summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-05-12Add compile-time checks for various tables being in alphabetical order.Jeremy Harris
This is gross hackery and somewhat fragile. A better method would actuallyt compile the 'C' involved and check programmatically.
2013-05-08Fix dns_retry definition.Todd Lyons
Was placed in non-alphabetical order.
2013-05-05Security considerations: running local commandsPhil Pennock
Call out the dangers of use_shell in the security considerations chapter. Call out a number of related dangers too.
2013-04-21Use enum for cutthrough receive processing state.Jeremy Harris
2013-04-21Document PRDR, OCSP & DMARC options in OptionLists file.Jeremy Harris
2013-04-19Add entry to Changelog.Todd Lyons
2013-04-16Remove static from local variable declaration.Todd Lyons
2013-04-10Fix history file logging to use correct variablesTodd Lyons
Remove SPF domain synthesis, just use HELO.
2013-04-09Withhold TLD load error if not defined in confTodd Lyons
2013-04-09Move DKIM endif.Todd Lyons
Fix a few cosmetic differences.
2013-04-09DMARC documentation and licenseTodd Lyons
2013-04-09DMARC support by opendmarc libsTodd Lyons
2013-04-08Fix runtest -CONTINUE to work everywhereTodd Lyons
Changes the $more variable to just cat the changes to STDOUT and not pipe it through less or more.
2013-04-07Drop mistakenly-added test configJeremy Harris
2013-04-07Merge branch 'ocsp_staple_rollup'Jeremy Harris
* ocsp_staple_rollup: tidying OCSP-stapling enhancement and testing.
2013-04-07Update testsuite case 0390 for force_command addition to pipe transportroot
2013-04-03Fix -p doc mention of Perl -pd conflict.Phil Pennock
Reported by Heiko Schlichting. fixes 1345
2013-04-02Ensure OpenSSL entropy state reset across forks.Phil Pennock
Note that this function is never going to be called pre-fork unless the admin is doing something highly unusual with ${randint:..} in a context evaluated in the listening daemon. Other forks should result in a re-exec(), thus resetting state. Nonetheless, be more cautious, explicitly reset state. Fix per PostgreSQL. PS: why does OpenSSL not document RAND_cleanup() on the same page as all the other entropy pool maintenance functions?
2013-04-01Clean & integrate force_command.Phil Pennock
Work by J. Nick Koston, for cPanel, Inc.
2013-04-01tidyingJeremy Harris
2013-04-01Add the force_command option to the pipe transportJ. Nick Koston
Normally when a router redirects an address directly to a pipe command the command option on the transport is ignored. If force_command is set, the command option will expanded and used. This is especially useful for forcing a wrapper or additional argument to be added to the command.
2013-03-25OCSP-stapling enhancement and testing.Jeremy Harris
Server: Honor environment variable as well as running_in_test_harness in permitting bogus staplings Update server tests Add "-ocsp" option to client-ssl. Server side: add verification of stapled status. First cut server-mode ocsp testing. Fix some uninitialized ocsp-related data. Client (new): Verify stapling using only the chain that verified the server cert, not any acceptable chain. Add check for multiple responses in a stapling, which is not handled Refuse verification on expired and revoking staplings. Handle OCSP client refusal on lack of stapling from server. More fixing in client OCSP: use the server cert signing chain to verify the OCSP info. Add transport hosts_require_ocsp option. Log stapling responses. Start on tests for client-side. Testing support: Add CRL generation code and documentation update Initial CA & certificate set for testing. BUGFIX: Once a single OCSP response has been extracted the validation routine return code is no longer about the structure, but the actual returned OCSP status.
2013-03-23Rename dns_use_dnssec to dns_dnssec_ok.Phil Pennock
This per Tony's suggestion; this makes it clearer that we are merely setting resolver flags, not performing validation ourselves. Well, clearer to those who understand DNSSEC. For everyone else, they'll still be dependent upon a forthcoming new chapter to the Specification.
2013-03-13OpenSSL fix empty tls_verify_certificates.Phil Pennock
New behaviour matches GnuTLS handling, and is documented. Previously, a tls_verify_certificates expansion forced failure was the only portable way to avoid setting this option. Now, an empty string is equivalent.
2013-03-11Guard smtp_user_msg() with EXPERIMENTAL_PRDR check.Phil Pennock
Resolves: gcc receive.c receive.c:520: warning: 'smtp_user_msg' defined but not used
2013-03-11configure.default handle IPv6 localhost better.Phil Pennock
Base patch by Alain Williams. Tweaked, to avoid putting an IPv6-dependency into the default uncommented form, and some rewording. Bugzilla 880. GitHub PR #1.
2013-03-11Document the last change in ChangeLogPhil Pennock
2013-03-05Handle recursion better, caused by ACLs.Phil Pennock
Issue debugged by Todd Lyons, this fix from me.
2013-02-19Bug 1339: DCC update (Wolfgang Breyha)Jeremy Harris
2013-02-15Add a few temp doc items to ignoreTodd Lyons
2013-02-03tls_out.sni fix for ancient-OpenSSL #ifdef branchPhil Pennock
2013-01-26PRDR support, if compiled with EXPERIMENTAL_PRDRJeremy Harris
2013-01-14Update eximstats to watch out for senders sending 'HELO [IpAddr]'Steve Campbell
2013-01-14Fix GNU Hurd interface IPv6 address detection.Phil Pennock
Define SIOCGIFCONF_GIVES_ADDR in OS/os.h-GNU Fixes 1331.
2013-01-07Typo & nit fixes.Phil Pennock
JH has made more changes than he realised. New second JH/11 to JH/13.
2013-01-06Restrict lifetime of $router_name and $transport_name. Bug 308.Jeremy Harris
The router name is explicitly nulled after the router exits; the transport name is set only in the subprocess it runs in.
2012-12-25Add $router_name and $transport_name variables. Bug 308.Jeremy Harris
2012-12-23gen_pkcs3: add comment explaining rationalePhil Pennock
Wondering why you wrote some code and having to grep the source code to find out, in the same year that you wrote it, is generally a sign of missing information. Fixed.
2012-12-23Typo fixes (experimental-spec)Phil Pennock
2012-12-23Update testsuite (gnutls) outputs to match 6822b9.Jeremy Harris
2012-12-23Add notification of OCSP-stapling facility inclusion.Jeremy Harris
2012-12-20GnuTLS-FAQ: typo fixes & glitch re standard primesPhil Pennock
Mostly typos. Was one instance of "which a future release of Exim will probably support" which should already have been "which Exim now supports". Doh. Fixed too.
2012-12-18Initialise OCSP-related pointers before use.Jeremy Harris
2012-12-11Document scripts/lookups-Makefile for new lookups.Phil Pennock
Missing step for adding a new lookup noticed by Paul Gamble.
2012-12-09OCSP/SNI: set correct callback.Phil Pennock
Caught by Jeremy; was wrong in (my) original commit, the dual-TLS work had just renamed the variables and theoretically made it more visible. I still missed it. The server_sni context initialisation was setting the OCSP status callback context parameter back on the original server_ctx instead of the new server_sni context. I guess OCSP and SNI aren't being used together in Exim much yet.
2012-12-09Fix tests 5400, 5401, 5410, 5420 to work under any user.Jeremy Harris
2012-12-07Note build fixes in ChangeLogTony Finch
2012-12-07Avoid unnecessary rebuilds of lookup helper functions.Tony Finch
2012-12-07Avoid spurious rebuilds of the dynamic lookups Makefile.Tony Finch
This was noticable when re-building as a non-privileged user after installing as root; lookups/Makefile had been rebuilt by root and when it was rebuilt again by the unprivileged user `mv` demanded confirmation before overwriting the file.
2012-12-07Fix tests 5401 and 5410 when not run under a user named eximtest.Tony Finch