Age | Commit message (Collapse) | Author |
|
Broken by my compile quitening; the issue was a variable
declared local in a loop body and used for carrying data
from one iteration to the next. I'd blindly added an
initialiser, destroying the data. However, I *think* that
compilers might be at liberty to not use the same location
for separate iterations; if so the code was broken (and only
worked by chance). Fix by moving the declaration outside
the loop.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
be dnssec before declaring the lookup was secure.
|
|
|
|
Not actually excercising DANE yet,
this will take additions in the fakedns and
probably changes in certificates.
|
|
|
|
|
|
being explored by the test
|
|
Enable EXPERIMENTAL_CERTNAMES to include.
|
|
|
|
|
|
|
|
|
|
|
|
and smtp transport option hosts_request_ocsp
|
|
|
|
|
|
|
|
Requires GnuTLS version 3.1.3 or later.
Under EXPERIMENTAL_OCSP
|
|
GnuTLS early versions (pre 3.0.0 ?) fail to send a reasonable
client-cert request when tls_verify_certificates is an empty file.
Since the test is for missing *server* certs (tls_certificate)
avoid this by pointing to a real (if non-verifying) cert in
tls_verify_certificates.
|
|
by restricting operations and logging to fewer items of interest
|
|
The split of these variables into _in and _out sets introduced by d9b231
in 4.82 was incomplete, leaving the deprecated legacy variables nonfunctional
during a transport and associated client authenticator.
Fix by repointing the legacy set to the outbound connection set at
transport startup (and do not clear out the inbound set at this
time, either).
|
|
As a side-effect, playing games with newlines no longer gives an altered message body/
Testcase 0324 is questionable (though passing)
|
|
|
|
|
|
|
|
Code by Wolfgang Breyha, docs and testsuite by Jeremy Harris
|
|
|
|
|
|
Documentation and test included.
Fixed Conflicts:
doc/doc-txt/ChangeLog
|
|
Test 533 fails if there are any upper case chars in the path to the
test suite. Added caseful_local_part=true to the router which calls
the pipe.
|
|
Remove whitespace
|
|
Previously we skipped parsing the ACL section when not needed. Now it is
potentially needed in all cases. The skip was ~5% faster than a full parse
so probably not a large part of the exim process startup.
Fix up testsuite output files affected by the removal and add a regression test.
|
|
Refactored smtp transport to pull out AUTH-related routines so they could be
also called from the verify code.
Bugs 321, 823.
|
|
Server:
Honor environment variable as well as running_in_test_harness in permitting bogus staplings
Update server tests
Add "-ocsp" option to client-ssl.
Server side: add verification of stapled status.
First cut server-mode ocsp testing.
Fix some uninitialized ocsp-related data.
Client (new):
Verify stapling using only the chain that verified the server cert, not any acceptable chain.
Add check for multiple responses in a stapling, which is not handled
Refuse verification on expired and revoking staplings.
Handle OCSP client refusal on lack of stapling from server.
More fixing in client OCSP: use the server cert signing chain to verify the OCSP info.
Add transport hosts_require_ocsp option.
Log stapling responses.
Start on tests for client-side.
Testing support:
Add CRL generation code and documentation update
Initial CA & certificate set for testing.
BUGFIX:
Once a single OCSP response has been extracted the validation
routine return code is no longer about the structure, but the actual
returned OCSP status.
|
|
|
|
The router name is explicitly nulled after the router exits;
the transport name is set only in the subprocess it runs in.
|
|
|
|
|
|
Broken in 4.80 release, commit 08488c86.
We need to leave $auth1 available after the authenticator returns, so
that server_set_id can be evaluated by the caller. We need to do this
whether we succeed or fail, because server_set_id only makes it into
$authenticated_id if we return OK, but is logged regardless.
Updated test config to set server_set_id; updated logs.
|
|
New log_selector, smtp_mailauth, to enable.
|
|
|
|
|
|
|
|
added in ACLs. Bug 199.
|