TLS: Enable ECDHE on OpenSSL, just the NIST P-256 curve. Bug 1397
[exim.git] / src / src / tls-openssl.c
2015-05-26 Phil PennockTLS: Enable ECDHE on OpenSSL, just the NIST P-256 curve...
2015-05-16 Jeremy Harristidying
2015-04-22 Jeremy HarrisUTF8: Cert namechecks always use a-label
2015-03-25 Jeremy HarrisFix recent-openssl compile
2015-02-14 Jeremy HarrisOpenSSL: Capture peercert/dn in mainline not verify...
2015-02-09 Jeremy Harristidying
2015-02-04 Jeremy HarrisOpenssl: add peer IP to cert verify log lines
2015-02-01 Jeremy Harrisconstification
2015-01-21 Jeremy HarrisDANE: if all TLSA records are unusable, retry verificat...
2015-01-12 Jeremy HarrisMake smtp transport try server cert verify by default
2015-01-12 Jeremy HarrisSupport use of system default CA bundle
2015-01-12 Jeremy HarrisMove certificate name checking to mainline, default...
2015-01-12 Jeremy HarrisRefactor common uses of list-checking
2014-12-04 Jeremy HarrisFail a DANE-mode verify on totally missing certificate
2014-11-20 Jeremy HarrisConst-ification
2014-11-08 Jeremy HarrisFix smtp transport certificate-verification option...
2014-11-06 Jeremy HarrisEXPERIMENTAL_CERTNAMES: Hostlist for cert name checks...
2014-11-05 Jeremy HarrisDo not permit multi-component wildcards on certificate...
2014-11-05 Jeremy HarrisDo not permit multi-component wildcards on certificate...
2014-10-30 Jeremy HarrisFix cert-try-verify when denied by event action
2014-10-30 Jeremy HarrisFor connects and certificate-verifies denied by event...
2014-10-26 Jeremy HarrisFix cert-try-verify when denied by event action
2014-10-26 Jeremy HarrisFix feature-ifdef for OpenSSL builtin certname checking
2014-10-25 Jeremy HarrisAdd event for inbound cert visibility
2014-10-25 Jeremy HarrisRename facility to Event Actions, ifdeffed on EXPERIMEN...
2014-10-22 Todd LyonsMerge branch 'master' of ssh://git.exim.org/home/git...
2014-10-22 Jeremy HarrisMore regular logging use of H=<name> [<ip>]
2014-09-25 Jeremy HarrisAmplify comment on server requests for client certificates
2014-09-23 Todd LyonsMerge remote-tracking branch 'exim_github/pr/18'
2014-09-13 Jeremy HarrisRestrict dane to DANE-TA(2) and DANE-EE(3) usage TLSA...
2014-09-12 Jeremy HarrisFix needless OCSP request under DANE
2014-09-11 Jeremy HarrisAdd debug for number of CA certs, for OpenSSL/file...
2014-09-10 Jeremy HarrisTPDA tidying
2014-09-06 Todd LyonsMerge branch 'master_condition_description'
2014-09-04 Jeremy HarrisEnforce TLS under DANE when host has TLSA records
2014-09-02 Jeremy HarrisIntroduce EXPERIMENTAL_DANE feature
2014-08-20 Jeremy HarrisMerge branch dane-tpda into dane
2014-08-20 Jeremy HarrisMerge branch 'master' into dane
2014-08-20 Jeremy HarrisExpanded EXPERIMENTAL_TPDA feature
2014-08-17 Jeremy HarrisOverride an unchanged default hosts_request_ocsp when...
2014-08-17 Jeremy HarrisFeature compile-guard
2014-08-16 Jeremy HarrisAdd observability variables and provision for avoiding...
2014-08-16 Jeremy HarrisBreak out dane code to separate functions
2014-08-15 Jeremy HarrisCompiler quietening
2014-08-14 Jeremy HarrisFix fakens TLSA generation and DANE TLSA lookup
2014-08-11 Jeremy HarrisDo not sleep for tiny periods, or hang trying to sleep...
2014-08-11 Jeremy HarrisBetter logging of OCSP fails
2014-08-10 Jeremy HarrisEnable OCSP
2014-08-10 Jeremy HarrisChange CV= log line element for dane-verified cert
2014-08-10 Jeremy HarrisCapture the knowlege that verification succeeded
2014-08-10 Jeremy HarrisVerifiable conn with DANE-EE(3) / SPKI(1) / SHA2-512(2)
2014-08-10 Jeremy HarrisAdd support in the fakens utility for TLSA records
2014-08-10 Jeremy HarrisOn a host lookup name->MX->A->ip sequence, require...
2014-08-08 Jeremy HarrisTest development
2014-08-08 Jeremy HarrisTestsuite basics.
2014-08-07 Jeremy HarrisSketch in library interface
2014-08-04 Jeremy HarrisBetter logging of OCSP fails
2014-08-01 Jeremy HarrisFix development-testing induced crash on second use
2014-08-01 Jeremy HarrisBasic DANE entry points
2014-07-31 Jeremy HarrisAdd interface documentation for the DANE library
2014-07-13 Jeremy HarrisFix TLS SNI, and add regression test cases
2014-05-28 Todd LyonsMerge tag 'exim-4_82_1' exim-4_83_RC1
2014-05-26 Jeremy HarrisRestrict certificate name checkin for wildcards.
2014-05-23 Jeremy HarrisAdd OpenSSL version check
2014-05-23 Jeremy HarrisMove OCSP out of EXPERIMENTAL
2014-05-20 Jeremy HarrisSupport optional server certificate name checking....
2014-05-17 Jeremy HarrisUse accessor functions for OpenSSL internal data
2014-05-16 Jeremy HarrisGeneral tidying
2014-05-16 Jeremy HarrisTidy certificate verification logic under OpenSSL
2014-05-12 Todd LyonsMerge branch 'master' of ssh://git.exim.org/home/git...
2014-05-11 Jeremy HarrisCompiler quietening and testcase consistency
2014-05-09 Jeremy HarrisMake $tls_out_ocsp visible to TPDA (mostly testsuite)
2014-05-06 Jeremy HarrisOCSP observability: variables $tls_{in,out}_ocsp
2014-05-06 Jeremy HarrisRefactor tls_client_init interface
2014-05-02 Jeremy HarrisCertificate variables and field-extractor expansions...
2014-04-23 Todd LyonsMerge branch 'master' of git://git.exim.org/exim
2014-04-19 Todd LyonsCopyright year updates:
2014-04-16 Phil PennockReport OpenSSL build date too.
2014-03-20 Jeremy HarrisFuture-proof OpenSSL version string. Bug 1421
2014-03-15 Wolfgang BreyhaAdd tls_verify_hosts and tls_try_verify_hosts to smtp...
2014-02-26 Wolfgang BreyhaAdd tls_verify_hosts and tls_try_verify_hosts to smtp...
2014-01-07 Phil PennockCopyright year updates:
2013-06-17 Phil PennockSupport safari_ecdhe_ecdsa_bug for openssl_options
2013-04-07 Jeremy HarrisMerge branch 'ocsp_staple_rollup'
2013-04-02 Phil PennockEnsure OpenSSL entropy state reset across forks.
2013-04-01 Jeremy Harristidying
2013-03-25 Jeremy HarrisOCSP-stapling enhancement and testing.
2013-03-13 Phil PennockOpenSSL fix empty tls_verify_certificates.
2013-02-03 Phil Pennocktls_out.sni fix for ancient-OpenSSL #ifdef branch
2012-12-18 Jeremy HarrisInitialise OCSP-related pointers before use.
2012-12-10 Phil PennockOCSP/SNI: set correct callback.
2012-12-02 Phil PennockExplain the 3 SSL_CTX we have
2012-10-27 Phil PennockMerge 4.80.1 security fix in.
2012-06-07 Phil PennockUnbreak EXPERIMENTAL_OCSP after TLS cutthrough
2012-06-06 Phil PennockBUGFIX: forced-fail smtp option tls_sni would dereferen...
2012-06-06 Phil PennockBUGFIX: forced-fail smtp option tls_sni would dereferen...
2012-06-04 Jeremy HarrisAdd $tls_in_* variables; note the old names as deprecated.
2012-06-04 Jeremy HarrisFix post-rebase merge issues.
2012-06-04 Jeremy HarrisFix bug verifying certs on dual-tls.
2012-06-04 Jeremy HarrisDual-tls - split management of TLS into in- and out...
next