd Lyons
The HAProxy dev team adjusted the layout of the 16 byte header to allow it to be used for SSL connections. Had to adjust PPv2 handling code and perl proxy emulation script. Added link to this HAProxy commit in the documentation.
2014-05-13Fix cert fingerprint path to deny noncertsJeremy Harris
2014-05-13certextract tidyingJeremy Harris
2014-05-13Add doc notes on verifying self-signing hostsJeremy Harris
2014-05-13Update docs for suggested Ident and PRDR settingsJeremy Harris
2014-05-13Merge branch 'master' of ssh://git.exim.org/home/git/eximTodd Lyons
2014-05-13Test suite normalize TLS 1.[12] to TLS1Todd Lyons
2014-05-13Move PRDR out of EXPERIMENTALJeremy Harris
2014-05-12Merge branch 'master' of ssh://git.exim.org/home/git/eximTodd Lyons
2014-05-12Provide better sprintf debug output for callersTodd Lyons
2014-05-12Propagate dnssec status from dnslookup router through transport to tpdaJeremy Harris
2014-05-12Fix pair of buffer size errors. Bug 1478Jeremy Harris
Reported-by: David Binderman
2014-05-11New expansion operator sha256 for certificates. Bug 1170Jeremy Harris
2014-05-11More testcase serializationJeremy Harris
2014-05-11Compiler quietening and testcase consistencyJeremy Harris
Fix an unterminated comment from 018058b
2014-05-09Remove extraneous debugJeremy Harris
2014-05-09Make $tls_out_ocsp visible to TPDA (mostly testsuite)Jeremy Harris
2014-05-08Certificate-related routines only present when TLS is supportedJeremy Harris
2014-05-08Enable operator md5 and sha1 use on certificate variables. Bug 1170Jeremy Harris