Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-05-23 | Add OpenSSL version check | Jeremy Harris | |
2014-05-23 | Add GnuTLS version check | Jeremy Harris | |
2014-05-23 | Move OCSP out of EXPERIMENTAL | Jeremy Harris | |
2014-05-22 | Compiler quietening. Bug 907 | Jeremy Harris | |
2014-05-21 | RFC3461 support - MIME DSN messages. Bug 118 | Wolfgang Breyha | |
2014-05-21 | Eliminate one foolish way to break the build | Jeremy Harris | |
2014-05-21 | Add PRDR feature output in -bV | Todd Lyons | |
2014-05-20 | Support optional server certificate name checking. Bug 1479 | Jeremy Harris | |
Enable EXPERIMENTAL_CERTNAMES to include. | |||
2014-05-20 | Final tidyout of EXPERIMENTAL_PRDR | Jeremy Harris | |
2014-05-17 | Use accessor functions for OpenSSL internal data | Jeremy Harris | |
2014-05-16 | General tidying | Jeremy Harris | |
2014-05-16 | Tidy certificate verification logic under OpenSSL | Jeremy Harris | |
2014-05-13 | Extractors for certificate time fields support integer output modifier | Jeremy Harris | |
2014-05-13 | Extractor for named RDN element types from a certificate DN field. | Jeremy Harris | |
2014-05-13 | Bug 1394: PPv2 header modifed | Todd Lyons | |
The HAProxy dev team adjusted the layout of the 16 byte header to allow it to be used for SSL connections. Had to adjust PPv2 handling code and perl proxy emulation script. Added link to this HAProxy commit in the documentation. | |||
2014-05-13 | Fix cert fingerprint path to deny noncerts | Jeremy Harris | |
2014-05-13 | certextract tidying | Jeremy Harris | |
2014-05-13 | Move PRDR out of EXPERIMENTAL | Jeremy Harris | |
2014-05-12 | Merge branch 'master' of ssh://git.exim.org/home/git/exim | Todd Lyons | |
2014-05-12 | Provide better sprintf debug output for callers | Todd Lyons | |
2014-05-12 | Propagate dnssec status from dnslookup router through transport to tpda | Jeremy Harris | |
2014-05-12 | Fix pair of buffer size errors. Bug 1478 | Jeremy Harris | |
Reported-by: David Binderman | |||
2014-05-11 | New expansion operator sha256 for certificates. Bug 1170 | Jeremy Harris | |
2014-05-11 | More testcase serialization | Jeremy Harris | |
2014-05-11 | Compiler quietening and testcase consistency | Jeremy Harris | |
Fix an unterminated comment from 018058b | |||
2014-05-09 | Remove extraneous debug | Jeremy Harris | |
2014-05-09 | Make $tls_out_ocsp visible to TPDA (mostly testsuite) | Jeremy Harris | |
2014-05-08 | Certificate-related routines only present when TLS is supported | Jeremy Harris | |
2014-05-08 | Enable operator md5 and sha1 use on certificate variables. Bug 1170 | Jeremy Harris | |
2014-05-06 | OCSP observability: variables $tls_{in,out}_ocsp | Jeremy Harris | |
and smtp transport option hosts_request_ocsp | |||
2014-05-06 | Refactor tls_client_init interface | Jeremy Harris | |
2014-05-05 | Extractors for subject-alternate-name, ocsp-uri, crl-uri return list. Bug 1358 | Jeremy Harris | |
2014-05-04 | Fix build with OpenSSL on earlier versions. | Jeremy Harris | |
Centos 6.5 and earlier had a build fail with GENERAL_NAME etc. undefined. Just include the file defining it even if it's a duplicate on later versions. | |||
2014-05-03 | More debug output | Jeremy Harris | |
2014-05-02 | Certificate variables and field-extractor expansions. Bug 1358 | Jeremy Harris | |
2014-05-01 | Support dnssec in verify-callout use of smtp transport. | Jeremy Harris | |
Use of dnslookup router support is already present. | |||
2014-05-01 | Cancel in-progress or reject requeted cutthrough when fakereject. Bug 1475 | Jeremy Harris | |
2014-04-29 | Merge branch 'master' of ssh://git.exim.org/home/git/exim | Todd Lyons | |
2014-04-29 | Bug 1454: Option -oMm for message reference | Heiko Schlichting | |
Includes docs and test suite | |||
2014-04-27 | Add options dnssec_request_domains, dnssec_require_domains to the smtp transport | Jeremy Harris | |
Note there are no testsuite cases included. TODO in this area: - dnssec during verify-callouts - dnssec on the forward lookup of a verify=helo and verify=reverse_host_lookup | |||
2014-04-24 | Support OCSP Stapling under GnuTLS. Bug 1459 | Jeremy Harris | |
Requires GnuTLS version 3.1.3 or later. Under EXPERIMENTAL_OCSP | |||
2014-04-24 | Dnssec observability: add variable $lookup_dnssec_authenticated | Jeremy Harris | |
2014-04-24 | Bug 609: Add -C option to exiqgrep | Lars Timmann | |
Option is a passthrough to the exim process that it spawns that generates the queue list. Fixed Conflicts: doc/doc-txt/ChangeLog | |||
2014-04-24 | dnssec_strict, _lax, _never modifiers for dnsdb lookups | Jeremy Harris | |
Lacking testsuite coverage | |||
2014-04-23 | Bug 1453: Add SERVERS ldap server list override | Heiko Schlichting | |
2014-04-22 | exiqgrep: add -a to use all recipients (including delivered) | mg | |
2014-04-21 | Fix testcase "server missing/empty certificate file" | Jeremy Harris | |
GnuTLS early versions (pre 3.0.0 ?) fail to send a reasonable client-cert request when tls_verify_certificates is an empty file. Since the test is for missing *server* certs (tls_certificate) avoid this by pointing to a real (if non-verifying) cert in tls_verify_certificates. | |||
2014-04-21 | Fix DISABLE_DNSSEC build | Jeremy Harris | |
Bad syntax possibly only affected some compilers. | |||
2014-04-20 | Add options dnssec_request_domains, dnssec_require_domains to the dnslookup ↵ | Jeremy Harris | |
router Note there are no testsuite cases included. TODO in this area: - dnssec during verify-callouts - dnssec during dnsdb expansions - dnssec on the forward lookup of a verify=helo and verify=reverse_host_lookup - observability of status of requested dnssec | |||
2014-04-20 | Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455 | Jeremy Harris | |
The split of these variables into _in and _out sets introduced by d9b231 in 4.82 was incomplete, leaving the deprecated legacy variables nonfunctional during a transport and associated client authenticator. Fix by repointing the legacy set to the outbound connection set at transport startup (and do not clear out the inbound set at this time, either). |