exim.git
11 years agoUpdate copyright year in exim -bV output
Todd Lyons [Tue, 15 Oct 2013 12:18:31 +0000 (05:18 -0700)]
Update copyright year in exim -bV output

11 years agoFix listnamed doc typos
Jeremy Harris [Sun, 13 Oct 2013 21:29:04 +0000 (22:29 +0100)]
Fix listnamed doc typos

11 years agoCross-ref av_scanner syntax to list syntax
Jeremy Harris [Sun, 13 Oct 2013 13:34:35 +0000 (14:34 +0100)]
Cross-ref av_scanner syntax to list syntax

11 years agoAdded missing .new/.wen in spec.xpft exim-4_82_RC3
Todd Lyons [Wed, 9 Oct 2013 20:40:49 +0000 (13:40 -0700)]
Added missing .new/.wen in spec.xpft

11 years agoDocumentation for multiple TCP clamd servers
Todd Lyons [Wed, 9 Oct 2013 15:48:39 +0000 (08:48 -0700)]
Documentation for multiple TCP clamd servers

11 years agoImported Bug 1057 multiple clamd patch from PLD repo
Todd Lyons [Fri, 9 Nov 2012 22:28:37 +0000 (14:28 -0800)]
Imported Bug 1057 multiple clamd patch from PLD repo

11 years agoBug 1150: Enhance docs for ${addresses:} expansion
Todd Lyons [Tue, 8 Oct 2013 18:00:33 +0000 (11:00 -0700)]
Bug 1150: Enhance docs for ${addresses:} expansion

11 years agoFix TPDA text.
Jeremy Harris [Mon, 7 Oct 2013 19:47:54 +0000 (20:47 +0100)]
Fix TPDA text.
Credit Axel Rau for careful proofreading.

11 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Mon, 7 Oct 2013 02:31:57 +0000 (19:31 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

11 years agoBug 1289: Clarify host list processing failures
Todd Lyons [Mon, 7 Oct 2013 02:21:55 +0000 (19:21 -0700)]
Bug 1289: Clarify host list processing failures

Enhance explanation of +ignore_unknown.

11 years agoTypo in docs: routing rules mentioned in retry rules section. Bug 1349
Jeremy Harris [Sun, 6 Oct 2013 17:31:15 +0000 (18:31 +0100)]
Typo in docs: routing rules mentioned in retry rules section.  Bug 1349

11 years agoMake smtp_accept_max_per_connection option text searchable. Bug 1361
Jeremy Harris [Sun, 6 Oct 2013 17:05:48 +0000 (18:05 +0100)]
Make smtp_accept_max_per_connection option text searchable. Bug 1361

Same fix as for 1197; abandon attempt to permit intelligent wrapping of the text

11 years agoAdd exiqsumm fix to ChangeLog
Todd Lyons [Sat, 5 Oct 2013 15:41:29 +0000 (08:41 -0700)]
Add exiqsumm fix to ChangeLog

11 years agoFix exiqsumm output for single queue item.
Todd Lyons [Sat, 5 Oct 2013 15:31:49 +0000 (08:31 -0700)]
Fix exiqsumm output for single queue item.

Patch from Richard Hall, with one minor addition to prevent
  uninitialized value error during output.

11 years agoBug 1392: Change status text when no dmarc record
Wolfgang Breyha [Fri, 4 Oct 2013 20:02:44 +0000 (13:02 -0700)]
Bug 1392: Change status text when no dmarc record

11 years agoFix DKIM variable name in documentation.
Ted Cooper [Fri, 4 Oct 2013 00:17:19 +0000 (10:17 +1000)]
Fix DKIM variable name in documentation.

11 years agoPrint tarball names in debug mode too
Todd Lyons [Thu, 3 Oct 2013 23:35:05 +0000 (16:35 -0700)]
Print tarball names in debug mode too

11 years agoFilter xfpt needs new macro too
Todd Lyons [Thu, 3 Oct 2013 23:29:52 +0000 (16:29 -0700)]
Filter xfpt needs new macro too

11 years agoFinish the xfpt fix.
Phil Pennock [Thu, 3 Oct 2013 20:13:52 +0000 (16:13 -0400)]
Finish the xfpt fix.

The readers of the version expect no surrounding whitespace; putting the
content in-place requires macro expansion, which requires that .literal
mode be `layout` or `off`, but either of those will escape the XML angle
brackets.  The easiest fix is to generate the XML as part of the macro
definition.

Moved local_params rules out of Makefile and into GenLocalParams

11 years agoBug 1389: Initialize and clear variables
Todd Lyons [Thu, 3 Oct 2013 23:24:14 +0000 (16:24 -0700)]
Bug 1389: Initialize and clear variables

11 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Thu, 3 Oct 2013 23:11:04 +0000 (16:11 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

11 years agoUnbreak HTML build for RC candidates.
Phil Pennock [Thu, 3 Oct 2013 18:50:09 +0000 (14:50 -0400)]
Unbreak HTML build for RC candidates.

The HTML build now uses the website repo, which extracts the version
number from the XML (generated from the .xfpt).  Meanwhile, commit
2aee48d6 made the version number in the build process dynamic, taking
the value from the release script (via an environ variable).

This change fixes the invocation to pass the version _without_ an RC
suffix to the XML build, letting HTML generation happen.

11 years agoMention Redis lookup in NewStuff
Todd Lyons [Thu, 3 Oct 2013 16:34:44 +0000 (09:34 -0700)]
Mention Redis lookup in NewStuff

11 years agoSetting LC_ALL with make overrode this sort check exim-4_82_RC2
Todd Lyons [Thu, 3 Oct 2013 13:42:26 +0000 (06:42 -0700)]
Setting LC_ALL with make overrode this sort check

11 years agoFix docbook paths for xml generation
Todd Lyons [Thu, 3 Oct 2013 02:21:22 +0000 (19:21 -0700)]
Fix docbook paths for xml generation

11 years agoBugzilla 1217: Experimental Redis lookup
Todd Lyons [Tue, 1 Oct 2013 16:24:19 +0000 (09:24 -0700)]
Bugzilla 1217: Experimental Redis lookup

Add want_experimental() test in the script to create the lookups
  Makefile to ease detection of requested Experimental features, and
  simplify the #ifdef guards in the redis.c.

11 years agoDo not use MSG_NOSIGNAL on send() in ${udpsend}
Jeremy Harris [Mon, 30 Sep 2013 19:24:13 +0000 (20:24 +0100)]
Do not use MSG_NOSIGNAL on send() in ${udpsend}

Some non-Posix systems don't define it.  Anyway, Exim ignores SIGPIPE for most purposes.

11 years agoMerge branch 'patch-3' of https://github.com/bes-internal/exim into master_dmarc_doc
Todd Lyons [Mon, 30 Sep 2013 19:55:44 +0000 (12:55 -0700)]
Merge branch 'patch-3' of https://github.com/bes-internal/exim into master_dmarc_doc

11 years agoAdded documentation of features, acknowledgements
Todd Lyons [Mon, 30 Sep 2013 18:56:42 +0000 (11:56 -0700)]
Added documentation of features, acknowledgements

11 years agoAdd ratelimit doc addition to ChangeLog
Todd Lyons [Mon, 30 Sep 2013 18:24:44 +0000 (11:24 -0700)]
Add ratelimit doc addition to ChangeLog

11 years agoTypo re-fix in ratelimit.pl doc
Todd Lyons [Mon, 30 Sep 2013 18:22:58 +0000 (11:22 -0700)]
Typo re-fix in ratelimit.pl doc

11 years agoMerge branch 'patch-1' of https://github.com/bes-internal/exim into master-bes-rateli...
Todd Lyons [Mon, 30 Sep 2013 18:20:46 +0000 (11:20 -0700)]
Merge branch 'patch-1' of https://github.com/bes-internal/exim into master-bes-ratelimit.pl

11 years agoMerge branch 'master_tpda'
Todd Lyons [Mon, 30 Sep 2013 18:10:50 +0000 (11:10 -0700)]
Merge branch 'master_tpda'

11 years agoAdjust test build link paths.
Todd Lyons [Mon, 30 Sep 2013 17:52:50 +0000 (10:52 -0700)]
Adjust test build link paths.

Details at: http://comments.gmane.org/gmane.mail.exim.user/91154
Add ignore for a logfile from test run.

11 years agoBug 1031: Experimental TPDA
Jeremy Harris [Mon, 30 Sep 2013 17:12:12 +0000 (10:12 -0700)]
Bug 1031: Experimental TPDA

Remove whitespace

11 years agoRemove whitespace
Todd Lyons [Mon, 30 Sep 2013 17:08:53 +0000 (10:08 -0700)]
Remove whitespace

11 years agofix dmarc_status condition documentation
bes-internal [Mon, 30 Sep 2013 15:06:06 +0000 (18:06 +0300)]
fix dmarc_status condition documentation

11 years agoFix dovecot with empty 334 challenge.
Phil Pennock [Mon, 30 Sep 2013 04:57:07 +0000 (00:57 -0400)]
Fix dovecot with empty 334 challenge.

Thomas Morper reported, with 4.82RC1, that he saw "334 NULL" as the
challenge when using AUTH PLAIN to Dovecot when the client does not send
an initial response.  I could replicate.

This was caused by commit 3f1df0e3 on 2012-11-19 (PP/13 of 4.82); I was
too cautious in the robustness fixes; the clue came in this line of
debug output:

    76430 dovecot: warning: ignoring trailing tab

This change removes that check, and documents in a comment that this
input is acceptable protocol-wise, and why.

With this fix:

    AUTH PLAIN
    334
    AGZyZWRlcmljAGh1bXB0eS1kdW1wdHk=
    235 Authentication succeeded

11 years agosmall typo
bes-internal [Sat, 28 Sep 2013 18:26:02 +0000 (21:26 +0300)]
small typo

11 years agoCorrect spelling of dmarc_disable_verify
Jeremy Harris [Sat, 28 Sep 2013 12:49:33 +0000 (13:49 +0100)]
Correct spelling of dmarc_disable_verify

11 years agoAdd cscope.files build target
Jeremy Harris [Sat, 28 Sep 2013 12:46:04 +0000 (13:46 +0100)]
Add cscope.files build target

11 years agoFix non-IPv6 compile on v6-less system
Jeremy Harris [Sat, 28 Sep 2013 12:31:43 +0000 (13:31 +0100)]
Fix non-IPv6 compile on v6-less system

11 years agoratelimit.pl: format usage section, print debug to STDERR, add examples
bes-internal [Sat, 28 Sep 2013 11:01:32 +0000 (14:01 +0300)]
ratelimit.pl: format usage section, print debug to STDERR, add examples

11 years agoDocument hexquote & udpsend in NewStuff/ChangeLog
Phil Pennock [Sat, 28 Sep 2013 00:47:52 +0000 (20:47 -0400)]
Document hexquote & udpsend in NewStuff/ChangeLog

Tony documented his new features in 7a5698fa; this change simply adds
them to the list of things that have changed.

11 years agoClarify CL: the CVE security fix already in 4.80.1
Phil Pennock [Thu, 26 Sep 2013 18:18:09 +0000 (11:18 -0700)]
Clarify CL: the CVE security fix already in 4.80.1

On re-reading the text for 4.82, it read as though there were a new
security fix which might require an upgrade.  Clarified that this fix
has already been released (in 4.80.1).

11 years agoAdditions to the NewStuff summary file exim-4_82_RC1
Todd Lyons [Tue, 24 Sep 2013 15:37:29 +0000 (08:37 -0700)]
Additions to the NewStuff summary file

11 years agoAdd documentation for new $authenticated_fail_id
Todd Lyons [Mon, 23 Sep 2013 23:31:31 +0000 (16:31 -0700)]
Add documentation for new $authenticated_fail_id

11 years agoBug 1287 - Fix tls_require_cert
Todd Lyons [Tue, 10 Sep 2013 21:09:51 +0000 (14:09 -0700)]
Bug 1287 - Fix tls_require_cert

11 years agoPrevent TLS rebinding in LDAP connections
Todd Lyons [Wed, 4 Sep 2013 20:22:51 +0000 (13:22 -0700)]
Prevent TLS rebinding in LDAP connections

Bugzilla 1375

11 years agoAdd expansion $authenticated_fail_id
Todd Lyons [Thu, 12 Sep 2013 19:37:39 +0000 (12:37 -0700)]
Add expansion $authenticated_fail_id

11 years agoChangeLog
Jeremy Harris [Sun, 15 Sep 2013 16:42:44 +0000 (17:42 +0100)]
ChangeLog

11 years agoFix numeric comparisons for 64b. Bug 1385
Jeremy Harris [Sun, 15 Sep 2013 15:41:40 +0000 (16:41 +0100)]
Fix numeric comparisons for 64b.  Bug 1385

11 years agoChangeLog is in chronological order within each release.
Phil Pennock [Wed, 4 Sep 2013 21:41:47 +0000 (14:41 -0700)]
ChangeLog is in chronological order within each release.

numbers are sequential, namespaced by users.

11 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Wed, 4 Sep 2013 20:13:57 +0000 (13:13 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

11 years agoMake sender/recipient search case-insensitive
Todd Lyons [Wed, 4 Sep 2013 20:12:54 +0000 (13:12 -0700)]
Make sender/recipient search case-insensitive

11 years agotls_dhparam size constraint suggestions.
Phil Pennock [Wed, 4 Sep 2013 17:58:51 +0000 (10:58 -0700)]
tls_dhparam size constraint suggestions.

Between NSS and Debian patching of older Exim releases, there's a narrow
range of values likely to interoperate well.  Document this.

11 years agoGnuTLS website moves
Phil Pennock [Sun, 1 Sep 2013 22:24:04 +0000 (15:24 -0700)]
GnuTLS website moves

11 years agoFix segfault in stdio with non-SMTP MIME ACL.
Phil Pennock [Wed, 31 Jul 2013 22:50:04 +0000 (18:50 -0400)]
Fix segfault in stdio with non-SMTP MIME ACL.

When injecting a message locally in non-SMTP mode, and with MIME ACLs
configured, if the ACL rejected the message, Exim would try to
`fprintf(NULL, "%s", the_message)`.  This fixes that.

Most ACLs are plumbed in SMTP-only and looking through the others in
receive.c, they all appear to be safely guarded, so it was just this one
that slipped through.

Crash report and assistance tracking down the root cause from Warren
Baker.

11 years agoFix debug output in ${acl }
Jeremy Harris [Sun, 21 Jul 2013 23:06:04 +0000 (00:06 +0100)]
Fix debug output in ${acl }

11 years agoMore tidying of ACL-config skip
Jeremy Harris [Sun, 21 Jul 2013 16:31:55 +0000 (17:31 +0100)]
More tidying of ACL-config skip

11 years agoRemove ACL-config skip so that ${acl } expansions work from queue-runs.
Jeremy Harris [Sun, 21 Jul 2013 11:50:53 +0000 (12:50 +0100)]
Remove ACL-config skip so that ${acl } expansions work from queue-runs.

Previously we skipped parsing the ACL section when not needed.  Now it is
potentially needed in all cases.  The skip was ~5% faster than a full parse
so probably not a large part of the exim process startup.

Fix up testsuite output files affected by the removal and add a regression test.

11 years agoAdd gdb history file to git ignore
Todd Lyons [Fri, 12 Jul 2013 17:04:12 +0000 (10:04 -0700)]
Add gdb history file to git ignore

11 years agoAdd test for ${hexquote:
Jeremy Harris [Tue, 2 Jul 2013 23:07:12 +0000 (00:07 +0100)]
Add test for ${hexquote:

11 years agoAdd notes and helper-script for OCSP
Jeremy Harris [Sun, 30 Jun 2013 14:50:35 +0000 (15:50 +0100)]
Add notes and helper-script for OCSP

11 years agoUse function macro instead of explicit arg cast.
Todd Lyons [Wed, 19 Jun 2013 21:55:03 +0000 (14:55 -0700)]
Use function macro instead of explicit arg cast.

11 years agoQuiet signedness compiler warnings.
Todd Lyons [Wed, 19 Jun 2013 16:36:11 +0000 (09:36 -0700)]
Quiet signedness compiler warnings.

11 years agoSupport safari_ecdhe_ecdsa_bug for openssl_options
Phil Pennock [Mon, 17 Jun 2013 01:32:11 +0000 (21:32 -0400)]
Support safari_ecdhe_ecdsa_bug for openssl_options

11 years agoGuard LDAP TLS usage against Solaris LDAP variant.
Phil Pennock [Mon, 10 Jun 2013 06:50:18 +0000 (02:50 -0400)]
Guard LDAP TLS usage against Solaris LDAP variant.

PP/22
Report from Prashanth Katuri.

This variant ensures that if TLS won't be activated because of
compile-time guards, but was requested, then we at least debug-log _why_
we're not doing anything.

11 years agoFix eximon continuous updating with timestamped log-files.
Phil Pennock [Tue, 4 Jun 2013 21:34:36 +0000 (17:34 -0400)]
Fix eximon continuous updating with timestamped log-files.

Report and fix from Heiko Schlichting.

Fixes 1363.

11 years agoAdd doc comment on use of forany.
Jeremy Harris [Sat, 25 May 2013 19:49:46 +0000 (20:49 +0100)]
Add doc comment on use of forany.

11 years agoreadconf: clarify a retry rule parsing error message
Tony Finch [Fri, 24 May 2013 10:07:46 +0000 (11:07 +0100)]
readconf: clarify a retry rule parsing error message

Submitted by: Paul Osborne <paul.osborne@canterbury.ac.uk>

11 years agoDocumentation for udpsend and ${hexquote:
Tony Finch [Thu, 23 May 2013 15:58:32 +0000 (16:58 +0100)]
Documentation for udpsend and ${hexquote:

11 years agoThe udpsend ACL modifier.
Tony Finch [Fri, 12 Oct 2012 13:54:07 +0000 (14:54 +0100)]
The udpsend ACL modifier.

This is for reporting mailer activity without going via the log files.

11 years ago${hexquote: expansion operator
Tony Finch [Fri, 12 Oct 2012 13:52:28 +0000 (14:52 +0100)]
${hexquote: expansion operator

This converts octets outside the range 0x21-0x7E (the ASCII
graphic characters) to \xNN hex escapes.

11 years agoMerge branch 'callout_auth'
Jeremy Harris [Wed, 22 May 2013 17:49:49 +0000 (18:49 +0100)]
Merge branch 'callout_auth'

11 years agoLog AUTH info on cutthrough deliveries.
Jeremy Harris [Wed, 22 May 2013 00:09:08 +0000 (01:09 +0100)]
Log AUTH info on cutthrough deliveries.

11 years agoTypo in doc source.
Jeremy Harris [Tue, 21 May 2013 17:32:27 +0000 (18:32 +0100)]
Typo in doc source.

11 years agoSupport AUTH for verify-callout and cutthrough-delivery.
Jeremy Harris [Sun, 19 May 2013 17:14:50 +0000 (18:14 +0100)]
Support AUTH for verify-callout and cutthrough-delivery.

Refactored smtp transport to pull out AUTH-related routines so they could be
also called from the verify code.

Bugs 321, 823.

11 years agoAdd compile-time checks for various tables being in alphabetical order.
Jeremy Harris [Sun, 12 May 2013 21:31:36 +0000 (22:31 +0100)]
Add compile-time checks for various tables being in alphabetical order.

This is gross hackery and somewhat fragile.  A better method would
actuallyt compile the 'C' involved and check programmatically.

11 years agoFix dns_retry definition.
Todd Lyons [Wed, 8 May 2013 12:46:00 +0000 (05:46 -0700)]
Fix dns_retry definition.

Was placed in non-alphabetical order.

11 years agoSecurity considerations: running local commands
Phil Pennock [Mon, 6 May 2013 01:32:09 +0000 (21:32 -0400)]
Security considerations: running local commands

Call out the dangers of use_shell in the security considerations
chapter.

Call out a number of related dangers too.

11 years agoUse enum for cutthrough receive processing state.
Jeremy Harris [Sun, 21 Apr 2013 18:21:25 +0000 (19:21 +0100)]
Use enum for cutthrough receive processing state.

11 years agoDocument PRDR, OCSP & DMARC options in OptionLists file.
Jeremy Harris [Sun, 21 Apr 2013 17:59:06 +0000 (18:59 +0100)]
Document PRDR, OCSP & DMARC options in OptionLists file.

11 years agoAdd entry to Changelog.
Todd Lyons [Fri, 19 Apr 2013 21:21:40 +0000 (14:21 -0700)]
Add entry to Changelog.

11 years agoRemove static from local variable declaration.
Todd Lyons [Tue, 16 Apr 2013 20:25:59 +0000 (13:25 -0700)]
Remove static from local variable declaration.

11 years agoFix history file logging to use correct variables
Todd Lyons [Tue, 9 Apr 2013 19:41:50 +0000 (12:41 -0700)]
Fix history file logging to use correct variables

Remove SPF domain synthesis, just use HELO.

11 years agoWithhold TLD load error if not defined in conf
Todd Lyons [Mon, 8 Apr 2013 17:13:28 +0000 (10:13 -0700)]
Withhold TLD load error if not defined in conf

11 years agoMove DKIM endif.
Todd Lyons [Fri, 5 Apr 2013 17:45:55 +0000 (10:45 -0700)]
Move DKIM endif.

Fix a few cosmetic differences.

11 years agoDMARC documentation and license
Todd Lyons [Mon, 1 Apr 2013 18:36:30 +0000 (11:36 -0700)]
DMARC documentation and license

11 years agoDMARC support by opendmarc libs
Todd Lyons [Mon, 1 Apr 2013 18:33:08 +0000 (11:33 -0700)]
DMARC support by opendmarc libs

11 years agoFix runtest -CONTINUE to work everywhere
Todd Lyons [Mon, 8 Apr 2013 17:20:46 +0000 (10:20 -0700)]
Fix runtest -CONTINUE to work everywhere

Changes the $more variable to just cat the changes to STDOUT and not
  pipe it through less or more.

11 years agoDrop mistakenly-added test config
Jeremy Harris [Sun, 7 Apr 2013 16:22:49 +0000 (17:22 +0100)]
Drop mistakenly-added test config

11 years agoMerge branch 'ocsp_staple_rollup'
Jeremy Harris [Sun, 7 Apr 2013 16:09:10 +0000 (17:09 +0100)]
Merge branch 'ocsp_staple_rollup'

* ocsp_staple_rollup:
  tidying
  OCSP-stapling enhancement and testing.

11 years agoUpdate testsuite case 0390 for force_command addition to pipe transport
root [Sun, 7 Apr 2013 13:47:44 +0000 (14:47 +0100)]
Update testsuite case 0390 for force_command addition to pipe transport

11 years agoFix -p doc mention of Perl -pd conflict.
Phil Pennock [Wed, 3 Apr 2013 13:50:32 +0000 (09:50 -0400)]
Fix -p doc mention of Perl -pd conflict.

Reported by Heiko Schlichting.
fixes 1345

11 years agoEnsure OpenSSL entropy state reset across forks.
Phil Pennock [Tue, 2 Apr 2013 16:37:03 +0000 (12:37 -0400)]
Ensure OpenSSL entropy state reset across forks.

Note that this function is never going to be called pre-fork unless the
admin is doing something highly unusual with ${randint:..} in a context
evaluated in the listening daemon.  Other forks should result in a
re-exec(), thus resetting state.

Nonetheless, be more cautious, explicitly reset state.

Fix per PostgreSQL.

PS: why does OpenSSL not document RAND_cleanup() on the same page as all
    the other entropy pool maintenance functions?

11 years agoClean & integrate force_command.
Phil Pennock [Tue, 2 Apr 2013 01:24:14 +0000 (21:24 -0400)]
Clean & integrate force_command.

Work by J. Nick Koston, for cPanel, Inc.

11 years agotidying
Jeremy Harris [Mon, 1 Apr 2013 21:25:45 +0000 (22:25 +0100)]
tidying

11 years agoAdd the force_command option to the pipe transport
J. Nick Koston [Sat, 30 Mar 2013 07:22:53 +0000 (02:22 -0500)]
Add the force_command option to the pipe transport

Normally when a router redirects an address directly to a pipe command
the command option on the transport is ignored.  If force_command
is set, the command option will expanded and used. This is especially
useful for forcing a wrapper or additional argument to be added to the
command.

11 years agoOCSP-stapling enhancement and testing.
Jeremy Harris [Sun, 24 Mar 2013 21:49:12 +0000 (21:49 +0000)]
OCSP-stapling enhancement and testing.

Server:
  Honor environment variable as well as running_in_test_harness in permitting bogus staplings
  Update server tests
  Add "-ocsp" option to client-ssl.
  Server side: add verification of stapled status.
  First cut server-mode ocsp testing.
  Fix some uninitialized ocsp-related data.

Client (new):
  Verify stapling using only the chain that verified the server cert, not any acceptable chain.
  Add check for multiple responses in a stapling, which is not handled
  Refuse verification on expired and revoking staplings.
  Handle OCSP client refusal on lack of stapling from server.
  More fixing in client OCSP: use the server cert signing chain to verify the OCSP info.
  Add transport hosts_require_ocsp option.
  Log stapling responses.
  Start on tests for client-side.

Testing support:
    Add CRL generation code and documentation update
    Initial CA & certificate set for testing.

BUGFIX:
    Once a single OCSP response has been extracted the validation
    routine return code is no longer about the structure, but the actual
    returned OCSP status.