exim.git
2 years agoTestsuite: resulting output changes.
Jeremy Harris [Sat, 27 Oct 2018 15:04:43 +0000 (16:04 +0100)]
Testsuite: resulting output changes.

Broken-by: fd3cf78930
2 years agotestsuite: diet for aux-fixed/3000.pl
Heiko Schlittermann (HS12-RIPE) [Fri, 26 Oct 2018 20:04:24 +0000 (22:04 +0200)]
testsuite: diet for aux-fixed/3000.pl

2 years agoTestsuite: variances for OpenSSL 1.1.1
Jeremy Harris [Thu, 25 Oct 2018 23:41:36 +0000 (00:41 +0100)]
Testsuite: variances for OpenSSL 1.1.1

2 years agoTidying: char signedness
Jeremy Harris [Tue, 23 Oct 2018 22:45:30 +0000 (23:45 +0100)]
Tidying: char signedness

2 years agoBuild: probe for broken poll() timing implementation
Jeremy Harris [Tue, 23 Oct 2018 21:25:40 +0000 (22:25 +0100)]
Build: probe for broken poll() timing implementation

2 years agoMacOS: probe for a usable TFO system configuration
Jeremy Harris [Tue, 23 Oct 2018 21:23:56 +0000 (22:23 +0100)]
MacOS: probe for a usable TFO system configuration

2 years agoTestsuite: fix debug stream munging for non-autocreate DBM variants, and for no TFO...
Jeremy Harris [Sun, 21 Oct 2018 22:37:14 +0000 (23:37 +0100)]
Testsuite: fix debug stream munging for non-autocreate DBM variants, and for no TFO support

2 years agoMacOS: fix spurious "child process failure"
Jeremy Harris [Sun, 21 Oct 2018 20:59:47 +0000 (21:59 +0100)]
MacOS: fix spurious "child process failure"

2 years agoDebug: provide for SIGALRM tracking
Jeremy Harris [Sun, 21 Oct 2018 20:58:31 +0000 (21:58 +0100)]
Debug: provide for SIGALRM tracking

2 years agoFix bad use of library, copying string over itself
Jeremy Harris [Sat, 20 Oct 2018 20:03:30 +0000 (21:03 +0100)]
Fix bad use of library, copying string over itself

2 years agotidying
Jeremy Harris [Sat, 20 Oct 2018 20:03:22 +0000 (21:03 +0100)]
tidying

2 years agoEnsure unique message-id even for rejected messages
Jeremy Harris [Sat, 20 Oct 2018 19:07:21 +0000 (20:07 +0100)]
Ensure unique message-id even for rejected messages

2 years agoMacOS: fix egid problem
Jeremy Harris [Sun, 21 Oct 2018 13:01:57 +0000 (14:01 +0100)]
MacOS: fix egid problem

2 years agoMacOS: support large group-membership counts
Jeremy Harris [Sun, 14 Oct 2018 21:24:41 +0000 (22:24 +0100)]
MacOS: support large group-membership counts

2 years agoRefactor startup error exits
Jeremy Harris [Sat, 20 Oct 2018 15:21:44 +0000 (16:21 +0100)]
Refactor startup error exits

2 years agoTestsuite: force non-TLSv1.3 for (OpenSSL) cert-variable test
Jeremy Harris [Tue, 16 Oct 2018 22:54:28 +0000 (23:54 +0100)]
Testsuite: force non-TLSv1.3 for (OpenSSL) cert-variable test
This maintains visibility of the cert choice required by the auth-method configuration.

Leave the bogus results from pre-1.1.1 OpenSSL library bug while the fixed version is not in common use.

2 years agotidying
Jeremy Harris [Sun, 14 Oct 2018 20:37:49 +0000 (21:37 +0100)]
tidying

2 years agoTestsuite: client script faciility for handling optional reponses
Jeremy Harris [Sun, 14 Oct 2018 14:22:32 +0000 (15:22 +0100)]
Testsuite: client script faciility for handling optional reponses

Use this to deal with fallout from TLS negotiation failure, where the
server sees leftover encrypted data as garbage commands.

2 years agoOpenSSL: Enhance connect/accept-time debug
Jeremy Harris [Sun, 14 Oct 2018 14:21:08 +0000 (15:21 +0100)]
OpenSSL: Enhance connect/accept-time debug

Also, use safer interface for error-strings.

2 years agoTestsuite: tidying
Jeremy Harris [Sat, 13 Oct 2018 17:18:53 +0000 (18:18 +0100)]
Testsuite: tidying

2 years agoFix Mac build
Jeremy Harris [Fri, 12 Oct 2018 21:19:17 +0000 (22:19 +0100)]
Fix Mac build

Broken-by: 75c121f07a
2 years agoFix OpenBSD build.
Jeremy Harris [Fri, 12 Oct 2018 20:15:29 +0000 (21:15 +0100)]
Fix OpenBSD build.

Broken-by: 75c121f07a
2 years agoIncrease buffer size used for DNS responses. Bug 2329
Jeremy Harris [Fri, 12 Oct 2018 19:07:44 +0000 (20:07 +0100)]
Increase buffer size used for DNS responses.  Bug 2329

2 years agotidying
Jeremy Harris [Mon, 8 Oct 2018 13:23:38 +0000 (14:23 +0100)]
tidying

2 years agoRename smtp.client-ip to smtp.remote-ip
Phil Pennock [Fri, 12 Oct 2018 17:35:00 +0000 (13:35 -0400)]
Rename smtp.client-ip to smtp.remote-ip

This tracks changes in the ARC draft.

The Received-SPF headers remain unchanged.

2 years agoDebug: output GnuTLS verbose reason for certificate verify refusal
Jeremy Harris [Sun, 7 Oct 2018 23:12:08 +0000 (00:12 +0100)]
Debug: output GnuTLS verbose reason for certificate verify refusal

2 years agoTestsuite: more TLSv1.3 handling
Jeremy Harris [Sat, 6 Oct 2018 22:22:38 +0000 (23:22 +0100)]
Testsuite: more TLSv1.3 handling

2 years agoDocs: tweak ARC description
Jeremy Harris [Sat, 6 Oct 2018 22:20:07 +0000 (23:20 +0100)]
Docs: tweak ARC description

2 years agoTFO: use enum for client status
Jeremy Harris [Sat, 6 Oct 2018 14:32:14 +0000 (15:32 +0100)]
TFO: use enum for client status

2 years agoDebug: noutf8 selector. Bug 2324
Jeremy Harris [Tue, 2 Oct 2018 18:39:55 +0000 (19:39 +0100)]
Debug: noutf8 selector.  Bug 2324

2 years agoTestsuite: enhance json extract tests
Jeremy Harris [Sun, 30 Sep 2018 20:44:29 +0000 (21:44 +0100)]
Testsuite: enhance json extract tests

2 years agoExpansions: fix json extract for de-wrapping nested objects. Bug 2322
Jeremy Harris [Sun, 30 Sep 2018 20:42:40 +0000 (21:42 +0100)]
Expansions: fix json extract for de-wrapping nested objects.  Bug 2322

2 years agoExpansions: extract methods for JSON objects and arrays. Bug 2282
Jeremy Harris [Sun, 30 Sep 2018 00:08:51 +0000 (01:08 +0100)]
Expansions: extract methods for JSON objects and arrays.  Bug 2282

2 years agoEvents: tests. Bug 2322
Jeremy Harris [Sat, 29 Sep 2018 17:52:20 +0000 (18:52 +0100)]
Events: tests.  Bug 2322

2 years agoEvents: Fire msg:fail:internal for a non-system filter "fail" command. Bug 2322
Matthias Kurz [Fri, 28 Sep 2018 22:05:02 +0000 (23:05 +0100)]
Events:  Fire msg:fail:internal for a non-system filter "fail" command.  Bug 2322

2 years agoEvents: Fire msg:fail:delivery event even when error is being ignored. Bug 2314
Matthias Kurz [Fri, 28 Sep 2018 18:04:55 +0000 (19:04 +0100)]
Events:  Fire msg:fail:delivery event even when error is being ignored.  Bug 2314

2 years agoLogging: do not log a missing proxy address, on delivery non-proxied.
Jeremy Harris [Wed, 26 Sep 2018 09:59:05 +0000 (10:59 +0100)]
Logging: do not log a missing proxy address, on delivery non-proxied.

Broken-by: e6d2a9894d
2 years agoCheck return from asprintf()
Jeremy Harris [Sun, 23 Sep 2018 14:44:15 +0000 (15:44 +0100)]
Check return from asprintf()

2 years agoDSN: tescase for ESMTP DSN extension, RCPT options
Jeremy Harris [Sun, 23 Sep 2018 11:07:26 +0000 (12:07 +0100)]
DSN: tescase for ESMTP DSN extension, RCPT options

2 years agoOpenSSL: Check return value from X509_NAME_oneline(). Bug 2316
Jeremy Harris [Fri, 21 Sep 2018 17:01:57 +0000 (18:01 +0100)]
OpenSSL: Check return value from X509_NAME_oneline().  Bug 2316

It didn't used to be documented as possibly returning NULL, but now it is.

2 years agoDANE: ignore undersized TLSA records
Jeremy Harris [Fri, 21 Sep 2018 11:40:53 +0000 (12:40 +0100)]
DANE: ignore undersized TLSA records

2 years agoTestsuite: output changes resulting
Jeremy Harris [Fri, 21 Sep 2018 10:07:36 +0000 (11:07 +0100)]
Testsuite: output changes resulting

2 years agoTestsuite: timing change needed for debug changes
Jeremy Harris [Fri, 21 Sep 2018 09:14:49 +0000 (10:14 +0100)]
Testsuite: timing change needed for debug changes

Broken-by: 8008accd32
2 years agoTestsuite: handle OpenSSL 1.1.1
Jeremy Harris [Thu, 20 Sep 2018 17:31:36 +0000 (18:31 +0100)]
Testsuite: handle OpenSSL 1.1.1

2 years agoBuiltin macros for OpenSSL options
Jeremy Harris [Thu, 20 Sep 2018 17:19:33 +0000 (18:19 +0100)]
Builtin macros for OpenSSL options

2 years agoConstification
Jeremy Harris [Wed, 19 Sep 2018 11:26:47 +0000 (12:26 +0100)]
Constification

2 years agoTestsuite: output changes resulting from timing change.
Jeremy Harris [Wed, 19 Sep 2018 10:28:59 +0000 (11:28 +0100)]
Testsuite: output changes resulting from timing change.

Broken-by: 8008accd32
2 years agoTestsuite: track newer GnuTLS behaviour
Jeremy Harris [Tue, 18 Sep 2018 17:02:48 +0000 (18:02 +0100)]
Testsuite: track newer GnuTLS behaviour

We have lost one log line, for a ciphers-negotiation failure on an early
host in a list from routing.  We still get something indicative if the
last one fails, so I'm going to let this pass.
Test 2025 will fail on earlier GnuTLS library versions as a result.

NONE no longer works as documented, in priority string for GnuTLS.

2 years agoGnuTLS: simplify cert hostname checking
Jeremy Harris [Tue, 18 Sep 2018 14:05:59 +0000 (15:05 +0100)]
GnuTLS: simplify cert hostname checking

2 years agoConstification
Jeremy Harris [Mon, 17 Sep 2018 16:20:14 +0000 (17:20 +0100)]
Constification

2 years agoDANE: fix TA-mode verify under GnuTLS. Bug 2311
Jeremy Harris [Mon, 17 Sep 2018 15:28:58 +0000 (16:28 +0100)]
DANE: fix TA-mode verify under GnuTLS.  Bug 2311

2 years agoAvoid fixed-size buffers for file paths in DB open
Jeremy Harris [Sun, 16 Sep 2018 23:55:04 +0000 (00:55 +0100)]
Avoid fixed-size buffers for file paths in DB open

2 years agoEvents: raise msg:fail:internal & msg:complete for -Mrm. Bug 2310
Matthias Kurz [Sun, 16 Sep 2018 23:20:24 +0000 (00:20 +0100)]
Events: raise msg:fail:internal & msg:complete for -Mrm.  Bug 2310

2 years agotestsuite output changes
Jeremy Harris [Sun, 16 Sep 2018 21:40:22 +0000 (22:40 +0100)]
testsuite output changes

2 years agoFix filter noerror command. Bug 2318
Matthias Kurz [Sun, 16 Sep 2018 20:20:44 +0000 (21:20 +0100)]
Fix filter noerror command.  Bug 2318

2 years agoTidying and compiler-silencing
Jeremy Harris [Sun, 16 Sep 2018 19:50:04 +0000 (20:50 +0100)]
Tidying and compiler-silencing

2 years agotests: propagate CPPFLAGS into build invocations
Phil Pennock [Sat, 15 Sep 2018 00:55:33 +0000 (20:55 -0400)]
tests: propagate CPPFLAGS into build invocations

With openssl installed by brew on macOS, OpenSSL headers are not in a
normal place.  I can fiddle with LDFLAGS/CPPFLAGS to get them available,
but then the `./configure` step succeeds and build fails.

Propagating the CPPFLAGS into the generated Makefile lets the build
succeed and we get a `client-ssl` binary output.

2 years agoRestore Darwin OS configuration
Phil Pennock [Fri, 14 Sep 2018 17:43:02 +0000 (13:43 -0400)]
Restore Darwin OS configuration

MacStadium are providing us with free Mac Mini hosting as part of their
FOSS support.  I'm about to set it up.  Let's have out-of-repo tuning in
place before I begin.

2 years agoCheck returncode from SSL_CTX_set_cipher_list()
Jeremy Harris [Thu, 13 Sep 2018 16:17:22 +0000 (17:17 +0100)]
Check returncode from SSL_CTX_set_cipher_list()

2 years agoUnbreak test 0600 (copy/paste error)
Phil Pennock [Tue, 11 Sep 2018 00:28:34 +0000 (20:28 -0400)]
Unbreak test 0600 (copy/paste error)

2 years agoDocs: document ancillary info for more event types. Bug 2313
Matthias Kurz [Mon, 10 Sep 2018 13:40:38 +0000 (14:40 +0100)]
Docs: document ancillary info for more event types.  Bug 2313

Patch from Matthias, with additional code indentation tweaks from JGH

2 years agodocs: unbreak spec build
Phil Pennock [Mon, 10 Sep 2018 02:24:39 +0000 (22:24 -0400)]
docs: unbreak spec build

I've created a homebrew tap with sdop and xfpt in it, so I can install
those more easily on macOS in the future, and now have bothered actually
building the docs.  `.url()` should have been `&url()` in two places.

The `make spec.pdf` pipeline yields a document where those are not
clickable links, but if i use `make spec.ps` and let macOS auto-convert
to PDF upon open, those are proper clickable hyperlinks.  So this switch
is definitely for the better.

2 years agoDANE - testcase for fail under GnuTLS with TA-mode to a selfsigned server cert
Jeremy Harris [Sat, 8 Sep 2018 18:31:49 +0000 (19:31 +0100)]
DANE - testcase for fail under GnuTLS with TA-mode to a selfsigned server cert

2 years agoDocs: more indexing of affix-related bits
Jeremy Harris [Thu, 6 Sep 2018 12:18:45 +0000 (13:18 +0100)]
Docs: more indexing of affix-related bits

2 years agoFix broken doc links and http→https where possible
Phil Pennock [Fri, 7 Sep 2018 17:56:27 +0000 (13:56 -0400)]
Fix broken doc links and http→https where possible

I got a cookie-cutter email from folks noting the modssl.org doc links
were broken and asking us to use their site instead, which was both
helpful and a rather heavy page with advertising on it, so not something
I want our docs to link to.

Fixed the modssl link to point to the correct current Apache docs, since
mod_ssl has not been a separate project for … a very long time.

Audited every `http:` link in the Spec, replacing with https if
available, updating URLs as needed, or trimming deadwood as appropriate.
This did edit one license text, but in a way which I believe is
reasonable and in the license holder's best interests.

* Use comments with a datestamp for any remaining http: URLs, showing
  when they were last audited
* Suggest migrating away from Berkeley DB.
* Drop mention of a patched `pam_unix` module which is no longer available.
* In revamping the CDB tools links, add my own tools.
* Redo the intro text for the mod_ssl stuff (first person voice of PH).
* Rescorla's book's online examples appear to be gone; drop mention of
  them and point to Ristić's more recent book too.
* Point to wikipedia list of DNSxL services as an overview, in part
  because I dropped the reference to the defunct rfc-ignorant.org and
  there was no good candidate as an exemplar for domain-based lists.
* Note that mksd is a candidate for removal from Exim since mks_vir
  is dead.
* Drop LogReport/lire reference (dead/gone and can't find it).
* Redo proxy protocol spec-linking text.
* Replace FAQ A1701 with text saying "don't do that" (self-signed certs)
  and just telling people to use a CA instead, pointing strongly to
  Let's Encrypt.  We did nobody any favors with that old text still
  being present today (it was entirely appropriate when written).

2 years agoDEBUG: db functions
Jeremy Harris [Fri, 31 Aug 2018 21:41:02 +0000 (22:41 +0100)]
DEBUG: db functions

2 years agoRefactor authenticators API to take an (opaque) smtp connection context
Jeremy Harris [Wed, 29 Aug 2018 18:10:41 +0000 (19:10 +0100)]
Refactor authenticators API to take an (opaque) smtp connection context

2 years agoDo not use arc4random_stir() directly (Bug 2304)
Xin Li [Mon, 27 Aug 2018 09:32:51 +0000 (11:32 +0200)]
Do not use arc4random_stir() directly (Bug 2304)

arc4random_stir should not be used directly (it's fully automated after
FreeBSD r227520, or approximately __FreeBSD_version 1000002), the
interface will be removed from FreeBSD soon (bugs.freebsd.org/230756).

Patch was from bugs.freebsd.org/230826.

2 years agoUse single-bit fields for file-global flags in smtp_in
Jeremy Harris [Thu, 23 Aug 2018 11:34:38 +0000 (12:34 +0100)]
Use single-bit fields for file-global flags in smtp_in

2 years agoDMARC: Fix forensic-report envelopes to permit non-null. Bug 1896
Jeremy Harris [Wed, 22 Aug 2018 23:05:28 +0000 (00:05 +0100)]
DMARC: Fix forensic-report envelopes to permit non-null.  Bug 1896

2 years agoFix no-SSL, with-SOCKS build
Jeremy Harris [Wed, 22 Aug 2018 22:01:53 +0000 (23:01 +0100)]
Fix no-SSL, with-SOCKS build

2 years agoTestsuite: fix CHUNKING tests for no-DKIM build
Jeremy Harris [Wed, 22 Aug 2018 22:01:30 +0000 (23:01 +0100)]
Testsuite: fix CHUNKING tests for no-DKIM build

2 years agoUse single-bit fields for global flags
Jeremy Harris [Wed, 22 Aug 2018 19:46:11 +0000 (20:46 +0100)]
Use single-bit fields for global flags

2 years agoLogging: server pipelining offer but no uptake
Jeremy Harris [Wed, 22 Aug 2018 12:20:54 +0000 (13:20 +0100)]
Logging: server pipelining offer but no uptake

2 years agotidying
Jeremy Harris [Tue, 21 Aug 2018 21:31:27 +0000 (22:31 +0100)]
tidying

2 years agoBuiltin macros for log_selector values
Jeremy Harris [Mon, 20 Aug 2018 11:46:16 +0000 (12:46 +0100)]
Builtin macros for log_selector values

2 years agoTidying: indentation
Jeremy Harris [Sun, 19 Aug 2018 18:29:30 +0000 (19:29 +0100)]
Tidying: indentation

2 years agoDebug: indent builtin-DB operations
Jeremy Harris [Sun, 19 Aug 2018 13:53:40 +0000 (14:53 +0100)]
Debug: indent builtin-DB operations

2 years agoLogging: pipelining log_selector
Jeremy Harris [Sat, 18 Aug 2018 18:45:36 +0000 (19:45 +0100)]
Logging: pipelining log_selector

2 years agounbreak test: s/log_write/logwrite/
Phil Pennock [Mon, 20 Aug 2018 18:09:14 +0000 (14:09 -0400)]
unbreak test: s/log_write/logwrite/

2 years agoUTF8/locale: document constraints on current expansions.
Phil Pennock [Sat, 18 Aug 2018 02:06:48 +0000 (22:06 -0400)]
UTF8/locale: document constraints on current expansions.

2 years agoFix utf8clean not replacing incomplete final character
Phil Pennock [Fri, 17 Aug 2018 01:17:32 +0000 (21:17 -0400)]
Fix utf8clean not replacing incomplete final character

Before, it was just dropped, but we document that it's replaced by ?.

Tests updated, manual test-case for -be prompt is:

    ${utf8clean:${length_1:フィル}}

2 years agoFix logging all_parents for cutthrough delivery. Bug 2296
Jeremy Harris [Sat, 11 Aug 2018 13:45:42 +0000 (14:45 +0100)]
Fix logging all_parents for cutthrough delivery.  Bug 2296

2 years agoFix cutthrough delivery for more than one iteration of address redirection. Bug...
Jeremy Harris [Thu, 9 Aug 2018 19:37:42 +0000 (20:37 +0100)]
Fix cutthrough delivery for more than one iteration of address redirection.  Bug 2296

2 years agoDocs: add explicit warning on spoolfile formats
Jeremy Harris [Sun, 5 Aug 2018 12:58:40 +0000 (13:58 +0100)]
Docs: add explicit warning on spoolfile formats

2 years ago18N: fix docs for option name. Bug 2246
Gedalya [Sat, 4 Aug 2018 13:27:46 +0000 (14:27 +0100)]
18N: fix docs for option name.  Bug 2246

Incorrect at introduction in 71c158466d.

2 years agoREQUIRETLS: amplify docs discussion
Jeremy Harris [Sun, 29 Jul 2018 14:27:03 +0000 (15:27 +0100)]
REQUIRETLS: amplify docs discussion

2 years agoMake -n work with macros too
Phil Pennock [Tue, 31 Jul 2018 19:54:17 +0000 (15:54 -0400)]
Make -n work with macros too

Have `exim -n -bP macro FOO` just print the value of the macro `FOO`,
without the `name=` prefix.

This is the same handling as used for option values.

If the invoker asks for multiple macros in one invocation, with `-n`,
then that's their problem.

2 years agoI18N: add a utf8_downconvert option to the smtp transport. Bug 2248
Jeremy Harris [Sat, 28 Jul 2018 19:48:19 +0000 (20:48 +0100)]
I18N: add a utf8_downconvert option to the smtp transport.  Bug 2248

2 years agoSupport REQUIRETLS
Jeremy Harris [Fri, 27 Jul 2018 16:56:39 +0000 (17:56 +0100)]
Support REQUIRETLS

2 years agoFix non-EVENTS build
Jeremy Harris [Fri, 20 Jul 2018 15:19:34 +0000 (16:19 +0100)]
Fix non-EVENTS build

Broken-by: c4b57fddca
2 years agoTestsuite: restore rspamd testcase
Jeremy Harris [Wed, 18 Jul 2018 22:13:54 +0000 (23:13 +0100)]
Testsuite: restore rspamd testcase
Missed from 611b1961b8.

2 years agoI18N: reject SMTPUTF8 MAIL command when facility not advertised
Jeremy Harris [Wed, 18 Jul 2018 21:59:14 +0000 (22:59 +0100)]
I18N: reject SMTPUTF8 MAIL command when facility not advertised

2 years agoI18N: Fix protocol recorded for a multi-SMTPUTF8-message connection. Bug 2287
Jeremy Harris [Wed, 18 Jul 2018 21:16:38 +0000 (22:16 +0100)]
I18N: Fix protocol recorded for a multi-SMTPUTF8-message connection.  Bug 2287

2 years agoDocs: clarify rolled-up dkim status availability in data ACL
Jeremy Harris [Wed, 18 Jul 2018 20:44:56 +0000 (21:44 +0100)]
Docs: clarify rolled-up dkim status availability in data ACL

2 years agodoc: DANE: don't claim TA can be elided from chain
Phil Pennock [Fri, 13 Jul 2018 16:24:26 +0000 (12:24 -0400)]
doc: DANE: don't claim TA can be elided from chain

While technically an implementation can choose to use a public TA from
DNS or elsewhere to populate a missing TA from the chain, that creates
interoperability issues and the OpenSSL integration code, at least,
doesn't support that and after a bit of work drilling through layers of
abstraction, I've not figured out what GnuTLS does and I've decided I
don't care.

So I'm heeding Viktor's advice and changing the docs to just say to
publish the TA in the chain sent by the server.

2 years agonit typo
Phil Pennock [Wed, 11 Jul 2018 00:16:23 +0000 (20:16 -0400)]
nit typo

2 years agoDocument problems with SHA-1 in certs with DANE-TA
Phil Pennock [Tue, 10 Jul 2018 18:35:58 +0000 (14:35 -0400)]
Document problems with SHA-1 in certs with DANE-TA

Very few domains are using SHA-1 in EE certs issued from a CA used in
DANE-TA anchoring, but some are.  Meanwhile apparently GnuTLS now
defaults to disabling SHA-1 in chains.  Which is eminently reasonable.

I do not believe that Exim should re-enable use of SHA-1 here.  Let it
die.  Document with warnings that folks using a private CA for certs to
be publicly trusted via DANE-TA should follow decent operational
issuance practices.

Also update my Channel Binding docs for GSASL to warn that Channel
Binding is Broken™.

2 years agoCallouts: enhance debug message
Jeremy Harris [Thu, 28 Jun 2018 21:07:28 +0000 (22:07 +0100)]
Callouts: enhance debug message

2 years agoTestsuite: tweak instructions for running the suite
Jeremy Harris [Thu, 28 Jun 2018 11:28:09 +0000 (12:28 +0100)]
Testsuite: tweak instructions for running the suite