user/henk/code/exim.git - [no description]

Age	Commit message (Collapse)	Author
2014-04-24	Support OCSP Stapling under GnuTLS. Bug 1459	Jeremy Harris
	Requires GnuTLS version 3.1.3 or later. Under EXPERIMENTAL_OCSP
2013-03-25	OCSP-stapling enhancement and testing.	Jeremy Harris
	Server: Honor environment variable as well as running_in_test_harness in permitting bogus staplings Update server tests Add "-ocsp" option to client-ssl. Server side: add verification of stapled status. First cut server-mode ocsp testing. Fix some uninitialized ocsp-related data. Client (new): Verify stapling using only the chain that verified the server cert, not any acceptable chain. Add check for multiple responses in a stapling, which is not handled Refuse verification on expired and revoking staplings. Handle OCSP client refusal on lack of stapling from server. More fixing in client OCSP: use the server cert signing chain to verify the OCSP info. Add transport hosts_require_ocsp option. Log stapling responses. Start on tests for client-side. Testing support: Add CRL generation code and documentation update Initial CA & certificate set for testing. BUGFIX: Once a single OCSP response has been extracted the validation routine return code is no longer about the structure, but the actual returned OCSP status.
2012-05-17	Make test-suite client cmd -t<timeout> actually work	Phil Pennock

2012-05-17	More GnuTLS cleanups/fixes.	Phil Pennock
	Decided "unknown (reason)" in tls_peerdn was wrong, stripped that, added replacement guard. Moved cipherbuf construction to where it makes more sense, where peerdn is extracted, so that setting the exim vars gets back closer to just some pointer switching. Fix missing failure check after handshake in client. Fix tls.c tls_ungetc() and friends by pointing watermark vars at state content. Regenerated test-suite D-H params so we don't have too small values, which was causing connection rejections. Test-suite output where new test cert info is logged (there will be a couple more, when I fix a lingering problem with tls_peerdn being unset in client log-lines). Give test-suite client command some --help.
2011-06-29	Remove obsolete $Cambridge$ CVS revision strings.	Tony Finch
	I have also de-CVSed the ABOUT files and cleaned up a few introductory comments.
2011-01-21	Test suite: make cf 64-bit compat for -exact.	Phil Pennock
	I assume stdint.h and intptr_t available for any platform where we're running the test suite.
2006-11-07	Stop rewriting addresses as a consequence of CNAMEs, as Exim isn't	Philip Hazel
	supposed to do that (it must have crept in accidentally).
2006-10-16	Remove RSA_EXPORT stuff from the test client.c program in the same way	Philip Hazel
	as it's just been removed from tls-gnutls.c.
2006-02-16	Code tidies to remove stuff that was needed only for the old test suite.	Philip Hazel
	Also, use -odi for bounces when in the test harness, unless queue_only is set.
2006-02-06	CVSing the test suite.	Philip Hazel