users/heiko/exim.git
10 years agoMake $tls_out_ocsp visible to TPDA (mostly testsuite)
Jeremy Harris [Wed, 7 May 2014 19:46:49 +0000 (20:46 +0100)]
Make $tls_out_ocsp visible to TPDA (mostly testsuite)

10 years agoCertificate-related routines only present when TLS is supported
Jeremy Harris [Thu, 8 May 2014 22:29:35 +0000 (23:29 +0100)]
Certificate-related routines only present when TLS is supported

10 years agoEnable operator md5 and sha1 use on certificate variables. Bug 1170
Jeremy Harris [Thu, 8 May 2014 19:38:46 +0000 (20:38 +0100)]
Enable operator md5 and sha1 use on certificate variables.  Bug 1170

10 years agoOCSP observability: variables $tls_{in,out}_ocsp
Jeremy Harris [Tue, 6 May 2014 13:44:21 +0000 (14:44 +0100)]
OCSP observability: variables $tls_{in,out}_ocsp
and smtp transport option hosts_request_ocsp

10 years agoRefactor tls_client_init interface
Jeremy Harris [Tue, 6 May 2014 07:44:59 +0000 (08:44 +0100)]
Refactor tls_client_init interface

10 years agoExtractors for subject-alternate-name, ocsp-uri, crl-uri return list. Bug 1358
Jeremy Harris [Mon, 5 May 2014 15:53:48 +0000 (16:53 +0100)]
Extractors for subject-alternate-name, ocsp-uri, crl-uri return list.  Bug 1358

10 years agoFix build with OpenSSL on earlier versions.
Jeremy Harris [Sun, 4 May 2014 17:28:51 +0000 (18:28 +0100)]
Fix build with OpenSSL on earlier versions.

Centos 6.5 and earlier had a build fail with GENERAL_NAME etc. undefined.
Just include the file defining it even if it's a duplicate on later versions.

10 years agoMore debug output
Jeremy Harris [Sat, 3 May 2014 20:36:14 +0000 (21:36 +0100)]
More debug output

10 years agoRestore testsuite operation on earlier GnuTLS libraries
Jeremy Harris [Sat, 3 May 2014 17:08:19 +0000 (18:08 +0100)]
Restore testsuite operation on earlier GnuTLS libraries

Typo

10 years agoRestore testsuite operation on earlier GnuTLS libraries
Jeremy Harris [Sat, 3 May 2014 16:46:23 +0000 (17:46 +0100)]
Restore testsuite operation on earlier GnuTLS libraries

10 years agoCertificate variables and field-extractor expansions. Bug 1358
Jeremy Harris [Fri, 2 May 2014 17:50:34 +0000 (18:50 +0100)]
Certificate variables and field-extractor expansions.  Bug 1358

10 years agoSupport dnssec in verify-callout use of smtp transport.
Jeremy Harris [Thu, 1 May 2014 22:26:14 +0000 (23:26 +0100)]
Support dnssec in verify-callout use of smtp transport.
Use of dnslookup router support is already present.

10 years agoCancel in-progress or reject requeted cutthrough when fakereject. Bug 1475
Jeremy Harris [Tue, 29 Apr 2014 23:16:30 +0000 (00:16 +0100)]
Cancel in-progress or reject requeted cutthrough when fakereject.  Bug 1475

10 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Wed, 30 Apr 2014 00:07:04 +0000 (17:07 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

10 years agoBug 1454: Option -oMm for message reference
Heiko Schlichting [Tue, 2 Apr 2013 19:06:03 +0000 (21:06 +0200)]
Bug 1454: Option -oMm for message reference

Includes docs and test suite

10 years agoAdd options dnssec_request_domains, dnssec_require_domains to the smtp transport
Jeremy Harris [Sun, 27 Apr 2014 17:17:29 +0000 (18:17 +0100)]
Add options dnssec_request_domains, dnssec_require_domains to the smtp transport

Note there are no testsuite cases included.

TODO in this area:
- dnssec during verify-callouts
- dnssec on the forward lookup of a verify=helo and verify=reverse_host_lookup

10 years agoSupport OCSP Stapling under GnuTLS. Bug 1459
Jeremy Harris [Thu, 24 Apr 2014 22:28:24 +0000 (23:28 +0100)]
Support OCSP Stapling under GnuTLS.  Bug 1459
Requires GnuTLS version 3.1.3 or later.
Under EXPERIMENTAL_OCSP

10 years agoDnssec observability: add variable $lookup_dnssec_authenticated
Jeremy Harris [Thu, 24 Apr 2014 15:41:11 +0000 (16:41 +0100)]
Dnssec observability: add variable $lookup_dnssec_authenticated

10 years agoFix typo in markup. Add .new/.wen.
Todd Lyons [Thu, 24 Apr 2014 14:54:36 +0000 (07:54 -0700)]
Fix typo in markup.  Add .new/.wen.

10 years agoBug 609: Add -C option to exiqgrep
Lars Timmann [Thu, 24 Apr 2014 00:03:06 +0000 (17:03 -0700)]
Bug 609: Add -C option to exiqgrep

Option is a passthrough to the exim process that it spawns that
  generates the queue list.

Fixed Conflicts:
doc/doc-txt/ChangeLog

10 years agodnssec_strict, _lax, _never modifiers for dnsdb lookups
Jeremy Harris [Wed, 23 Apr 2014 23:49:56 +0000 (00:49 +0100)]
dnssec_strict, _lax, _never modifiers for dnsdb lookups

Lacking testsuite coverage

10 years agoBug 1453: Add SERVERS ldap server list override
Heiko Schlichting [Wed, 23 Apr 2014 14:30:41 +0000 (07:30 -0700)]
Bug 1453: Add SERVERS ldap server list override

10 years agoMerge branch 'master' of git://git.exim.org/exim
Todd Lyons [Wed, 23 Apr 2014 12:26:34 +0000 (05:26 -0700)]
Merge branch 'master' of git://git.exim.org/exim

10 years agoMake --verbose propogate to html generation script
Todd Lyons [Wed, 23 Apr 2014 12:25:54 +0000 (05:25 -0700)]
Make --verbose propogate to html generation script

10 years agoMerge remote-tracking branch 'github/pr/13'
Phil Pennock [Mon, 21 Apr 2014 23:42:21 +0000 (19:42 -0400)]
Merge remote-tracking branch 'github/pr/13'

(exiqgrep -a support)

10 years agoexiqgrep: add -a to use all recipients (including delivered)
mg [Mon, 21 Apr 2014 22:41:34 +0000 (00:41 +0200)]
exiqgrep: add -a to use all recipients (including delivered)

10 years agoUpdated GnuTLS error messages
Jeremy Harris [Mon, 21 Apr 2014 15:50:46 +0000 (16:50 +0100)]
Updated GnuTLS error messages

10 years agoFix testcase "server missing/empty certificate file"
Jeremy Harris [Mon, 21 Apr 2014 15:34:01 +0000 (16:34 +0100)]
Fix testcase "server missing/empty certificate file"

GnuTLS early versions (pre 3.0.0 ?) fail to send a reasonable
client-cert request when tls_verify_certificates is an empty file.
Since the test is for missing *server* certs (tls_certificate)
avoid this by pointing to a real (if non-verifying) cert in
tls_verify_certificates.

10 years agoFix DISABLE_DNSSEC build
Jeremy Harris [Mon, 21 Apr 2014 12:07:17 +0000 (13:07 +0100)]
Fix DISABLE_DNSSEC build

Bad syntax possibly only affected some compilers.

10 years agoMake testcase more robust vs. timing variations
Jeremy Harris [Sun, 20 Apr 2014 22:28:34 +0000 (23:28 +0100)]
Make testcase more robust vs. timing variations
by restricting operations and logging to fewer items of interest

10 years agoRestore testsuite operation under gnuTLS 2.8.5
Jeremy Harris [Sun, 20 Apr 2014 20:50:48 +0000 (21:50 +0100)]
Restore testsuite operation under gnuTLS 2.8.5

10 years agoUpdate testsuite for gnuTLS 3.1.23
Jeremy Harris [Sun, 20 Apr 2014 19:53:32 +0000 (20:53 +0100)]
Update testsuite for gnuTLS 3.1.23

10 years agoAdd options dnssec_request_domains, dnssec_require_domains to the dnslookup router
Jeremy Harris [Sun, 20 Apr 2014 15:44:52 +0000 (16:44 +0100)]
Add options dnssec_request_domains, dnssec_require_domains to the dnslookup router

Note there are no testsuite cases included.

TODO in this area:
- dnssec during verify-callouts
- dnssec during dnsdb expansions
- dnssec on the forward lookup of a verify=helo and verify=reverse_host_lookup
- observability of status of requested dnssec

10 years agoFix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455
Jeremy Harris [Sun, 20 Apr 2014 15:44:52 +0000 (16:44 +0100)]
Fix handling of $tls_cipher et.al. in (non-verify) transport.  Bug 1455

The split of these variables into _in and _out sets introduced by d9b231
in 4.82 was incomplete, leaving the deprecated legacy variables nonfunctional
during a transport and associated client authenticator.

Fix by repointing the legacy set to the outbound connection set at
transport startup (and do not clear out the inbound set at this
time, either).

10 years agoCopyright year updates:
Todd Lyons [Sat, 19 Apr 2014 17:28:32 +0000 (10:28 -0700)]
Copyright year updates:

vim $(git whatchanged --since=2014-01-01 | grep '^:100' | sed 's/^[^M]*M//' | sort -u | fgrep -v test/)

10 years agoFix Proxy Protocol v2 handling
Todd Lyons [Thu, 17 Apr 2014 18:58:09 +0000 (11:58 -0700)]
Fix Proxy Protocol v2 handling

Change recv() to not use MSGPEEK and eliminated flush_input().
Add proxy_target_address/port expansions.
Convert ipv6 decoding to memmove().
Use sizeof() for variable sizing.
Correct struct member access.
Enhance debug output when passed invalid command/family.
Add to and enhance documentation.
Client script to test Proxy Protocol, interactive on STDIN/STDOUT,
  so can be chained (ie a swaks pipe), useful for any service, not
  just Exim and/or smtp.

10 years agoFix logging of nomail
Jeremy Harris [Fri, 18 Apr 2014 13:21:59 +0000 (14:21 +0100)]
Fix logging of nomail

When built with TLS support, non-TLS connections not resulting in mail transfer were crashing while
building a log line.  Fix by not returning a non-extensible string from the routine added in 67d81c1.

10 years agoBail configuration on missing package
Phil Pennock [Wed, 16 Apr 2014 06:25:45 +0000 (23:25 -0700)]
Bail configuration on missing package

If we're configured to use pkg-config (or pcre-config) and the tool is
not available or does not know about the package we ask for, that should
be a fatal configuration error.

We should not silently ignore the missing package, then try to compile,
and have missing header warnings from the compiler.  Eg, if we're told
to support GSASL, we'll try to compile the client code, and without
compiler flags, we'll either fail to compile (missing headers) or fail
to link, which obscures the source of the errors.

This change will only break people who had builds set to have Exim
depend upon non-existent packages, and that _needs_ to break.

10 years agoReport OpenSSL build date too.
Phil Pennock [Wed, 16 Apr 2014 02:43:31 +0000 (19:43 -0700)]
Report OpenSSL build date too.

Adjust `-d -bV` output for OpenSSL to include library build date.

Some OS packagers have backported heartbleed security fixes without
changing anything in the reported version number.  The closest we can
get to a reassuring sign for administrators is to report the OpenSSL
library build date, as picked by the library which Exim is using at run
time.

```
Library version: OpenSSL: Compile: OpenSSL 1.0.1g 7 Apr 2014
                          Runtime: OpenSSL 1.0.1g 7 Apr 2014
                                 : built on: Mon Apr  7 15:08:30 PDT 2014
```

For comparison, the version information for OpenSSL on Ubuntu (where
Exim is by default built with GnuTLS, but this provides for context for
comparison):

```
$ openssl version -v -b
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr  7 20:33:29 UTC 2014
```

GnuTLS: the closest I can find to a runtime value is the call we are
already making; if an OS vendor patches GnuTLS without changing the
version which would be returned by `gnutls_check_version(NULL)` then the
sysadmin is SOL and will have to explore library linkages more
carefully.

10 years agoMake dmarc code c89 compliant
Todd Lyons [Tue, 15 Apr 2014 20:22:46 +0000 (13:22 -0700)]
Make dmarc code c89 compliant

10 years agoAdd back deprecated SPF error conditions
Todd Lyons [Tue, 15 Apr 2014 20:10:59 +0000 (13:10 -0700)]
Add back deprecated SPF error conditions

Previous patch introduced a change that could break existing SPF
  configurations.  Add back the two non-standard "err_temp" and
  "err_perm" result values, with note that it is deprecated and
  will be removed in a future release.

10 years agoAdd expansion for DMARC policy
Todd Lyons [Sat, 12 Apr 2014 17:42:52 +0000 (10:42 -0700)]
Add expansion for DMARC policy

New variable is $dmarc_domain_policy

10 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Tue, 15 Apr 2014 16:53:43 +0000 (09:53 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

Fixed Conflicts:
doc/doc-txt/ChangeLog

10 years agoDe-duplicate two documentation sections
Todd Lyons [Tue, 15 Apr 2014 16:52:22 +0000 (09:52 -0700)]
De-duplicate two documentation sections

10 years agoUpdate ${utf8clean }. Bug 1401
Axel Rau [Mon, 14 Apr 2014 19:02:41 +0000 (20:02 +0100)]
Update ${utf8clean }.  Bug 1401

10 years agoFix build for update on library component.
Jeremy Harris [Sun, 13 Apr 2014 16:43:11 +0000 (17:43 +0100)]
Fix build for update on library component.

When, eg, the smtp transport is changed the transports library must be rebuilt.
Fix the main makefile to not assume that the date on the library .a is sufficient,
but always call the library subdir makefiles.

10 years agoMore care with headers add/remove lists. Bug 1452
Jeremy Harris [Sun, 30 Mar 2014 20:48:32 +0000 (21:48 +0100)]
More care with headers add/remove lists.  Bug 1452
As a side-effect, playing games with newlines no longer gives an altered message body/

Testcase 0324 is questionable (though passing)

10 years agodnsdb tlsa lookup
Todd Lyons [Wed, 9 Apr 2014 16:11:21 +0000 (17:11 +0100)]
dnsdb tlsa lookup

10 years agoPrint support for Experimental Proxy with -bV
Todd Lyons [Wed, 26 Mar 2014 23:05:13 +0000 (16:05 -0700)]
Print support for Experimental Proxy with -bV

10 years agoFix string_unprinting()
Jeremy Harris [Sun, 23 Mar 2014 22:53:06 +0000 (22:53 +0000)]
Fix string_unprinting()

10 years agoFuture-proof OpenSSL version string. Bug 1421
Jeremy Harris [Thu, 20 Mar 2014 20:09:08 +0000 (20:09 +0000)]
Future-proof OpenSSL version string.  Bug 1421

10 years agoFix testcase for GnuTLS tls_require_ciphers
Jeremy Harris [Wed, 19 Mar 2014 21:16:37 +0000 (21:16 +0000)]
Fix testcase for GnuTLS tls_require_ciphers

10 years agoDocs for transport tls_verify_hosts &c.
Jeremy Harris [Wed, 19 Mar 2014 20:14:24 +0000 (20:14 +0000)]
Docs for transport tls_verify_hosts &c.

10 years agoAdd tls_verify_hosts and tls_try_verify_hosts to smtp transport, GnuTLS.
Wolfgang Breyha [Tue, 18 Mar 2014 16:03:43 +0000 (16:03 +0000)]
Add tls_verify_hosts and tls_try_verify_hosts to smtp transport, GnuTLS.

10 years agoFix testsuite GnuTLS case for 511a6c1
Jeremy Harris [Wed, 19 Mar 2014 19:46:35 +0000 (19:46 +0000)]
Fix testsuite GnuTLS case for 511a6c1

10 years agoFix ACL "condition =" for negative number values. Bug 1005
Jeremy Harris [Tue, 18 Mar 2014 16:17:56 +0000 (16:17 +0000)]
Fix ACL "condition =" for negative number values.  Bug 1005
Fix conditional "bool{<string>}" for negative number values, to match.

10 years agoEnforce that only smtp transports can be used for verify callouts. Bug 1445
Heiko Schlittermann [Sun, 16 Mar 2014 22:29:59 +0000 (22:29 +0000)]
Enforce that only smtp transports can be used for verify callouts.  Bug 1445

10 years agoSupport transport-added headers under cutthrough delivery. Bug 1431
Jeremy Harris [Sun, 16 Mar 2014 17:22:56 +0000 (17:22 +0000)]
Support transport-added headers under cutthrough delivery.  Bug 1431

10 years agoAdd tls_verify_hosts and tls_try_verify_hosts to smtp transport. Bug 1371
Wolfgang Breyha [Sat, 15 Mar 2014 14:16:05 +0000 (14:16 +0000)]
Add tls_verify_hosts and tls_try_verify_hosts to smtp transport.  Bug 1371

Code by Wolfgang Breyha, docs and testsuite by Jeremy Harris

10 years agoTestcases
Jeremy Harris [Sat, 15 Mar 2014 14:06:07 +0000 (14:06 +0000)]
Testcases

10 years agoAdd documentation
Jeremy Harris [Sat, 15 Mar 2014 12:29:31 +0000 (12:29 +0000)]
Add documentation

10 years agoFix DISABLE_DKIM build
Jeremy Harris [Tue, 11 Mar 2014 16:24:50 +0000 (16:24 +0000)]
Fix DISABLE_DKIM build

Reported-by: heiko.schlichting@fu-berlin.de
Broken-in: 6e62c454 - jgh146exb@wizmail.org

10 years agoRefactor malware.c and introduce new scanner type "sock". Bugs 1418 and 1396
Jeremy Harris [Sun, 9 Mar 2014 21:45:33 +0000 (21:45 +0000)]
Refactor malware.c and introduce new scanner type "sock". Bugs 1418 and 1396

10 years agoLog port and TLS details for a failed delivery
Jeremy Harris [Sun, 9 Mar 2014 16:51:00 +0000 (16:51 +0000)]
Log port and TLS details for a failed delivery

10 years agoLog incoming-TLS details on rejects. Bug 305
Jeremy Harris [Sun, 9 Mar 2014 16:41:20 +0000 (16:41 +0000)]
Log incoming-TLS details on rejects. Bug 305

10 years agoFix docs for utf8clean
Jeremy Harris [Sun, 9 Mar 2014 21:05:59 +0000 (21:05 +0000)]
Fix docs for utf8clean

10 years ago${utf8clean:string} expansion operator. Bug 1401
Axel Rau [Sat, 8 Mar 2014 20:59:24 +0000 (20:59 +0000)]
${utf8clean:string} expansion operator.  Bug 1401

10 years agoExpand documentation on use of dnslists in an IPv6 environment. Bug 1369
Jeremy Harris [Sat, 8 Mar 2014 18:50:16 +0000 (18:50 +0000)]
Expand documentation on use of dnslists in an IPv6 environment. Bug 1369

10 years agoChange strings of SPF result to conform to RFC 4408
Todd Lyons [Fri, 7 Mar 2014 04:55:19 +0000 (20:55 -0800)]
Change strings of SPF result to conform to RFC 4408

Introduces a small backwards incompatible change to two results,
  err_temp to temperror and err_perm to permerror.

10 years agoCode for verify=header_names_ascii
Michael Fischer v. Mollard [Thu, 6 Mar 2014 02:19:24 +0000 (18:19 -0800)]
Code for verify=header_names_ascii

Documentation and test included.

Fixed Conflicts:
doc/doc-txt/ChangeLog

10 years agoSupport log_selector smtp_confirmation for the lmtp transport. Bug 1157
Wolfgang Breyha [Wed, 5 Mar 2014 19:33:04 +0000 (19:33 +0000)]
Support log_selector smtp_confirmation for the lmtp transport.  Bug 1157

10 years agoFix docs, `dns_dnssec_ok` not `dns_use_dnssec`
Phil Pennock [Sun, 2 Mar 2014 20:48:02 +0000 (15:48 -0500)]
Fix docs, `dns_dnssec_ok` not `dns_use_dnssec`

The variable rename in 4.82 PP/19 (commit 0fbd9bff) was incomplete, I
missed changing the documentation.  :(

10 years agoFix parallel make. Bug 1446
Jeremy Harris [Sat, 1 Mar 2014 17:02:43 +0000 (17:02 +0000)]
Fix parallel make.  Bug 1446
from work by Heiko Schlittermann

10 years agoAdd tls_verify_hosts and tls_try_verify_hosts to smtp transport
Wolfgang Breyha [Wed, 26 Feb 2014 20:07:46 +0000 (20:07 +0000)]
Add tls_verify_hosts and tls_try_verify_hosts to smtp transport

Patch version 2

10 years agoFix build on systems having ipv6 but lacking an IPV6_TCLASS define (GNU Hurd). Bug...
Jeremy Harris [Sun, 9 Feb 2014 21:03:27 +0000 (21:03 +0000)]
Fix build on systems having ipv6 but lacking an IPV6_TCLASS define (GNU Hurd).  Bug 1441
By Samuel Thibault

10 years agoFix tls_verify_certificates in gnutls use. Bug 1413.
Jeremy Harris [Sun, 26 Jan 2014 18:03:01 +0000 (18:03 +0000)]
Fix tls_verify_certificates in gnutls use.  Bug 1413.
Patch by W.Breyha, tested by H.Schlittermann

10 years agoBugzilla 1433: Fix DMARC SEGV
Wolfgang Breyha [Tue, 14 Jan 2014 14:12:38 +0000 (06:12 -0800)]
Bugzilla 1433: Fix DMARC SEGV

Properly escape value passed to expand_string().
Check for NULL return from expand_string().

10 years agoUpdate copyright year in --version output
Phil Pennock [Tue, 7 Jan 2014 06:59:04 +0000 (01:59 -0500)]
Update copyright year in --version output

10 years agoCopyright year updates:
Phil Pennock [Tue, 7 Jan 2014 06:56:40 +0000 (01:56 -0500)]
Copyright year updates:

    vi $(git whatchanged --since=2013-01-01 | grep '^:100' | sed 's/^[^M]*M//' | sort -u | fgrep -v test/)

Did 2014 first, since otherwise every file I touched to update to 2013
would show as changed in 2014.  Last invocation logged to git was during
2012.  Will need to be more careful if auditing next year.

10 years agoCopyright year updates: 2014
Phil Pennock [Tue, 7 Jan 2014 06:49:54 +0000 (01:49 -0500)]
Copyright year updates: 2014

    vi $(git whatchanged --since=2014-01-01 | grep '^:100' | sed 's/^[^M]*M//' | sort -u | fgrep -v test/)

10 years agoDocument (and enforce) that DKIM-signing is not supported in cobination with cutthrou...
Jeremy Harris [Sun, 5 Jan 2014 21:22:06 +0000 (21:22 +0000)]
Document (and enforce) that DKIM-signing is not supported in cobination with cutthrough routing

10 years agoDocumant the non-support of header manipulation in post-RCPT ACLs in combination...
Jeremy Harris [Sun, 5 Jan 2014 17:54:41 +0000 (17:54 +0000)]
Documant the non-support of header manipulation in post-RCPT ACLs in combination with cuttrhough.
Add check and paniclog attempts to do so.  Bug 1411 (WONTFIX).

10 years agoExplicitly disable cutthrough on transports having filters
Jeremy Harris [Sun, 5 Jan 2014 15:27:19 +0000 (15:27 +0000)]
Explicitly disable cutthrough on transports having filters

10 years agoExplicitly disable cutthrough on transports having filters
Jeremy Harris [Sun, 29 Dec 2013 19:10:05 +0000 (19:10 +0000)]
Explicitly disable cutthrough on transports having filters

10 years agoProxy negotiation saves socket timeout values.
Todd Lyons [Mon, 30 Dec 2013 23:02:21 +0000 (15:02 -0800)]
Proxy negotiation saves socket timeout values.

Rename proxy expansions conforming to Exim standards.
Update documentation to reflect rename.
Seperate restore socket function

10 years agoAdd ${listextract {n}{list}...}
Jeremy Harris [Sun, 27 Oct 2013 15:18:44 +0000 (15:18 +0000)]
Add ${listextract {n}{list}...}

10 years agoFix use of uninitialized variable
Jeremy Harris [Sun, 15 Dec 2013 18:36:48 +0000 (18:36 +0000)]
Fix use of uninitialized variable

10 years agoIncrease test CA key sizes from 512 to 1024 to handle TLS1.2 digest sizes.
Jeremy Harris [Sun, 15 Dec 2013 22:17:42 +0000 (22:17 +0000)]
Increase test CA key sizes from 512 to 1024 to handle TLS1.2 digest sizes.

10 years agoClarify interaction of delay_warning and retry configuration.
Jeremy Harris [Sat, 7 Dec 2013 13:34:42 +0000 (13:34 +0000)]
Clarify interaction of delay_warning and retry configuration.

10 years agoProxy Protocol - Server support
Todd Lyons [Sat, 30 Nov 2013 19:31:21 +0000 (11:31 -0800)]
Proxy Protocol - Server support

Initial conf setting and expansions
Logging setting whether to record proxy host, off by default
Put PROXY processing before connect ACL
Fix incoming address logging
Add Proxy Protocol to ChangeLog
Set window for Proxy Protocol header to be sent
Update docs and EDITME.

11 years agobuild: try to get dash/bash for sanity
Phil Pennock [Thu, 21 Nov 2013 01:16:02 +0000 (17:16 -0800)]
build: try to get dash/bash for sanity

The "local" builtin is not part of POSIX.  We want it.  Try harder to
get a vaguely sane shell, rather than just a POSIX shell.

Also, safeguard to error out more gracefully if invoked from outside the
build process.

11 years agoFix testsuite build on Solaris
Jeremy Harris [Wed, 20 Nov 2013 14:19:37 +0000 (14:19 +0000)]
Fix testsuite build on Solaris

As of s11, Solaris & derivatives need libsocket and libnsl.  Ensure they are searched for
by autoconfig.  This seems to be successfully ignored on Linux.
Credit to Dave Edmondson (dme@dme.org) for the fix.

11 years agoFix ldap option setting.
Todd Lyons [Thu, 31 Oct 2013 16:42:15 +0000 (09:42 -0700)]
Fix ldap option setting.

Some client libs set a global context, newer client libs set a global
  default which then needs to be reloaded.

11 years agoFix memory management vs acl-as-conditional, redux
Jeremy Harris [Tue, 12 Nov 2013 19:51:10 +0000 (19:51 +0000)]
Fix memory management vs acl-as-conditional, redux

11 years agoFix memory management vs. acl-as-conditional
Jeremy Harris [Sun, 10 Nov 2013 21:31:17 +0000 (21:31 +0000)]
Fix memory management vs. acl-as-conditional

11 years agoAdd commented-braces for ease of brace-matching editor use
Jeremy Harris [Sun, 10 Nov 2013 21:12:51 +0000 (21:12 +0000)]
Add commented-braces for ease of brace-matching editor use

11 years agospec: TLS certificates: avoid MD5
Phil Pennock [Sun, 10 Nov 2013 10:16:27 +0000 (05:16 -0500)]
spec: TLS certificates: avoid MD5

Make it clearer in the spec, where talking about certificates, that MD5
in certs is a really Quite Bad idea.

11 years agoBug 1334: AutoDetect compression type in exigrep
Todd Lyons [Sat, 12 Oct 2013 16:42:31 +0000 (09:42 -0700)]
Bug 1334: AutoDetect compression type in exigrep

Does not use any extra perl modules.
Attempts hard coded types first, so no extra code for the standard
  case.
Easy to add more compression types.

11 years agoPortability fix for Solaris without xpg4 utilities
Tony Finch [Thu, 7 Nov 2013 16:26:33 +0000 (16:26 +0000)]
Portability fix for Solaris without xpg4 utilities

11 years agoquickrelease: A dumb script for making source-only tarballs
Tony Finch [Thu, 7 Nov 2013 16:25:51 +0000 (16:25 +0000)]
quickrelease: A dumb script for making source-only tarballs