summaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)Author
2012-05-17Copyright year updates.Phil Pennock
Updated all files modified in 2012 which contained a copyright year already, unless the range was specified as open-ended. vi $(git whatchanged --since=2012-01-01 | grep '^:100' | sed 's/^[^M]*M//' | sort -u | fgrep -v test/)
2012-05-174.78 -> 4.80Phil Pennock
2012-05-17Guards for older releases of GnuTLS.Phil Pennock
gnutls_sec_param_to_pk_bits() and gnutls_rnd() are both new as of GnuTLS 2.12.x. Guard their usage on 2.12.0+ at compile time. In older versions, the vaguely_random_number() function just immediately calls the fallback, so it's the same as before this change (just one extra indirection in the code-path). Define a constant of 1024 for dh-bits for use in those old releases where GnuTLS won't tell us how many we should use. Change the on-disk filename for generated D-H params again, replacing the -normal with -<bitcount>, so that it's 1024 or whatever, and as the value changes, Exim will automatically start using the new value.
2012-05-17dnsdb SPF support, from Janne SnabbPhil Pennock
2012-05-16Merge branch 'experimental_ocsp'Phil Pennock
2012-05-16Overhaul of GnuTLS code.Phil Pennock
GnuTLS code re-done, using cut&paste for preservation where appropriate. Stop using deprecated APIs. Stop hard-coding lists of ciphers. Use gnutls_priority_init() instead. Turns tls_require_ciphers into a string in the GnuTLS case, not just OpenSSL case. Deprecate three gnutls_require_* options; now ignored but not errors. (No warnings yet). Added TLS SNI support. Made the channel binding integration theoretically actually work. I had it guarded by an #ifdef but the value used was an enum instead. Oops. Fixed. New code much more amenable to future work permitting TLS in callouts. DH param sizes now chosen by GnuTLS maintainers, we use "normal"; that's suddenly a lot more bits, so the saved filename was changed too. (GNUTLS_SEC_PARAM_NORMAL). DH param setup only done for servers now, since clients don't need/use it. GnuTLS a lot more robust to library negotiation using stuff we don't support, error-ing out quickly for other authentication systems (PGP, etc). Renamed pseudo_random_number() to vaguely_random_number() which makes the nature clearer. GnuTLS now provides a vaguely_random_number() implementation, to match OpenSSL. Pull in <inttypes.h> to make the recent arithmetic changes compile on MacOS. Nuke test 2011 which related to the gnutls_require_* options now non-functional.
2012-05-13Use defines in config.h for type & scanf-patterns for eval. Update docs.Jeremy Harris
2012-05-13Fixed headers_only on smtp transports.Phil Pennock
Was not sending trailing dot. Added test case to catch this. fixes bug 1246.
2012-05-12pcre-config support.Phil Pennock
Remove a couple of stray references to PCRE_CFLAGS too (dating from when PCRE was bundled).
2012-05-08inetd wait mode support with -bwPhil Pennock
2012-05-08OCSP Stapling support, under EXPERIMENTAL_OCSP.Phil Pennock
OpenSSL only.
2012-05-07Default accept_8bitmime to true.Phil Pennock
Some discussion at http://bugs.exim.org/show_bug.cgi?id=817 Refer readers to Dan Bernstein's analysis of the issues. Consensus seen from maintainers is that DJB is right on this point.
2012-05-07revert "%s" addition in em_main.c, broke %D in log_file.Phil Pennock
Also added gdb support. This leaves us with a printf warning. We accept that as the cost of using PRINTF_FORMAT for strings that aren't libc formats.
2012-05-05DNS resolver init changes for NetBSD compatibility.Phil Pennock
2012-05-04Check localhost_number expansion for failure.Phil Pennock
Avoids NULL dereference. Report and patch from Alun Jones. Also a couple of SIZE_T_FMT sizeof() printf string fixes while I was in there. fixes bug 1122
2012-05-04New doc section explaining TLS SNIPhil Pennock
2012-05-04fix sdop directive in filter.xfptPhil Pennock
2012-05-04fix all sdop "line overflow" doc complaintsPhil Pennock
2012-05-04fix example line-length, add comment (openssl_options)Phil Pennock
2012-05-04Doc build bug-fix.Phil Pennock
Had repeated .ilist instead of .next in the openssl_options value list. Old sdop: segfault. New sdop: memory exhaustion. Oops!
2012-05-04More tls_sni support: outbound, logging.Phil Pennock
tls_sni as SMTP transport option. Use correct storage pool for copying tls_sni, so survives for life of process. Add +tls_sni log-selector, for inbound tls_sni. Update exipick to handle -tls_sni in spool files. Also reset tls_bits at start of outbound connection (was missing).
2012-05-04TLS SNI support for OpenSSL ($tls_sni)Phil Pennock
2012-05-03OpenSSL fixes and backwards compat break.Phil Pennock
Drop SSL_clear() after SSL_new() which causes protocol negotiation failures for TLS1.0 vs TLS1.1/1.2 in OpenSSL 1.0.1b. Remove SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (+dont_insert_empty_fragments) from default of openssl_options.
2012-05-03LDAP: Check for errors of TLS initialisationPhil Pennock
Report and patch from Dmitry Banschikov.
2012-05-01Change notes for bug 660.Jeremy Harris
2012-04-30document TK's bug 1239 fix in ChangeLogPhil Pennock
2012-04-28TLS fixes for OpenSSL.Phil Pennock
Support TLS 1.1 & 1.2 New "openssl_options" values (all now documented). Set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read or write after TLS renegotiation, which otherwise led to messages "Got SSL error 2".
2012-04-28describe spool file changes for -tls_peerdnPhil Pennock
2012-04-22Mark cases where printf format strings are usedDirk Mueller
Bug report from Lars Müller <lars@samba.org> (via SUSE), Patch from Dirk Mueller <dmueller@suse.com>
2012-04-12Handle TAB, not just SP, in MAIL args.Phil Pennock
Analysis, diagnosis and variant patch by Todd Lyons.
2012-04-12Updated OptionsList with gsasl, heimdal_gssapi, _PC changes.Phil Pennock
Also maildir_use_size_file is now expanded
2012-04-12Two clarifications.Phil Pennock
String expansion, draw more attention to &dagger; marking. Document the order in which parameters are supplied to relative comparators.
2012-03-31fix gsasl / cyrus claimsPhil Pennock
Point 1 for 4.78 said gsasl could *not* be used to replace cyrus. This was obsoleted by point 5. Remove claim from point 1, add additional note to point 5.
2012-03-21Merge branch 'dbmjz'Phil Pennock
2012-03-21heimdal_gssapi: accept SASL with empty authzidPhil Pennock
Saw this happening with Apple Mail; accept it, dup the GSS Display Name
2012-03-02Add dbmjz lookup typePhil Pennock
2012-02-19Log auth data in rejectlog.Phil Pennock
http://bugs.exim.org/attachment.cgi?id=547&action=edit fixes bug: 1214 Patch by Jeremy Harris
2012-02-18expand cyrus_sasl server_realm optionPhil Pennock
2012-02-18Merge branch 'sasl_fixes'Phil Pennock
2012-02-18Document pkg-config for TLSPhil Pennock
2012-02-18Document pkg-configPhil Pennock
2012-02-18Swap gsasl GSSAPI $auth1/$auth2Phil Pennock
2012-02-18Drop server_realm from heimdal_gssapiPhil Pennock
2012-02-18Document heimdal_gssapi as it works now.Phil Pennock
2012-02-13Document gsasl integrationPhil Pennock
2012-02-04Documentation for $tls_bits and SASL changesPhil Pennock
2012-01-03bool{} is false for empty stringsPhil Pennock
fixes bug 1193 reported by Jasen Betts.
2011-11-30Documentation had primary_host_name for primary_hostname. Fixes: #1169Nigel Metheringham
2011-11-30eximstats DATA reject detection regexps improved. Fixes: #1093Nigel Metheringham
2011-11-30Documentation fix. Fixes: #949Nigel Metheringham