Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-06-02 | Fix tiny ChangeLog typo | Todd Lyons | |
2014-05-31 | Support service names for tls_on_connect_ports. Bug 72 | Jeremy Harris | |
2014-05-30 | Fix doc for $sender_host_dnssec. Bug 1485 | Jeremy Harris | |
2014-05-30 | Fix no-ssl build | Jeremy Harris | |
2014-05-29 | Fix delivery $host in client authenticator in verify/callout. Bug 1476 | Jeremy Harris | |
2014-05-29 | Log warnings on presence of deperecated options | Jeremy Harris | |
2014-05-29 | Fix dnssec dnsdb lookup in defer_never mode | Jeremy Harris | |
2014-05-28 | Bug 1444: Fix \r\n handling writing spool file | Todd Lyons | |
Fix a bug which causes DKIM signatures to fail because what gets written to the spool file is different than what gets passed through the DKIM code. | |||
2014-05-28 | Merge tag 'exim-4_82_1'exim-4_83_RC1 | Todd Lyons | |
Fix Conflicts: src/src/dmarc.c | |||
2014-05-26 | SECURITY: DMARC uses From header untrusted dataexim-4_82_1 | Todd Lyons | |
CVE-2014-2957 To find the sending domain, expand_string() was used to directly parse the contents of the From header. This passes untrusted data directly into an internal function. Convert to use standard internal parsing functions. | |||
2014-05-26 | Increase limit of smtp_confirmation logging from 100 to 256 chars. Bug 1408 | Jeremy Harris | |
2014-05-26 | Errorcheck TLS library calls | Jeremy Harris | |
2014-05-26 | Restrict certificate name checkin for wildcards. | Jeremy Harris | |
On more recent OpenSSL library versions the builtin wildcard checking can take a restriction option that we want, to disallow the more complex possibilities of wildcarding. | |||
2014-05-25 | Missing initialiser | Jeremy Harris | |
2014-05-23 | Add OpenSSL version check | Jeremy Harris | |
2014-05-23 | Add GnuTLS version check | Jeremy Harris | |
2014-05-23 | Move OCSP out of EXPERIMENTAL | Jeremy Harris | |
2014-05-22 | Compiler quietening. Bug 907 | Jeremy Harris | |
2014-05-22 | Bug 1394: Document how to do per host conn limits | Todd Lyons | |
Since the max connections per host setting is computed and enforced in the master listening process before the fork, there is no easy way to get an accurate connection count once the Proxy Protocol negotiation has been done (i.e. in a child process, after the fork). Rather than try to use a shared mmap file using CAS in the children to manipulate it, we just advise of a crude version of max connections per IP be achieved by using ratelimit per_conn in the connect ACL. | |||
2014-05-22 | Fix doc for dovecot authenticator. Bugs 1448, 1483 | Jeremy Harris | |
2014-05-21 | RFC3461 support - MIME DSN messages. Bug 118 | Wolfgang Breyha | |
2014-05-21 | Eliminate one foolish way to break the build | Jeremy Harris | |
2014-05-21 | Add PRDR feature output in -bV | Todd Lyons | |
2014-05-20 | Support optional server certificate name checking. Bug 1479 | Jeremy Harris | |
Enable EXPERIMENTAL_CERTNAMES to include. | |||
2014-05-20 | Final tidyout of EXPERIMENTAL_PRDR | Jeremy Harris | |
2014-05-17 | Use accessor functions for OpenSSL internal data | Jeremy Harris | |
2014-05-16 | General tidying | Jeremy Harris | |
2014-05-16 | Tidy certificate verification logic under OpenSSL | Jeremy Harris | |
2014-05-13 | Extractors for certificate time fields support integer output modifier | Jeremy Harris | |
2014-05-13 | Extractor for named RDN element types from a certificate DN field. | Jeremy Harris | |
2014-05-13 | Updated changelog. | Todd Lyons | |
Accidentally included the fix for Bug 1119 in the same commit fixing Proxy Protocol version 2 to match the API change in May 2014. | |||
2014-05-13 | Bug 1394: PPv2 header modifed | Todd Lyons | |
The HAProxy dev team adjusted the layout of the 16 byte header to allow it to be used for SSL connections. Had to adjust PPv2 handling code and perl proxy emulation script. Added link to this HAProxy commit in the documentation. | |||
2014-05-13 | Fix cert fingerprint path to deny noncerts | Jeremy Harris | |
2014-05-13 | certextract tidying | Jeremy Harris | |
2014-05-13 | Add doc notes on verifying self-signing hosts | Jeremy Harris | |
2014-05-13 | Update docs for suggested Ident and PRDR settings | Jeremy Harris | |
2014-05-13 | Merge branch 'master' of ssh://git.exim.org/home/git/exim | Todd Lyons | |
2014-05-13 | Test suite normalize TLS 1.[12] to TLS1 | Todd Lyons | |
2014-05-13 | Move PRDR out of EXPERIMENTAL | Jeremy Harris | |
2014-05-12 | Merge branch 'master' of ssh://git.exim.org/home/git/exim | Todd Lyons | |
2014-05-12 | Provide better sprintf debug output for callers | Todd Lyons | |
2014-05-12 | Propagate dnssec status from dnslookup router through transport to tpda | Jeremy Harris | |
2014-05-12 | Fix pair of buffer size errors. Bug 1478 | Jeremy Harris | |
Reported-by: David Binderman | |||
2014-05-11 | New expansion operator sha256 for certificates. Bug 1170 | Jeremy Harris | |
2014-05-11 | More testcase serialization | Jeremy Harris | |
2014-05-11 | Compiler quietening and testcase consistency | Jeremy Harris | |
Fix an unterminated comment from 018058b | |||
2014-05-09 | Remove extraneous debug | Jeremy Harris | |
2014-05-09 | Make $tls_out_ocsp visible to TPDA (mostly testsuite) | Jeremy Harris | |
2014-05-08 | Certificate-related routines only present when TLS is supported | Jeremy Harris | |
2014-05-08 | Enable operator md5 and sha1 use on certificate variables. Bug 1170 | Jeremy Harris | |