exim.git
7 years agoFix cert-try-verify when denied by event action
Jeremy Harris [Sun, 26 Oct 2014 22:14:03 +0000 (22:14 +0000)]
Fix cert-try-verify when denied by event action

7 years agoTestcase 0601: move udpsend action from connect to rcpt ACL
Jeremy Harris [Sun, 26 Oct 2014 17:37:52 +0000 (17:37 +0000)]
Testcase 0601: move udpsend action from connect to rcpt ACL

Some test runs were seeing the receiving perl output before the exim startup banner;
try to get the udpsend to happpen after the banner gets a chance to be emitted.

7 years agoTestsuite: increase default "client" utility connect timeout from 1 to 5 seconds
Jeremy Harris [Sun, 26 Oct 2014 17:48:33 +0000 (17:48 +0000)]
Testsuite: increase default "client" utility connect timeout from 1 to 5 seconds

7 years agoTestsuite: use different exit codes for various fail modes of "client" utility
Jeremy Harris [Sun, 26 Oct 2014 17:29:24 +0000 (17:29 +0000)]
Testsuite: use different exit codes for various fail modes of "client" utility

7 years agoFix feature-ifdef for OpenSSL builtin certname checking
Jeremy Harris [Sun, 26 Oct 2014 17:15:20 +0000 (17:15 +0000)]
Fix feature-ifdef for OpenSSL builtin certname checking

7 years agoTestsuite: extend timeout on troublesom test
Jeremy Harris [Sun, 26 Oct 2014 15:51:55 +0000 (15:51 +0000)]
Testsuite: extend timeout on troublesom test

Testcase 0035 persistently fails with "status 99" on some buildfarm
animals.  Try extending the connect timeout used by the "client" utility
to see if this helps.

7 years agoExpand commentary on certificate files
Jeremy Harris [Sun, 26 Oct 2014 14:54:28 +0000 (14:54 +0000)]
Expand commentary on certificate files

7 years agoAdd event for inbound cert visibility
Jeremy Harris [Thu, 23 Oct 2014 17:22:33 +0000 (18:22 +0100)]
Add event for inbound cert visibility

7 years agoMake transport name available in verify-callouts. Add verify_mode variable
Jeremy Harris [Thu, 23 Oct 2014 17:18:43 +0000 (18:18 +0100)]
Make transport name available in verify-callouts.  Add verify_mode variable

7 years agoRename facility to Event Actions, ifdeffed on EXPERIMENTAL_EVENT
Jeremy Harris [Sat, 18 Oct 2014 19:38:07 +0000 (20:38 +0100)]
Rename facility to Event Actions, ifdeffed on EXPERIMENTAL_EVENT

7 years agoTestsuite: more portable implementation of "showenv"
Jeremy Harris [Fri, 24 Oct 2014 10:12:20 +0000 (11:12 +0100)]
Testsuite: more portable implementation of "showenv"

At least one Solaris installation seems not to have "whoami"

7 years agoTest suite continue past unexpected client errors
Todd Lyons [Thu, 23 Oct 2014 19:27:41 +0000 (12:27 -0700)]
Test suite continue past unexpected client errors

7 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Wed, 22 Oct 2014 19:40:33 +0000 (12:40 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

7 years agoFix labels in testsuite conf files
Todd Lyons [Wed, 22 Oct 2014 19:40:08 +0000 (12:40 -0700)]
Fix labels in testsuite conf files

7 years agoMake $host available in tpda delivery event, for cutthrough. Bug 1529
Jeremy Harris [Sun, 12 Oct 2014 16:51:56 +0000 (17:51 +0100)]
Make $host available in tpda delivery event, for cutthrough.  Bug 1529

7 years agoMore regular logging use of H=<name> [<ip>]
Jeremy Harris [Thu, 25 Sep 2014 21:20:33 +0000 (22:20 +0100)]
More regular logging use of H=<name> [<ip>]

Note this may affect utilities which parse logs.

7 years agoTestsuite outputs: ipv6
Jeremy Harris [Wed, 22 Oct 2014 12:41:57 +0000 (13:41 +0100)]
Testsuite outputs: ipv6

7 years agoCompiler quietening
Jeremy Harris [Sat, 18 Oct 2014 17:51:16 +0000 (18:51 +0100)]
Compiler quietening

7 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Mon, 20 Oct 2014 14:16:04 +0000 (07:16 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

7 years agoTest suite: completely omit 127/8 IPs
Todd Lyons [Mon, 20 Oct 2014 14:14:42 +0000 (07:14 -0700)]
Test suite: completely omit 127/8 IPs

7 years agoHandle certificate dir under GnuTLS, if recent enough
Jeremy Harris [Thu, 16 Oct 2014 18:11:45 +0000 (19:11 +0100)]
Handle certificate dir under GnuTLS, if recent enough
Add testcases for certificate directories

The GnuTLS implementation has been tested on Fedora 21 (alpha),
using GnuTLS 3.3.9.  The testsuite case is here but with the
script commented-out.  When enabled, the log/mail/stdout/stderr
files will be created fresh.

7 years agoTestsuite output gnutls changes resulting from munging for openssl
Jeremy Harris [Sun, 12 Oct 2014 22:43:48 +0000 (23:43 +0100)]
Testsuite output gnutls changes resulting from munging for openssl
version differences

7 years agoMake dnssec status available in tpda delivery event, for cutthrough
Jeremy Harris [Sun, 12 Oct 2014 21:11:41 +0000 (22:11 +0100)]
Make dnssec status available in tpda delivery event, for cutthrough

7 years agoQuieten noisy compiler
Jeremy Harris [Sun, 12 Oct 2014 17:18:51 +0000 (18:18 +0100)]
Quieten noisy compiler

As usual, gcc whining that perfectly valid C coding is
"ambiguous".  Wrongly.

7 years agoRemove limit on remove_headers item size. Bug 1533
Jeremy Harris [Sun, 5 Oct 2014 20:31:20 +0000 (21:31 +0100)]
Remove limit on remove_headers item size. Bug 1533

7 years agoFix Solaris build
Jeremy Harris [Mon, 29 Sep 2014 10:50:06 +0000 (11:50 +0100)]
Fix Solaris build

7 years agoDoc notes on expansion ordering
Jeremy Harris [Mon, 29 Sep 2014 10:49:35 +0000 (11:49 +0100)]
Doc notes on expansion ordering

7 years agoMore testsuite variance between OpenSSL library versions
Jeremy Harris [Sun, 28 Sep 2014 16:58:38 +0000 (17:58 +0100)]
More testsuite variance between OpenSSL library versions

7 years agoFix transport-results pipe for multiple recipients combined with certs.
Wolfgang Breyha [Sun, 28 Sep 2014 12:40:45 +0000 (13:40 +0100)]
Fix transport-results pipe for multiple recipients combined with certs.

The previous parsing failed when a result item split over a buffer boundary;
fix by prefixing sizes to items, and checking enough has been read as the
initial parsing stage.

7 years agoClarify error message for host-connect fail. Bug 1505
Jeremy Harris [Tue, 16 Sep 2014 15:58:04 +0000 (16:58 +0100)]
Clarify error message for host-connect fail.  Bug 1505

7 years agoAmplify comment on server requests for client certificates
Jeremy Harris [Sun, 21 Sep 2014 16:59:44 +0000 (17:59 +0100)]
Amplify comment on server requests for client certificates

7 years agoChangeLog for Github Issue 18
Todd Lyons [Tue, 23 Sep 2014 12:11:48 +0000 (05:11 -0700)]
ChangeLog for Github Issue 18

7 years agoMerge remote-tracking branch 'exim_github/pr/18'
Todd Lyons [Tue, 23 Sep 2014 12:09:15 +0000 (05:09 -0700)]
Merge remote-tracking branch 'exim_github/pr/18'

7 years agoFix kill commandline for Solaris compatibility #2
Todd Lyons [Thu, 18 Sep 2014 16:02:17 +0000 (09:02 -0700)]
Fix kill commandline for Solaris compatibility #2

7 years agoFix kill commandline for Solaris compatibility
Todd Lyons [Thu, 18 Sep 2014 14:47:22 +0000 (07:47 -0700)]
Fix kill commandline for Solaris compatibility

7 years agoReplace use of index() with Ustrchr()
Jeremy Harris [Tue, 16 Sep 2014 13:59:54 +0000 (14:59 +0100)]
Replace use of index() with Ustrchr()

7 years agoRestrict dane to DANE-TA(2) and DANE-EE(3) usage TLSA records
Jeremy Harris [Sat, 13 Sep 2014 13:55:57 +0000 (14:55 +0100)]
Restrict dane to DANE-TA(2) and DANE-EE(3) usage TLSA records
Also, just ignore TLSA records with unsipported match types.

7 years agoFix needless OCSP request under DANE
Jeremy Harris [Fri, 12 Sep 2014 20:13:47 +0000 (21:13 +0100)]
Fix needless OCSP request under DANE
usage 3 and with require_ocsp in play though inactive

7 years agoBug 1216: Add -M (related) to exigrep.
Todd Lyons [Fri, 12 Sep 2014 13:22:24 +0000 (06:22 -0700)]
Bug 1216: Add -M (related) to exigrep.

Thanks to Arkadiusz for pointing out that this was never merged.

7 years agoFix ldap lookup for single-attr request, multiple-attr return. Bug 1521
Heiko Schlittermann [Thu, 11 Sep 2014 21:25:51 +0000 (22:25 +0100)]
Fix ldap lookup for single-attr request, multiple-attr return. Bug 1521

Exim documented behaviour is that the single-request case controls
the output format (by not labelling attributes with names).
The code is broken for the case where attrs B, C are derived from A
and A is requested (and the LDAP server used isn't buggy here; some
are and only return A rather than A, B, C).

7 years agoAdd debug for number of CA certs, for OpenSSL/file load
Jeremy Harris [Thu, 11 Sep 2014 20:41:12 +0000 (21:41 +0100)]
Add debug for number of CA certs, for OpenSSL/file load

7 years agoFix undersized buffer use by eximon. Bug 1527
Jeremy Harris [Wed, 10 Sep 2014 13:26:58 +0000 (14:26 +0100)]
Fix undersized buffer use by eximon.  Bug 1527

The long spoolfile line now used for certificate info was too big,
resulting in an apparent syntax error in the file.
Apart from using a decent size, do autogrow in case of immense
certificates.

7 years agoTPDA tidying
Jeremy Harris [Wed, 10 Sep 2014 14:13:53 +0000 (15:13 +0100)]
TPDA tidying

7 years agodoc typo
Jeremy Harris [Mon, 8 Sep 2014 08:55:57 +0000 (09:55 +0100)]
doc typo

7 years agoAdd expansion item for sorting lists
Jeremy Harris [Sat, 6 Sep 2014 20:10:17 +0000 (21:10 +0100)]
Add expansion item for sorting lists

7 years agoSupport secondary-separator specifier for MX, SRV and TLSA dnsdb lookups
Jeremy Harris [Sat, 6 Sep 2014 18:59:34 +0000 (19:59 +0100)]
Support secondary-separator specifier for MX, SRV and TLSA dnsdb lookups

7 years agoMerge branch 'master_condition_description'
Todd Lyons [Sat, 6 Sep 2014 05:17:37 +0000 (22:17 -0700)]
Merge branch 'master_condition_description'

7 years agoBug 1518: fix description of condition processing
Todd Lyons [Thu, 4 Sep 2014 18:20:31 +0000 (11:20 -0700)]
Bug 1518: fix description of condition processing

The description in the first commit was completely wrong.  Thanks to
  Phil for setting me straight and seeding me with the correct verbage.

7 years agoEnforce TLS under DANE when host has TLSA records
Jeremy Harris [Thu, 4 Sep 2014 21:40:09 +0000 (22:40 +0100)]
Enforce TLS under DANE when host has TLSA records

7 years agoFix ${extract expansion for use within ${if inlist etc. Bug 1524
Jeremy Harris [Tue, 2 Sep 2014 22:37:57 +0000 (23:37 +0100)]
Fix ${extract expansion for use within ${if inlist etc.  Bug 1524

The coding of the numeric test on the key decided that empty was numeric, and
insisted on a third substring even in syntax-check "skip" mode.  This failed
when a single expansion variable was used for the key (eg. $item) and the
defaults for string2, string3 were being assumed.  Skip the test in skip mode.

7 years agoIntroduce EXPERIMENTAL_DANE feature
Jeremy Harris [Tue, 2 Sep 2014 12:14:01 +0000 (13:14 +0100)]
Introduce EXPERIMENTAL_DANE feature

7 years agoChangeLog entry
Jeremy Harris [Tue, 2 Sep 2014 12:12:45 +0000 (13:12 +0100)]
ChangeLog entry

7 years agoredis lookup returns false for things that should be true
Sebastian Wiedenroth [Tue, 2 Sep 2014 10:41:30 +0000 (12:41 +0200)]
redis lookup returns false for things that should be true

If redis returns an integer the lookup code currently checks if the value is 1 and returns false for all other values.
This is problematic if you want to use redis commands that return counts (ZCARD etc.) because you can't check for "does not exist" or "exists at least once". (It will be 0->false, 1->true, 2 or more-> false again)

This commit changes the code to handle integer values like C: 0 is false and everything else is true.

For the simple 0 and 1 values nothing changes to existing queries so this diff is backwards compatible.
For queries that return other values exim now gets the bool that would be expected.

7 years agoWarn on OCSP interaction with DANE
Jeremy Harris [Mon, 1 Sep 2014 13:54:59 +0000 (14:54 +0100)]
Warn on OCSP interaction with DANE

7 years agoAdd missing puctuation
Jeremy Harris [Sun, 31 Aug 2014 21:07:54 +0000 (22:07 +0100)]
Add missing puctuation

7 years agoUpdate comment
Jeremy Harris [Sun, 31 Aug 2014 20:54:58 +0000 (21:54 +0100)]
Update comment

7 years agoFurther doc examples for ldap lookup output
Heiko Schlittermann [Sun, 31 Aug 2014 13:13:22 +0000 (14:13 +0100)]
Further doc examples for ldap lookup output

7 years agoFix crash in mime acl when a parameter is zero-length
Jeremy Harris [Fri, 29 Aug 2014 13:11:50 +0000 (14:11 +0100)]
Fix crash in mime acl when a parameter is zero-length

7 years agoFix tpda tcp:connect testcase
Jeremy Harris [Fri, 29 Aug 2014 10:37:56 +0000 (11:37 +0100)]
Fix tpda tcp:connect testcase

7 years agoBugzilla 1518: Clarify router "condition" parsing
Todd Lyons [Fri, 29 Aug 2014 00:09:03 +0000 (17:09 -0700)]
Bugzilla 1518: Clarify router "condition" parsing

7 years agoFurther TPDA events
Jeremy Harris [Wed, 27 Aug 2014 16:00:39 +0000 (17:00 +0100)]
Further TPDA events
 msg:complete
 msg:fail:internal
 msg:fail:delivery

7 years agoAdd doc detail on ldap lookup output parsing
Jeremy Harris [Wed, 27 Aug 2014 11:08:48 +0000 (12:08 +0100)]
Add doc detail on ldap lookup output parsing

7 years agoMerge branch dane-tpda into dane
Jeremy Harris [Wed, 20 Aug 2014 19:34:17 +0000 (20:34 +0100)]
Merge branch dane-tpda into dane

Conflicts:
doc/doc-txt/experimental-spec.txt
src/src/deliver.c
src/src/functions.h
src/src/smtp_out.c
src/src/tls-openssl.c
src/src/transports/smtp.c
src/src/verify.c

7 years agoUpdate change log
Jeremy Harris [Wed, 20 Aug 2014 19:24:50 +0000 (20:24 +0100)]
Update change log

7 years agoMerge branch 'master' into dane
Jeremy Harris [Wed, 20 Aug 2014 19:22:21 +0000 (20:22 +0100)]
Merge branch 'master' into dane

Conflicts:
doc/doc-txt/ChangeLog
src/src/tls-openssl.c
src/src/transports/smtp.c
src/src/verify.c

7 years agoExpanded EXPERIMENTAL_TPDA feature
Jeremy Harris [Wed, 20 Aug 2014 13:05:30 +0000 (14:05 +0100)]
Expanded EXPERIMENTAL_TPDA feature

Note this introduces incompatible changes; users who are compiling
the feature in, and with configuration files using it, will need to
change their configurations appropriately.  See the experimental-spec.txt
file.

7 years agoMerge remote-tracking branch 'exim_github/pr/16'
Todd Lyons [Mon, 18 Aug 2014 12:25:59 +0000 (05:25 -0700)]
Merge remote-tracking branch 'exim_github/pr/16'

7 years agoSafer coding for utf8clean expansion operator
Jeremy Harris [Sun, 17 Aug 2014 18:10:36 +0000 (19:10 +0100)]
Safer coding for utf8clean expansion operator

7 years agoUpdate DANE draft docs
Jeremy Harris [Sun, 17 Aug 2014 18:05:37 +0000 (19:05 +0100)]
Update DANE draft docs

7 years agoLog an error (instead of hanging) if Dovecot auth is configured to use the wrong...
Timo Sirainen [Sun, 17 Aug 2014 18:01:49 +0000 (21:01 +0300)]
Log an error (instead of hanging) if Dovecot auth is configured to use the wrong auth-master/auth-userdb socket.

7 years agoUnbreak utf8clean testcase.
Jeremy Harris [Sun, 17 Aug 2014 17:26:08 +0000 (18:26 +0100)]
Unbreak utf8clean testcase.

Broken by my compile quitening; the issue was a variable
declared local in a loop body and used for carrying data
from one iteration to the next.  I'd blindly added an
initialiser, destroying the data.  However, I *think* that
compilers might be at liberty to not use the same location
for separate iterations; if so the code was broken (and only
worked by chance).  Fix by moving the declaration outside
the loop.

7 years agoProperly detect/set test variables from scripts.
Todd Lyons [Thu, 14 Aug 2014 19:36:34 +0000 (12:36 -0700)]
Properly detect/set test variables from scripts.

7 years agoOverride an unchanged default hosts_request_ocsp when DANE is used
Jeremy Harris [Sun, 17 Aug 2014 15:38:32 +0000 (16:38 +0100)]
Override an unchanged default hosts_request_ocsp when DANE is used

7 years agoFeature compile-guard
Jeremy Harris [Sun, 17 Aug 2014 13:42:43 +0000 (14:42 +0100)]
Feature compile-guard

7 years agoAdd sha256 operator usage
Jeremy Harris [Sun, 17 Aug 2014 00:05:21 +0000 (01:05 +0100)]
Add sha256 operator usage

7 years agoAdd observability variables and provision for avoiding OCSP conflicts
Jeremy Harris [Sat, 16 Aug 2014 23:41:17 +0000 (00:41 +0100)]
Add observability variables and provision for avoiding OCSP conflicts

7 years agoBreak out dane code to separate functions
Jeremy Harris [Sat, 16 Aug 2014 21:36:56 +0000 (22:36 +0100)]
Break out dane code to separate functions

7 years agoClarify docs on ldap alternate servers list
Jeremy Harris [Sat, 16 Aug 2014 20:37:36 +0000 (21:37 +0100)]
Clarify docs on ldap alternate servers list

7 years agoCompiler quietening
Jeremy Harris [Fri, 15 Aug 2014 19:24:44 +0000 (20:24 +0100)]
Compiler quietening

7 years agoClean docs for next release
Jeremy Harris [Thu, 14 Aug 2014 20:37:00 +0000 (21:37 +0100)]
Clean docs for next release

7 years agoFix fakens TLSA generation and DANE TLSA lookup
Jeremy Harris [Thu, 14 Aug 2014 20:21:45 +0000 (21:21 +0100)]
Fix fakens TLSA generation and DANE TLSA lookup

7 years agoChangeLog entry for OpenBSD 5.5 patch
Todd Lyons [Thu, 14 Aug 2014 19:59:49 +0000 (12:59 -0700)]
ChangeLog entry for OpenBSD 5.5 patch

7 years agoShuffle test order
Jeremy Harris [Thu, 14 Aug 2014 19:47:31 +0000 (20:47 +0100)]
Shuffle test order

7 years agoMerge branch 'master' of git://git.exim.org/exim
Todd Lyons [Thu, 14 Aug 2014 19:37:23 +0000 (12:37 -0700)]
Merge branch 'master' of git://git.exim.org/exim

7 years agoProperly detect/set test variables from scripts.
Todd Lyons [Thu, 14 Aug 2014 19:36:34 +0000 (12:36 -0700)]
Properly detect/set test variables from scripts.

7 years agoAdd testcase for TLSA record access
Jeremy Harris [Thu, 14 Aug 2014 19:28:02 +0000 (20:28 +0100)]
Add testcase for TLSA record access

7 years agoFix non-dane build
Jeremy Harris [Thu, 14 Aug 2014 13:52:40 +0000 (14:52 +0100)]
Fix non-dane build

7 years agoOpenBSD 5.5 removed arc4random_stir
Todd Lyons [Thu, 14 Aug 2014 12:30:54 +0000 (05:30 -0700)]
OpenBSD 5.5 removed arc4random_stir

7 years agoTestsuite - Squashed commit of the following:
Jeremy Harris [Wed, 13 Aug 2014 15:23:44 +0000 (16:23 +0100)]
Testsuite - Squashed commit of the following:

commit 7566c531c43298510e080eb8a7ed7cf767f9476b
Author: Jeremy Harris <jgh146exb@wizmail.org>
Date:   Wed Aug 13 16:20:38 2014 +0100

    Assorted OpenSSL cases fail on different library versions. Discard stdout info to hide this.

commit 3d389bc6a5ba0943f1b451fa7a8f2e3246de0bb1
Author: Jeremy Harris <jgh146exb@wizmail.org>
Date:   Wed Aug 13 14:05:19 2014 +0100

    Case 0563 was broken when the GECOS field had spaces. Accept quoted ones in stderr.

commit d4333083f230702c8be45650dc48b6eb65a162eb
Author: Jeremy Harris <jgh146exb@wizmail.org>
Date:   Mon Aug 11 18:30:49 2014 +0100

    Case 0601 was unreliable; perl racing with exim for output. Quieten exim.

7 years agoDo not sleep for tiny periods, or hang trying to sleep for zero. Bug 1426
Jeremy Harris [Mon, 11 Aug 2014 16:47:01 +0000 (17:47 +0100)]
Do not sleep for tiny periods, or hang trying to sleep for zero. Bug 1426

7 years agoBetter logging of OCSP fails
Jeremy Harris [Mon, 11 Aug 2014 16:10:12 +0000 (17:10 +0100)]
Better logging of OCSP fails

7 years agoEnable OCSP
Jeremy Harris [Sun, 10 Aug 2014 20:52:24 +0000 (21:52 +0100)]
Enable OCSP

7 years agoAdd (2 0 1) test
Jeremy Harris [Sun, 10 Aug 2014 18:06:47 +0000 (19:06 +0100)]
Add (2 0 1) test

7 years agoChange CV= log line element for dane-verified cert
Jeremy Harris [Sun, 10 Aug 2014 16:25:26 +0000 (17:25 +0100)]
Change CV= log line element for dane-verified cert

7 years agoCapture the knowlege that verification succeeded
Jeremy Harris [Sun, 10 Aug 2014 15:57:15 +0000 (16:57 +0100)]
Capture the knowlege that verification succeeded

7 years agoAdd direct-A test
Jeremy Harris [Sun, 10 Aug 2014 14:55:43 +0000 (15:55 +0100)]
Add direct-A test

7 years agoVerifiable conn with DANE-EE(3) / SPKI(1) / SHA2-512(2)
Jeremy Harris [Sun, 10 Aug 2014 14:00:27 +0000 (15:00 +0100)]
Verifiable conn with DANE-EE(3) / SPKI(1) / SHA2-512(2)

7 years agoDiffs for draft 11
Jeremy Harris [Sun, 10 Aug 2014 13:58:59 +0000 (14:58 +0100)]
Diffs for draft 11

7 years agoCopy latest SMTP-with-DANE - draft 11
Jeremy Harris [Sun, 10 Aug 2014 13:43:59 +0000 (14:43 +0100)]
Copy latest SMTP-with-DANE - draft 11

7 years agoAdd support in the fakens utility for TLSA records
Jeremy Harris [Sun, 10 Aug 2014 11:31:21 +0000 (12:31 +0100)]
Add support in the fakens utility for TLSA records