Age | Commit message (Collapse) | Author |
|
|
|
|
|
Some discussion at http://bugs.exim.org/show_bug.cgi?id=817
Refer readers to Dan Bernstein's analysis of the issues.
Consensus seen from maintainers is that DJB is right on this point.
|
|
Also added gdb support.
This leaves us with a printf warning. We accept that as the cost of using PRINTF_FORMAT for strings that aren't libc formats.
|
|
Solaris needs -lresolv, ie $(LIBRESOLV), for anything referencing DNS.
I added _res stuff to os.c.
os.c is used by multiple tools, but of those only Exim needs the DNS functionality.
So used a !defined(COMPILE_UTILITY) guard.
|
|
|
|
|
|
Avoids NULL dereference.
Report and patch from Alun Jones.
Also a couple of SIZE_T_FMT sizeof() printf string fixes while I was in there.
fixes bug 1122
|
|
|
|
tls_sni as SMTP transport option.
Use correct storage pool for copying tls_sni, so survives for life of process.
Add +tls_sni log-selector, for inbound tls_sni.
Update exipick to handle -tls_sni in spool files.
Also reset tls_bits at start of outbound connection (was missing).
|
|
|
|
Fixes compiler complaints about unused variables.
|
|
(but added check in case wrong about spuriousness)
|
|
Drop SSL_clear() after SSL_new() which causes protocol negotiation failures for TLS1.0 vs TLS1.1/1.2 in OpenSSL 1.0.1b.
Remove SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (+dont_insert_empty_fragments) from default of openssl_options.
|
|
Report and patch from Dmitry Banschikov.
|
|
Move to a table-driven approach for the parsing of "verify =".
|
|
|
|
|
|
Thanks to Wolfgang Breyha for the patch! (bug 1239)
|
|
Eximon needs it, via util-spool_in.o
It needed a private hex_digits[] to avoid bringing in all of globals.c to COMPILE_UTILITY.
|
|
jgh debugged eximon build failure; util-spool_in.o needs it
|
|
Support TLS 1.1 & 1.2
New "openssl_options" values (all now documented).
Set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read or write after
TLS renegotiation, which otherwise led to messages "Got SSL error 2".
|
|
|
|
Fixes bug 1240.
|
|
|
|
|
|
|
|
This happens while still root.
Be more emphatic in EDITME about the security implications of loadable modules.
|
|
Bug report from Lars Müller <lars@samba.org> (via SUSE),
Patch from Dirk Mueller <dmueller@suse.com>
|
|
Analysis, diagnosis and variant patch by Todd Lyons.
|
|
|
|
Saw this happening with Apple Mail; accept it, dup the GSS Display Name
|
|
|
|
http://bugs.exim.org/attachment.cgi?id=547&action=edit
fixes bug: 1214
Patch by Jeremy Harris
|
|
|
|
|
|
Avoids the loops which we only cancel out anyway.
|
|
Also: update EDITME to refer to pkg-config & AUTH_HEIMDAL_GSSAPI.
|
|
|
|
|
|
multi-blank-line protection never set the bool needed
OID-method for keytab setting cleanup (drop <roken.h> and fix comments)
|
|
Drop the OID and pseudo-standard GSSAPI extension mechanism.
Found Heimdal-specific API call I needed, works great.
gsskrb5_register_acceptor_identity(filename)
Separately: add various debug statements.
|
|
Not yet working, failing to set keytab.
Also: support (AUTH|LOOKUP)_*_PC=foo to use `pkg-config foo` for cflags/libs.
|
|
Defined helper streqic() since I seem tired enough to be forgetting ==0 checks.
Deal with left-over-data-to-send correctly.
Now tested with PLAIN, CRAM-MD5, DIGEST-MD5.
For DIGEST-MD5, check for server_realm, since GSASL doesn't error out without it.
|
|
|
|
Missing: documentation; tests.
Tested: PLAIN auth.
Status: probably buggy
|
|
Export $tls_bits new expansion variable (not yet documented).
Fix tls-gnu.c so that ciphername string construction uses bit-count, not byte-count.
Avoid hard-coding primary_hostname in first call to init Cyrus SASL.
Cast fix for function pointer (Cyrus-SASL uses void params in struct entry funcptr, so need to cast).
Many more debug statements in cyrus_sasl.c
Pass external SSF from TLS cipher into Cyrus SASL initialisation.
Detect when we can't get an identity from SASL properties (error out correctly).
Detect when SASL negotiated a protection layer and error out, since we do not support those.
|
|
|
|
fixes bug 1053
|
|
|