exim.git
9 years agoDocs: clarify interaction of DANE and CA-based certificate verification options
Jeremy Harris [Thu, 4 Dec 2014 18:39:28 +0000 (18:39 +0000)]
Docs: clarify interaction of DANE and CA-based certificate verification options

9 years agoTestsuite: add more DANE testcases
Jeremy Harris [Wed, 3 Dec 2014 21:09:54 +0000 (21:09 +0000)]
Testsuite: add more DANE testcases

9 years agoSet previous version in doc XML exim-4_85_RC2
Todd Lyons [Mon, 1 Dec 2014 15:24:17 +0000 (07:24 -0800)]
Set previous version in doc XML

9 years agoDocs: update drweb malware scanner interface description
Jeremy Harris [Sun, 30 Nov 2014 17:34:00 +0000 (17:34 +0000)]
Docs: update drweb malware scanner interface description

9 years agoCompiler quietening. Bug 1555
Jeremy Harris [Sat, 29 Nov 2014 22:20:05 +0000 (22:20 +0000)]
Compiler quietening.  Bug 1555

9 years agoDocument interface to f-protd av_scanner type. Bug 923
Jeremy Harris [Sat, 29 Nov 2014 21:50:23 +0000 (21:50 +0000)]
Document interface to f-protd av_scanner type.  Bug 923

9 years agoTestsuite: treat ECONNRESET the same as ECONNREFUSED on the new connection
Jeremy Harris [Sat, 29 Nov 2014 19:05:28 +0000 (19:05 +0000)]
Testsuite: treat ECONNRESET the same as ECONNREFUSED on the new connection

9 years agoTestsuite: fix feature name
Jeremy Harris [Sat, 29 Nov 2014 17:30:27 +0000 (17:30 +0000)]
Testsuite: fix feature name

9 years agoCompiler quietening
Jeremy Harris [Sat, 29 Nov 2014 16:28:15 +0000 (16:28 +0000)]
Compiler quietening

9 years agoGit: ignore a few more nonsource files
Jeremy Harris [Fri, 28 Nov 2014 19:26:10 +0000 (19:26 +0000)]
Git: ignore a few more nonsource files

9 years agoTestsuite: avoid ipv6 when testing retry data
Jeremy Harris [Fri, 28 Nov 2014 19:10:05 +0000 (19:10 +0000)]
Testsuite: avoid ipv6 when testing retry data
Some test hosts cannot do ipv6.  We assume that ipv4 is available.

9 years agoFix buffer overrun in spam= acl condition. Bug 1552
Jeremy Harris [Thu, 27 Nov 2014 16:26:44 +0000 (16:26 +0000)]
Fix buffer overrun in spam= acl condition.  Bug 1552

9 years agoTestsuite: sort output of retry DB dumps
Jeremy Harris [Wed, 26 Nov 2014 17:40:00 +0000 (17:40 +0000)]
Testsuite: sort output of retry DB dumps

Different systems will have dump output in different order
so to tidy up the Solaris runs, sort pairs of lines by the
leading "word".

10 years agoTestsuite: "echo -n" portability - use printf(1) if possible
Jeremy Harris [Tue, 25 Nov 2014 22:12:42 +0000 (22:12 +0000)]
Testsuite: "echo -n" portability - use printf(1) if possible

10 years agoError the build if DANE included but DNSSEC not available
Jeremy Harris [Tue, 25 Nov 2014 17:11:50 +0000 (17:11 +0000)]
Error the build if DANE included but DNSSEC not available

10 years agoDocs typo in index entry. Fixes: #1551
Nigel Metheringham [Tue, 25 Nov 2014 08:46:52 +0000 (08:46 +0000)]
Docs typo in index entry. Fixes: #1551

10 years agoDocument OpenSSL behaviour on system default CA bundle
Jeremy Harris [Sun, 23 Nov 2014 16:16:11 +0000 (16:16 +0000)]
Document OpenSSL behaviour on system default CA bundle

10 years agoDocs: fix missing quotes
Jeremy Harris [Sat, 22 Nov 2014 19:19:09 +0000 (19:19 +0000)]
Docs: fix missing quotes

10 years agoDocs: crossref $sending_ip_address. Bug 1319
Jeremy Harris [Fri, 21 Nov 2014 16:52:38 +0000 (16:52 +0000)]
Docs: crossref $sending_ip_address.  Bug 1319

10 years agoTestsuite: case 0601 logging ordering
Jeremy Harris [Fri, 21 Nov 2014 15:12:17 +0000 (15:12 +0000)]
Testsuite: case 0601 logging ordering

10 years agoUpdate RFC conformance notes
Jeremy Harris [Fri, 21 Nov 2014 13:52:22 +0000 (13:52 +0000)]
Update RFC conformance notes

10 years agoTestsuite: debugging Solaris run ordering issue. Log +received_recipients
Jeremy Harris [Fri, 21 Nov 2014 13:21:48 +0000 (13:21 +0000)]
Testsuite: debugging Solaris run ordering issue. Log +received_recipients

10 years agoWhen following a CNAME chain, if any lookup is insecure the whole must be too
Jeremy Harris [Thu, 20 Nov 2014 20:17:32 +0000 (20:17 +0000)]
When following a CNAME chain, if any lookup is insecure the whole must be too

10 years agoConst-ification
Jeremy Harris [Thu, 20 Nov 2014 20:16:58 +0000 (20:16 +0000)]
Const-ification

10 years agoConst-ification
Jeremy Harris [Thu, 20 Nov 2014 16:14:47 +0000 (16:14 +0000)]
Const-ification

10 years agoFix copying of host_used in smtp transport
Jeremy Harris [Thu, 20 Nov 2014 16:46:48 +0000 (16:46 +0000)]
Fix copying of host_used in smtp transport

Following c562f "More regular logging use of H=<name> [<ip>]" there
were error cases where a host-item that was being expanded per-call
was used.  Move the copy earlier so these are covered.

10 years agoTestsuite: msglog files
Jeremy Harris [Tue, 18 Nov 2014 19:56:44 +0000 (19:56 +0000)]
Testsuite: msglog files

10 years agoCompiler quietening
Jeremy Harris [Tue, 18 Nov 2014 19:43:09 +0000 (19:43 +0000)]
Compiler quietening

10 years agoFix debug output of name of transport option list being matched
Jeremy Harris [Sun, 16 Nov 2014 20:57:10 +0000 (20:57 +0000)]
Fix debug output of name of transport option list being matched

10 years agoTest case for retry_include_ip_address
Jeremy Harris [Sat, 15 Nov 2014 21:11:23 +0000 (21:11 +0000)]
Test case for retry_include_ip_address

10 years agodocs typo
Jeremy Harris [Sun, 16 Nov 2014 13:54:01 +0000 (13:54 +0000)]
docs typo

10 years agoAdd items to NewStuff exim-4_85_RC1
Todd Lyons [Thu, 13 Nov 2014 21:15:13 +0000 (13:15 -0800)]
Add items to NewStuff

10 years agoChangeLog entries for minor feates and fixes since 4.84
Jeremy Harris [Thu, 13 Nov 2014 17:14:09 +0000 (17:14 +0000)]
ChangeLog entries for minor feates and fixes since 4.84

10 years agoMove DANE desgin doc, drop extra dane drafts
Todd Lyons [Wed, 12 Nov 2014 17:23:24 +0000 (09:23 -0800)]
Move DANE desgin doc, drop extra dane drafts

10 years agoTestsuite: munge for unrelated test affected by EXPERIMENTAL_CERTNAMES
Jeremy Harris [Wed, 12 Nov 2014 15:49:28 +0000 (15:49 +0000)]
Testsuite: munge for unrelated test affected by EXPERIMENTAL_CERTNAMES

10 years agoTestsuite: 0393 intermittently spits an extra stderr line. Unimportant
Jeremy Harris [Wed, 12 Nov 2014 14:47:01 +0000 (14:47 +0000)]
Testsuite: 0393 intermittently spits an extra stderr line. Unimportant
for the testcase, so ignore it.

10 years agoHandle UTC vs specified-timezone for certificate extractors. Bug 1541
Jeremy Harris [Mon, 10 Nov 2014 16:41:12 +0000 (16:41 +0000)]
Handle UTC vs specified-timezone for certificate extractors.  Bug 1541

10 years agoTestsuite: additional dns zone for certificate name testing
Jeremy Harris [Sat, 8 Nov 2014 23:45:00 +0000 (23:45 +0000)]
Testsuite: additional dns zone for certificate name testing

10 years agoFix smtp transport certificate-verification option matching to use correct host
Jeremy Harris [Sat, 8 Nov 2014 13:24:21 +0000 (13:24 +0000)]
Fix smtp transport certificate-verification option matching to use correct host
Fix certificate name verification done with tls_try_verify_hosts

Affected tls_verify_hosts, tls_try_verify_hosts, tls_verify_cert_hostnames.

10 years agoEXPERIMENTAL_CERTNAMES: Hostlist for cert name checks should match host
Jeremy Harris [Thu, 6 Nov 2014 21:22:18 +0000 (21:22 +0000)]
EXPERIMENTAL_CERTNAMES: Hostlist for cert name checks should match host
connected-to, not be list of acceptable names.  The name checked is the
host name.

10 years agoDo not permit multi-component wildcards on certificate names (OpenSSL, EXPERIMENTAL_C...
Jeremy Harris [Wed, 5 Nov 2014 18:24:00 +0000 (18:24 +0000)]
Do not permit multi-component wildcards on certificate names (OpenSSL, EXPERIMENTAL_CERTNAMES)

10 years agoDo not permit multi-component wildcards on certificate names (OpenSSL)
Jeremy Harris [Sun, 26 Oct 2014 21:06:46 +0000 (21:06 +0000)]
Do not permit multi-component wildcards on certificate names (OpenSSL)

10 years agoAdd doc examples for disabling SSLv3
Jeremy Harris [Wed, 5 Nov 2014 17:31:34 +0000 (17:31 +0000)]
Add doc examples for disabling SSLv3

10 years agoFix dnssec indication variable when used from verify-callout smtp:commect event
Jeremy Harris [Tue, 4 Nov 2014 15:13:00 +0000 (15:13 +0000)]
Fix dnssec indication variable when used from verify-callout smtp:commect event

10 years agoTweak docs on difference between "local" and "remote" source messages
Jeremy Harris [Mon, 3 Nov 2014 15:48:31 +0000 (15:48 +0000)]
Tweak docs on difference between "local" and "remote" source messages

10 years agoTestsuite: tidying
Jeremy Harris [Mon, 3 Nov 2014 15:48:15 +0000 (15:48 +0000)]
Testsuite: tidying

10 years agoTestsuite: tidying
Jeremy Harris [Sat, 1 Nov 2014 11:37:36 +0000 (11:37 +0000)]
Testsuite: tidying

10 years agoFix cert-try-verify when denied by event action
Jeremy Harris [Thu, 30 Oct 2014 20:48:02 +0000 (20:48 +0000)]
Fix cert-try-verify when denied by event action

10 years agoTest suite: disable OCSP for old openssl part 3
Jeremy Harris [Thu, 30 Oct 2014 20:32:14 +0000 (20:32 +0000)]
Test suite: disable OCSP for old openssl part 3

10 years agoFix dnssec indication variable when used from smtp:commect event
Jeremy Harris [Thu, 30 Oct 2014 18:52:45 +0000 (18:52 +0000)]
Fix dnssec indication variable when used from smtp:commect event

10 years agoFor connects and certificate-verifies denied by event actions, log
Jeremy Harris [Thu, 30 Oct 2014 12:12:31 +0000 (12:12 +0000)]
For connects and certificate-verifies denied by event actions, log
the string resulting from the event expansion

10 years agoTest suite: disable OCSP for old openssl part 2
Todd Lyons [Wed, 29 Oct 2014 14:50:41 +0000 (07:50 -0700)]
Test suite: disable OCSP for old openssl part 2

Make sure to only disable this if building for openssl, allow gnutls
  to build with OCSP for all versions that support it.

10 years agoTest suite: disable OCSP for old OpenSSL versions
Todd Lyons [Wed, 29 Oct 2014 14:26:17 +0000 (07:26 -0700)]
Test suite: disable OCSP for old OpenSSL versions

OpenSSL 0.9.8 in CentOS 5.x has early OCSP support, but not stapling
  so just completely disable OCSP using the same logic that exists
  in tls-openssl.c.

10 years agoTestsuite: compiler quietening
Jeremy Harris [Wed, 29 Oct 2014 12:57:55 +0000 (12:57 +0000)]
Testsuite: compiler quietening

10 years agoTestsuite: tidying
Jeremy Harris [Wed, 29 Oct 2014 12:57:00 +0000 (12:57 +0000)]
Testsuite: tidying

10 years agoTestsuite: compiler quietening
Jeremy Harris [Tue, 28 Oct 2014 14:42:10 +0000 (14:42 +0000)]
Testsuite: compiler quietening

10 years agoTestsuite: output changes for ipv6
Jeremy Harris [Sun, 26 Oct 2014 23:35:32 +0000 (23:35 +0000)]
Testsuite: output changes for ipv6

10 years agoDo not claim OCSP support when compiled with too-old GnuTLS version
Jeremy Harris [Sun, 26 Oct 2014 22:57:00 +0000 (22:57 +0000)]
Do not claim OCSP support when compiled with too-old GnuTLS version

10 years agoFix cert-try-verify when denied by event action
Jeremy Harris [Sun, 26 Oct 2014 22:14:03 +0000 (22:14 +0000)]
Fix cert-try-verify when denied by event action

10 years agoTestcase 0601: move udpsend action from connect to rcpt ACL
Jeremy Harris [Sun, 26 Oct 2014 17:37:52 +0000 (17:37 +0000)]
Testcase 0601: move udpsend action from connect to rcpt ACL

Some test runs were seeing the receiving perl output before the exim startup banner;
try to get the udpsend to happpen after the banner gets a chance to be emitted.

10 years agoTestsuite: increase default "client" utility connect timeout from 1 to 5 seconds
Jeremy Harris [Sun, 26 Oct 2014 17:48:33 +0000 (17:48 +0000)]
Testsuite: increase default "client" utility connect timeout from 1 to 5 seconds

10 years agoTestsuite: use different exit codes for various fail modes of "client" utility
Jeremy Harris [Sun, 26 Oct 2014 17:29:24 +0000 (17:29 +0000)]
Testsuite: use different exit codes for various fail modes of "client" utility

10 years agoFix feature-ifdef for OpenSSL builtin certname checking
Jeremy Harris [Sun, 26 Oct 2014 17:15:20 +0000 (17:15 +0000)]
Fix feature-ifdef for OpenSSL builtin certname checking

10 years agoTestsuite: extend timeout on troublesom test
Jeremy Harris [Sun, 26 Oct 2014 15:51:55 +0000 (15:51 +0000)]
Testsuite: extend timeout on troublesom test

Testcase 0035 persistently fails with "status 99" on some buildfarm
animals.  Try extending the connect timeout used by the "client" utility
to see if this helps.

10 years agoExpand commentary on certificate files
Jeremy Harris [Sun, 26 Oct 2014 14:54:28 +0000 (14:54 +0000)]
Expand commentary on certificate files

10 years agoAdd event for inbound cert visibility
Jeremy Harris [Thu, 23 Oct 2014 17:22:33 +0000 (18:22 +0100)]
Add event for inbound cert visibility

10 years agoMake transport name available in verify-callouts. Add verify_mode variable
Jeremy Harris [Thu, 23 Oct 2014 17:18:43 +0000 (18:18 +0100)]
Make transport name available in verify-callouts.  Add verify_mode variable

10 years agoRename facility to Event Actions, ifdeffed on EXPERIMENTAL_EVENT
Jeremy Harris [Sat, 18 Oct 2014 19:38:07 +0000 (20:38 +0100)]
Rename facility to Event Actions, ifdeffed on EXPERIMENTAL_EVENT

10 years agoTestsuite: more portable implementation of "showenv"
Jeremy Harris [Fri, 24 Oct 2014 10:12:20 +0000 (11:12 +0100)]
Testsuite: more portable implementation of "showenv"

At least one Solaris installation seems not to have "whoami"

10 years agoTest suite continue past unexpected client errors
Todd Lyons [Thu, 23 Oct 2014 19:27:41 +0000 (12:27 -0700)]
Test suite continue past unexpected client errors

10 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Wed, 22 Oct 2014 19:40:33 +0000 (12:40 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

10 years agoFix labels in testsuite conf files
Todd Lyons [Wed, 22 Oct 2014 19:40:08 +0000 (12:40 -0700)]
Fix labels in testsuite conf files

10 years agoMake $host available in tpda delivery event, for cutthrough. Bug 1529
Jeremy Harris [Sun, 12 Oct 2014 16:51:56 +0000 (17:51 +0100)]
Make $host available in tpda delivery event, for cutthrough.  Bug 1529

10 years agoMore regular logging use of H=<name> [<ip>]
Jeremy Harris [Thu, 25 Sep 2014 21:20:33 +0000 (22:20 +0100)]
More regular logging use of H=<name> [<ip>]

Note this may affect utilities which parse logs.

10 years agoTestsuite outputs: ipv6
Jeremy Harris [Wed, 22 Oct 2014 12:41:57 +0000 (13:41 +0100)]
Testsuite outputs: ipv6

10 years agoCompiler quietening
Jeremy Harris [Sat, 18 Oct 2014 17:51:16 +0000 (18:51 +0100)]
Compiler quietening

10 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Mon, 20 Oct 2014 14:16:04 +0000 (07:16 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

10 years agoTest suite: completely omit 127/8 IPs
Todd Lyons [Mon, 20 Oct 2014 14:14:42 +0000 (07:14 -0700)]
Test suite: completely omit 127/8 IPs

10 years agoHandle certificate dir under GnuTLS, if recent enough
Jeremy Harris [Thu, 16 Oct 2014 18:11:45 +0000 (19:11 +0100)]
Handle certificate dir under GnuTLS, if recent enough
Add testcases for certificate directories

The GnuTLS implementation has been tested on Fedora 21 (alpha),
using GnuTLS 3.3.9.  The testsuite case is here but with the
script commented-out.  When enabled, the log/mail/stdout/stderr
files will be created fresh.

10 years agoTestsuite output gnutls changes resulting from munging for openssl
Jeremy Harris [Sun, 12 Oct 2014 22:43:48 +0000 (23:43 +0100)]
Testsuite output gnutls changes resulting from munging for openssl
version differences

10 years agoMake dnssec status available in tpda delivery event, for cutthrough
Jeremy Harris [Sun, 12 Oct 2014 21:11:41 +0000 (22:11 +0100)]
Make dnssec status available in tpda delivery event, for cutthrough

10 years agoQuieten noisy compiler
Jeremy Harris [Sun, 12 Oct 2014 17:18:51 +0000 (18:18 +0100)]
Quieten noisy compiler

As usual, gcc whining that perfectly valid C coding is
"ambiguous".  Wrongly.

10 years agoRemove limit on remove_headers item size. Bug 1533
Jeremy Harris [Sun, 5 Oct 2014 20:31:20 +0000 (21:31 +0100)]
Remove limit on remove_headers item size. Bug 1533

10 years agoFix Solaris build
Jeremy Harris [Mon, 29 Sep 2014 10:50:06 +0000 (11:50 +0100)]
Fix Solaris build

10 years agoDoc notes on expansion ordering
Jeremy Harris [Mon, 29 Sep 2014 10:49:35 +0000 (11:49 +0100)]
Doc notes on expansion ordering

10 years agoMore testsuite variance between OpenSSL library versions
Jeremy Harris [Sun, 28 Sep 2014 16:58:38 +0000 (17:58 +0100)]
More testsuite variance between OpenSSL library versions

10 years agoFix transport-results pipe for multiple recipients combined with certs.
Wolfgang Breyha [Sun, 28 Sep 2014 12:40:45 +0000 (13:40 +0100)]
Fix transport-results pipe for multiple recipients combined with certs.

The previous parsing failed when a result item split over a buffer boundary;
fix by prefixing sizes to items, and checking enough has been read as the
initial parsing stage.

10 years agoClarify error message for host-connect fail. Bug 1505
Jeremy Harris [Tue, 16 Sep 2014 15:58:04 +0000 (16:58 +0100)]
Clarify error message for host-connect fail.  Bug 1505

10 years agoAmplify comment on server requests for client certificates
Jeremy Harris [Sun, 21 Sep 2014 16:59:44 +0000 (17:59 +0100)]
Amplify comment on server requests for client certificates

10 years agoChangeLog for Github Issue 18
Todd Lyons [Tue, 23 Sep 2014 12:11:48 +0000 (05:11 -0700)]
ChangeLog for Github Issue 18

10 years agoMerge remote-tracking branch 'exim_github/pr/18'
Todd Lyons [Tue, 23 Sep 2014 12:09:15 +0000 (05:09 -0700)]
Merge remote-tracking branch 'exim_github/pr/18'

10 years agoFix kill commandline for Solaris compatibility #2
Todd Lyons [Thu, 18 Sep 2014 16:02:17 +0000 (09:02 -0700)]
Fix kill commandline for Solaris compatibility #2

10 years agoFix kill commandline for Solaris compatibility
Todd Lyons [Thu, 18 Sep 2014 14:47:22 +0000 (07:47 -0700)]
Fix kill commandline for Solaris compatibility

10 years agoReplace use of index() with Ustrchr()
Jeremy Harris [Tue, 16 Sep 2014 13:59:54 +0000 (14:59 +0100)]
Replace use of index() with Ustrchr()

10 years agoRestrict dane to DANE-TA(2) and DANE-EE(3) usage TLSA records
Jeremy Harris [Sat, 13 Sep 2014 13:55:57 +0000 (14:55 +0100)]
Restrict dane to DANE-TA(2) and DANE-EE(3) usage TLSA records
Also, just ignore TLSA records with unsipported match types.

10 years agoFix needless OCSP request under DANE
Jeremy Harris [Fri, 12 Sep 2014 20:13:47 +0000 (21:13 +0100)]
Fix needless OCSP request under DANE
usage 3 and with require_ocsp in play though inactive

10 years agoBug 1216: Add -M (related) to exigrep.
Todd Lyons [Fri, 12 Sep 2014 13:22:24 +0000 (06:22 -0700)]
Bug 1216: Add -M (related) to exigrep.

Thanks to Arkadiusz for pointing out that this was never merged.

10 years agoFix ldap lookup for single-attr request, multiple-attr return. Bug 1521
Heiko Schlittermann [Thu, 11 Sep 2014 21:25:51 +0000 (22:25 +0100)]
Fix ldap lookup for single-attr request, multiple-attr return. Bug 1521

Exim documented behaviour is that the single-request case controls
the output format (by not labelling attributes with names).
The code is broken for the case where attrs B, C are derived from A
and A is requested (and the LDAP server used isn't buggy here; some
are and only return A rather than A, B, C).

10 years agoAdd debug for number of CA certs, for OpenSSL/file load
Jeremy Harris [Thu, 11 Sep 2014 20:41:12 +0000 (21:41 +0100)]
Add debug for number of CA certs, for OpenSSL/file load

10 years agoFix undersized buffer use by eximon. Bug 1527
Jeremy Harris [Wed, 10 Sep 2014 13:26:58 +0000 (14:26 +0100)]
Fix undersized buffer use by eximon.  Bug 1527

The long spoolfile line now used for certificate info was too big,
resulting in an apparent syntax error in the file.
Apart from using a decent size, do autogrow in case of immense
certificates.