| Age | Commit message (Collapse) | Author |
|---|
|
Includes docs and test suite
|
|
Requires GnuTLS version 3.1.3 or later.
Under EXPERIMENTAL_OCSP
|
|
|
|
GnuTLS early versions (pre 3.0.0 ?) fail to send a reasonable
client-cert request when tls_verify_certificates is an empty file.
Since the test is for missing *server* certs (tls_certificate)
avoid this by pointing to a real (if non-verifying) cert in
tls_verify_certificates.
|
|
by restricting operations and logging to fewer items of interest
|
|
|
|
|
|
The split of these variables into _in and _out sets introduced by d9b231
in 4.82 was incomplete, leaving the deprecated legacy variables nonfunctional
during a transport and associated client authenticator.
Fix by repointing the legacy set to the outbound connection set at
transport startup (and do not clear out the inbound set at this
time, either).
|
|
When built with TLS support, non-TLS connections not resulting in mail transfer were crashing while
building a log line. Fix by not returning a non-extensible string from the routine added in 67d81c1.
|
|
As a side-effect, playing games with newlines no longer gives an altered message body/
Testcase 0324 is questionable (though passing)
|
|
|
|
|
|
|
|
Fix conditional "bool{<string>}" for negative number values, to match.
|
|
|
|
Code by Wolfgang Breyha, docs and testsuite by Jeremy Harris
|
|
|
|
|
|
|
|
Documentation and test included.
Fixed Conflicts:
doc/doc-txt/ChangeLog
|
|
|
|
|
|
|
|
As of s11, Solaris & derivatives need libsocket and libnsl. Ensure they are searched for
by autoconfig. This seems to be successfully ignored on Linux.
Credit to Dave Edmondson (dme@dme.org) for the fix.
|
|
|
|
|
|
Test 533 fails if there are any upper case chars in the path to the
test suite. Added caseful_local_part=true to the router which calls
the pipe.
|
|
|
|
|
|
Details at: http://comments.gmane.org/gmane.mail.exim.user/91154
Add ignore for a logfile from test run.
|
|
Remove whitespace
|
|
|
|
Previously we skipped parsing the ACL section when not needed. Now it is
potentially needed in all cases. The skip was ~5% faster than a full parse
so probably not a large part of the exim process startup.
Fix up testsuite output files affected by the removal and add a regression test.
|
|
|
|
|
|
Refactored smtp transport to pull out AUTH-related routines so they could be
also called from the verify code.
Bugs 321, 823.
|
|
Changes the $more variable to just cat the changes to STDOUT and not
pipe it through less or more.
|
|
|
|
* ocsp_staple_rollup:
tidying
OCSP-stapling enhancement and testing.
|
|
|
|
Server:
Honor environment variable as well as running_in_test_harness in permitting bogus staplings
Update server tests
Add "-ocsp" option to client-ssl.
Server side: add verification of stapled status.
First cut server-mode ocsp testing.
Fix some uninitialized ocsp-related data.
Client (new):
Verify stapling using only the chain that verified the server cert, not any acceptable chain.
Add check for multiple responses in a stapling, which is not handled
Refuse verification on expired and revoking staplings.
Handle OCSP client refusal on lack of stapling from server.
More fixing in client OCSP: use the server cert signing chain to verify the OCSP info.
Add transport hosts_require_ocsp option.
Log stapling responses.
Start on tests for client-side.
Testing support:
Add CRL generation code and documentation update
Initial CA & certificate set for testing.
BUGFIX:
Once a single OCSP response has been extracted the validation
routine return code is no longer about the structure, but the actual
returned OCSP status.
|
|
|
|
The router name is explicitly nulled after the router exits;
the transport name is set only in the subprocess it runs in.
|
|
|
|
|
|
|
|
|
|
|
|
Most of these are due to the changes in the logging of
ultimate timeout checks.
Test 0548 is more meaningfully affected. The test originally
failed to spot that the recipient-specific deferrals pushed
past the ultimate retry timeout.
|
|
|
