From: Wolfgang Breyha <wbreyha@gmx.net>
Date: Sat, 15 Mar 2014 14:16:05 +0000 (+0000)
Subject: Add tls_verify_hosts and tls_try_verify_hosts to smtp transport.  Bug 1371
X-Git-Tag: exim-4_83_RC1~68
X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=commitdiff_plain;h=e8793bad207763b266bedcb9d859e238b6a3a04e

Add tls_verify_hosts and tls_try_verify_hosts to smtp transport.  Bug 1371

Code by Wolfgang Breyha, docs and testsuite by Jeremy Harris
---

e8793bad207763b266bedcb9d859e238b6a3a04e
diff --cc doc/doc-txt/ChangeLog
index 04a7ce02e,c1640f73a..c29f21cbf
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@@ -32,30 -32,8 +32,32 @@@ JH/02 Add ${listextract {number}{list}{
  TL/03 Bugzilla 1433: Fix DMARC SEGV with specific From header contents.
        Properly escape header and check for NULL return.
  
 -JH/03 Add tls_{,try_}verify_hosts to smtp transport. OpenSSL only.
 +PP/01 Continue incomplete 4.82 PP/19 by fixing docs too: use dns_dnssec_ok
 +      not dns_use_dnssec.
 +
 +JH/03 Bugzilla 1157: support log_selector smtp_confirmation for lmtp.
 +
 +TL/04 Add verify = header_names_ascii check to reject email with non-ASCII
 +      characters in header names, implemented as a verify condition.
 +      Contributed by Michael Fischer v. Mollard.
 +
 +TL/05 Rename SPF condition results err_perm and err_temp to standardized
 +      results permerror and temperror. Is a backward incompatibility if
 +      the ACL tests for either of these two results. Patch contributed by
 +      user bes-internal on the mailing list.
 +
 +JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
 +
 +JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
 +      selectors, in both main and reject logs.
 +
 +JH/06 Log outbound-TLS and port details, subject to log selectors, for a
 +      failed delivery.
 +
 +JH/07 Add malware type "sock" for talking to simple daemon.
 +
++JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport. OpenSSL only.
+ 
  
  Exim version 4.82
  -----------------
diff --cc doc/doc-txt/NewStuff
index c4de902c0,e4f2e29a1..95b4119d1
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@@ -14,19 -14,11 +14,24 @@@ Version 4.8
      actual external source IP:host be used in exim instead of the IP of the
      proxy that is connecting to it.
  
 - 2. When built with OpenSSL the smtp transport now supports options
 + 2. New verify option header_names_ascii, which will check to make sure
 +    there are no non-ASCII characters in header names.  Exim itself handles
 +    those non-ASCII characters, but downstream apps may not, so Exim can
 +    detect and reject if those characters are present.
 +
 + 3. New expansion operator ${utf8clean:string} to replace malformed UTF8
 +    codepoints with valid ones.
 +
 + 4. New malware type "sock".  Talks over a Unix or TCP socket, sending one
 +    command line and matching a regex against the return data for trigger
 +    and a second regex to extract malware_name.  The mail spoofile name can
 +    be included in the command line.
 +
++ 5. When built with OpenSSL the smtp transport now supports options
+     "tls_verify_hosts" and "tls_try_verify_hosts".  If either is set the
+     certificate verification is split from the encryption operation. The
+     default remains that a failed verification cancels the encryption.
+ 
  
  Version 4.82
  ------------