users/heiko/exim.git
12 years agoAdd expansion variable $headers_added returning newline-sep list of headers
Jeremy Harris [Thu, 4 Oct 2012 22:05:04 +0000 (23:05 +0100)]
Add expansion variable $headers_added returning newline-sep list of headers
added in ACLs.  Bug 199.

12 years agoStrip leading/trailing newlines on list of headers for addition; bug 884.
Jeremy Harris [Thu, 4 Oct 2012 21:21:09 +0000 (22:21 +0100)]
Strip leading/trailing newlines on list of headers for addition; bug 884.

NB: this means a bare "X-ACL-Warn:" header is harder to add.

12 years agoReleases signed by Phil's key, not Nigel's.
Phil Pennock [Thu, 4 Oct 2012 02:00:13 +0000 (22:00 -0400)]
Releases signed by Phil's key, not Nigel's.

State a more general policy of PGP signing, mention trust paths, cite
the main public keyserver pool, provide a link to a trustpath display
between Nigel's key and Phil's.

Provide Phil's current PGP keyid (noting will change in 2013).

Bounce via a redirector, on Phil's security site, because:
 (1) xfpt barfs on &url(..) where the URL contains an ampersand
 (2) No ampersands means less debugging across various platforms
 (3) The redirector is https: with a public cert, where www.exim.org
     does not have a cert (with that name, at this time).

All keys cited in 0xLong form (16 hex characters).

Nits:
 (1) URL is given with https:// on one line, the rest on the next
 (2) using alt text does not give the URL in the .txt format, despite
     the docs, because we build .txt from w3m -dump, so the HTML form is
     used.
 (3) Ideally, we'll get around to having https://www.exim.org/ exist and
     be usable for this redirect.

Side-effects:
 (1) My name is in The Spec for the first time. :)

12 years agoUnbreak non-ipv6 build.
Jeremy Harris [Thu, 27 Sep 2012 21:00:55 +0000 (22:00 +0100)]
Unbreak non-ipv6 build.

My commit 3a7963704c519 broke compilation without HAVE_IPv6.  Rework.

12 years agoAdd doc caveats on cutthrough-delivery vs. verify-mode routers.
Jeremy Harris [Mon, 24 Sep 2012 19:33:56 +0000 (20:33 +0100)]
Add doc caveats on cutthrough-delivery vs. verify-mode routers.

12 years agoFix expected test output file with return before linefeed.
Jeremy Harris [Mon, 24 Sep 2012 19:32:39 +0000 (20:32 +0100)]
Fix expected test output file with return before linefeed.

12 years agoTypo in debug output.
Todd Lyons [Mon, 17 Sep 2012 16:11:58 +0000 (09:11 -0700)]
Typo in debug output.

12 years agoMinor doc nits re bug 1262.
Phil Pennock [Wed, 12 Sep 2012 00:14:42 +0000 (20:14 -0400)]
Minor doc nits re bug 1262.

Update src comment to be clearer about why it's safe for "state of this transport" to affect other deliveries.
Mention change in externally observable state in README.UPDATING.
Reference bugzilla entry in ChangeLog.
Update Paul's credit in ACKNOWLEDGMENTS.

12 years agoAvoid using a waiting db for single-message-only transports. Performance
Jeremy Harris [Tue, 11 Sep 2012 22:11:16 +0000 (23:11 +0100)]
Avoid using a waiting db for single-message-only transports.  Performance
bug 1262 and patch from Paul Fisher.  Testcase 0288 exercises.

12 years agoUpdate manual on the logging of cutthrough-mode deliveries.
Jeremy Harris [Sun, 9 Sep 2012 18:01:55 +0000 (19:01 +0100)]
Update manual on the logging of cutthrough-mode deliveries.

12 years agominor nits.
Phil Pennock [Thu, 6 Sep 2012 01:01:29 +0000 (21:01 -0400)]
minor nits.

Some whitespace changes; 4.73 item 8: bool_lax{} is an expansion condition, not e. operator.
Fix a comma to a period.

12 years agoAdd dnsdb lookup pseudo-type "a+". Addresses bug 1269.
Jeremy Harris [Wed, 5 Sep 2012 20:38:23 +0000 (21:38 +0100)]
Add dnsdb lookup pseudo-type "a+".   Addresses bug 1269.

12 years agoBugtrack 1290 - Spec grammar fixes.
Todd Lyons [Mon, 27 Aug 2012 15:17:25 +0000 (08:17 -0700)]
Bugtrack 1290 - Spec grammar fixes.

Submitted by Regid.

12 years agoBugtrack 1285 - Add docs for omitted dkim_disable_verify.
Todd Lyons [Thu, 16 Aug 2012 15:37:49 +0000 (08:37 -0700)]
Bugtrack 1285 - Add docs for omitted dkim_disable_verify.

Fixed spec docbook file to pass validation when building spec.txt.
Adjust Makefile to not delete html, but not version controlled
  index.html.

12 years agoBugtrack 1283 - Spec typo fix.
Todd Lyons [Thu, 16 Aug 2012 00:16:43 +0000 (17:16 -0700)]
Bugtrack 1283 - Spec typo fix.

12 years agoBugtrack 1281 - Spec typo fix.
Todd Lyons [Tue, 14 Aug 2012 17:31:20 +0000 (10:31 -0700)]
Bugtrack 1281 - Spec typo fix.

12 years agoFix trailing whitespace
Todd Lyons [Fri, 27 Jul 2012 21:40:05 +0000 (14:40 -0700)]
Fix trailing whitespace

12 years agoFix trailing whitespace in STDOUT file.
Todd Lyons [Fri, 27 Jul 2012 21:31:45 +0000 (14:31 -0700)]
Fix trailing whitespace in STDOUT file.

12 years agoBug #198: Add remove_header ACL modifier.
Todd Lyons [Thu, 26 Jul 2012 20:31:20 +0000 (13:31 -0700)]
Bug #198: Add remove_header ACL modifier.

Used patch from Magnus Holmgren dated 2007-02-20.
Added documentation.
Added tests to detect proper operation.

12 years agoAdd example ACL usage of ${run in exim spec.
Todd Lyons [Thu, 19 Jul 2012 15:59:08 +0000 (08:59 -0700)]
Add example ACL usage of ${run in exim spec.

12 years agoDoc fixes from Regid Ichira & Andreas Metzler
Phil Pennock [Mon, 16 Jul 2012 19:21:14 +0000 (12:21 -0700)]
Doc fixes from Regid Ichira & Andreas Metzler

12 years agoDoc note re 9999 days & 32bit time (SSL certs)
Phil Pennock [Thu, 12 Jul 2012 22:42:08 +0000 (15:42 -0700)]
Doc note re 9999 days & 32bit time (SSL certs)

Thanks to Jay Rouman for highlighting that there can be rollover.
I have chosen *not* to reduce the duration, but to leave it and instead
provoke thought on the part of those deploying systems, if this bites them.

12 years agoAdd CONTINUE to runtest script
Todd Lyons [Mon, 9 Jul 2012 15:38:58 +0000 (08:38 -0700)]
Add CONTINUE to runtest script

12 years agoAdd check for inlist and !inlist in test 0002.
Todd Lyons [Sun, 8 Jul 2012 23:36:02 +0000 (16:36 -0700)]
Add check for inlist and !inlist in test 0002.

12 years agoMerge branch 'master' of git://git.exim.org/exim
Jeremy Harris [Sun, 8 Jul 2012 21:53:30 +0000 (22:53 +0100)]
Merge branch 'master' of git://git.exim.org/exim

12 years agoMultiple headers_add/remove options per router/transport - fixes bug 337
Jeremy Harris [Sun, 8 Jul 2012 21:49:18 +0000 (22:49 +0100)]
Multiple headers_add/remove options per router/transport - fixes bug 337

12 years agoMake +smtp_confirmation be a default logging option.
Todd Lyons [Fri, 6 Jul 2012 21:56:11 +0000 (14:56 -0700)]
Make +smtp_confirmation be a default logging option.

12 years agoFix bug 1267 - inlist/i were ignoring negation.
Jeremy Harris [Thu, 5 Jul 2012 22:59:20 +0000 (23:59 +0100)]
Fix bug 1267 - inlist/i were ignoring negation.

Fix the acl condition also; and make editor brace-matching a
little better.

12 years agoDelay expansion of smtp transport option "authenticated_sender"
Jeremy Harris [Thu, 5 Jul 2012 21:52:08 +0000 (22:52 +0100)]
Delay expansion of smtp transport option "authenticated_sender"
after connection startup, to match documentation - bug 1144.

12 years agoInclude the static files within the HTML documentation dir
Nigel Metheringham [Mon, 2 Jul 2012 14:11:50 +0000 (15:11 +0100)]
Include the static files within the HTML documentation dir

12 years agoMerge branch 'acl'
Jeremy Harris [Sun, 1 Jul 2012 15:01:29 +0000 (16:01 +0100)]
Merge branch 'acl'

12 years agogit/ACKNOWLEDGMENTS: coerce charset of git tools
Phil Pennock [Wed, 27 Jun 2012 20:13:20 +0000 (13:13 -0700)]
git/ACKNOWLEDGMENTS: coerce charset of git tools

github seems to assume content is 8bit.

12 years agoAcl expansions: tests and documentation
Jeremy Harris [Wed, 27 Jun 2012 19:55:23 +0000 (20:55 +0100)]
Acl expansions: tests and documentation

12 years agoLet Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
Phil Pennock [Mon, 25 Jun 2012 10:27:47 +0000 (03:27 -0700)]
Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.

Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
We just add CFLAGS_DYNAMIC too and some comments.

Non-POSIX syntax, but fairly portable; GNU make gained it in 1998,
we believe even very old systems should handle it fine.

12 years agoChange acl expansion-condition syntax to "acl {{name} {arg1}{arg2}...}"
Jeremy Harris [Sun, 24 Jun 2012 16:14:48 +0000 (17:14 +0100)]
Change acl expansion-condition syntax to "acl {{name} {arg1}{arg2}...}"
to match saslauthd condition.

12 years agoMerge branch 'acl-args' into acl
Jeremy Harris [Sun, 24 Jun 2012 15:57:06 +0000 (16:57 +0100)]
Merge branch 'acl-args' into acl

12 years agoAdd gnutls_enable_pkcs11 option.
Phil Pennock [Sun, 24 Jun 2012 09:55:29 +0000 (02:55 -0700)]
Add gnutls_enable_pkcs11 option.

GnuTLS 2.12.0 adds PKCS11 support using p11-kit and by default will
autoload modules, which interoperates badly with GNOME keyring
integration, configured via paths in environment variables, and Exim
invoked by the user (eg, mailq) will then try to load the modules, fail
and spew warnings from the module for a library loaded by a library.

http://www.gnu.org/software/gnutls/manual/gnutls.html#Smart-cards-and-HSMs
documents that to prevent this, explicitly init PKCS11 before calling
gnutls_global_init().  So we do so, unless the admin sets the new
option.

Reported by Andreas Metzler, who confirmed that the added calls fixed
the problem for him.

12 years agoAdd acl call as an expansion condition
Jeremy Harris [Thu, 14 Jun 2012 22:24:16 +0000 (23:24 +0100)]
Add acl call as an expansion condition

12 years agoAdd args to trad. modifier acl call method
Jeremy Harris [Thu, 14 Jun 2012 19:44:58 +0000 (20:44 +0100)]
Add args to trad. modifier acl call method

12 years agoUse custom variables for ACL args, up to nine. Add an arg-count variable.
Jeremy Harris [Tue, 12 Jun 2012 21:50:52 +0000 (22:50 +0100)]
Use custom variables for ACL args, up to nine.  Add an arg-count variable.

12 years agoAdd ${acl {name}{arg}} expansion item.
Jeremy Harris [Mon, 11 Jun 2012 21:00:11 +0000 (22:00 +0100)]
Add ${acl {name}{arg}} expansion item.

12 years agoMerge branch 'lists'
Jeremy Harris [Tue, 12 Jun 2012 20:43:58 +0000 (21:43 +0100)]
Merge branch 'lists'

12 years agoChange names to "listnamed" and "listcount".
Jeremy Harris [Tue, 12 Jun 2012 20:41:05 +0000 (21:41 +0100)]
Change names to "listnamed" and "listcount".

12 years agoAdd ${list:name} and ${nlist:string} expansion operators.
Jeremy Harris [Sun, 10 Jun 2012 16:53:01 +0000 (17:53 +0100)]
Add ${list:name} and ${nlist:string} expansion operators.

12 years agoCorrections to spec examples - fixes bug 1196
Nigel Metheringham [Sat, 9 Jun 2012 20:23:57 +0000 (21:23 +0100)]
Corrections to spec examples - fixes bug 1196

12 years agoTypo fix in spec - fixes bug 1197
Nigel Metheringham [Sat, 9 Jun 2012 20:16:02 +0000 (21:16 +0100)]
Typo fix in spec - fixes bug 1197

12 years agoPackagers: Debian
Phil Pennock [Thu, 7 Jun 2012 17:25:37 +0000 (13:25 -0400)]
Packagers: Debian

12 years agoExpand $sender_host_dnssec and add vtype_bool
Phil Pennock [Thu, 7 Jun 2012 17:08:35 +0000 (13:08 -0400)]
Expand $sender_host_dnssec and add vtype_bool

12 years agoUnbreak EXPERIMENTAL_OCSP after TLS cutthrough
Phil Pennock [Thu, 7 Jun 2012 17:08:05 +0000 (13:08 -0400)]
Unbreak EXPERIMENTAL_OCSP after TLS cutthrough

12 years agoBUGFIX: forced-fail smtp option tls_sni would dereference NULL
Phil Pennock [Wed, 6 Jun 2012 23:51:44 +0000 (19:51 -0400)]
BUGFIX: forced-fail smtp option tls_sni would dereference NULL

12 years agoBUGFIX: forced-fail smtp option tls_sni would dereference NULL hs12/tls_fix origin/tls_fix pdp/tls_fix
Phil Pennock [Wed, 6 Jun 2012 23:46:40 +0000 (19:46 -0400)]
BUGFIX: forced-fail smtp option tls_sni would dereference NULL

12 years agoLLONG_MIN example in os.h-Linux
Phil Pennock [Wed, 6 Jun 2012 18:13:34 +0000 (14:13 -0400)]
LLONG_MIN example in os.h-Linux

12 years agoIgnore files left over from patch program
Todd Lyons [Wed, 6 Jun 2012 15:05:28 +0000 (08:05 -0700)]
Ignore files left over from patch program

12 years agoTestsuite: add per-testcase munge facility; use for dnssec and gnutls.
Jeremy Harris [Tue, 5 Jun 2012 19:50:30 +0000 (20:50 +0100)]
Testsuite: add per-testcase munge facility; use for dnssec and gnutls.

12 years agoDocs for "G" modifier on numbers in ${if comparisons.
Jeremy Harris [Tue, 5 Jun 2012 15:33:47 +0000 (16:33 +0100)]
Docs for "G" modifier on numbers in ${if comparisons.

12 years agoSupport "G" modifier on numbers in ${if comparisons.
Jeremy Harris [Tue, 5 Jun 2012 15:16:40 +0000 (16:16 +0100)]
Support "G" modifier on numbers in ${if comparisons.

12 years agoBasic documentation for cutthrough.
Jeremy Harris [Mon, 4 Jun 2012 21:32:32 +0000 (22:32 +0100)]
Basic documentation for cutthrough.

12 years agoAdd $tls_in_* variables; note the old names as deprecated.
Jeremy Harris [Mon, 4 Jun 2012 16:48:52 +0000 (17:48 +0100)]
Add $tls_in_* variables; note the old names as deprecated.

12 years agoAdd hosts_verify_avoid_tls option to smtp transport.
Jeremy Harris [Mon, 4 Jun 2012 13:54:13 +0000 (14:54 +0100)]
Add hosts_verify_avoid_tls option to smtp transport.

12 years agoFix post-rebase merge issues.
Jeremy Harris [Mon, 4 Jun 2012 12:36:19 +0000 (13:36 +0100)]
Fix post-rebase merge issues.

12 years agoSplit out OpenSSL and GnuTLS versions of tests.
Jeremy Harris [Tue, 15 May 2012 23:22:01 +0000 (00:22 +0100)]
Split out OpenSSL and GnuTLS versions of tests.

12 years agoChange use of $tls_cipher in client context to $tls_out_cipher.
Jeremy Harris [Tue, 15 May 2012 21:51:53 +0000 (22:51 +0100)]
Change use of $tls_cipher in client context to $tls_out_cipher.

12 years agoFix bug verifying certs on dual-tls.
Jeremy Harris [Tue, 15 May 2012 21:39:27 +0000 (22:39 +0100)]
Fix bug verifying certs on dual-tls.

12 years agoSupport transport hosts_avoid_tls for cutthrough.
Jeremy Harris [Fri, 11 May 2012 20:46:57 +0000 (21:46 +0100)]
Support transport hosts_avoid_tls for cutthrough.

12 years agoAdd testcase for callout fallback from ESMTP to SMTP.
Jeremy Harris [Mon, 7 May 2012 20:15:33 +0000 (21:15 +0100)]
Add testcase for callout fallback from ESMTP to SMTP.

12 years agoBetter debug.
Jeremy Harris [Mon, 7 May 2012 17:24:16 +0000 (18:24 +0100)]
Better debug.

12 years agoFix testsuite cases affected by 8bitmime-as-default.
Jeremy Harris [Mon, 7 May 2012 16:06:00 +0000 (17:06 +0100)]
Fix testsuite cases affected by 8bitmime-as-default.

12 years agoFix tls variables order, and testsuite case 5401 (cutthrough) for changes that went...
Jeremy Harris [Sun, 6 May 2012 17:53:34 +0000 (18:53 +0100)]
Fix tls variables order, and testsuite case 5401 (cutthrough) for changes that went in with dual-tls.

12 years agoDeal explicitly with attempt to callout via null transport; fixes crash.
Jeremy Harris [Sun, 6 May 2012 16:12:31 +0000 (17:12 +0100)]
Deal explicitly with attempt to callout via null transport; fixes crash.

12 years agoFixup testsuite cases affected by dual-tls - mainly EHLO on callouts.
Jeremy Harris [Tue, 1 May 2012 19:12:36 +0000 (20:12 +0100)]
Fixup testsuite cases affected by dual-tls - mainly EHLO on callouts.

12 years agoDual-tls - split management of TLS into in- and out-bound connection-handling.
Jeremy Harris [Sun, 29 Apr 2012 20:02:27 +0000 (21:02 +0100)]
Dual-tls - split management of TLS into in- and out-bound connection-handling.

Enables concurrent use from a single process, and thereby use for cutthrough delivery.
As a side-effect EHLO and TLS use for verify callouts introduced.

This was a manual import from elsewhere and is known to fail the test-suite.

12 years agoTestsuite cases for basic cutthrough_delivery.
Jeremy Harris [Sun, 29 Apr 2012 17:22:56 +0000 (18:22 +0100)]
Testsuite cases for basic cutthrough_delivery.

Also fixed bug where a predata acl was required for cutthrough.

12 years agoBasic cutthrough delivery.
Jeremy Harris [Thu, 26 Apr 2012 22:59:34 +0000 (23:59 +0100)]
Basic cutthrough delivery.

12 years agoTest for proper parsing of optional MAIL FROM args.
Todd Lyons [Mon, 4 Jun 2012 13:03:18 +0000 (06:03 -0700)]
Test for proper parsing of optional MAIL FROM args.

12 years agoRefactor optional MAIL FROM args
Todd Lyons [Tue, 29 May 2012 13:07:42 +0000 (06:07 -0700)]
Refactor optional MAIL FROM args

12 years agoTest system - parse ipv6 addresses with no :: in them.
Todd Lyons [Mon, 4 Jun 2012 13:05:29 +0000 (06:05 -0700)]
Test system - parse ipv6 addresses with no :: in them.

12 years agoRemove extraneous #ifndef guards from config.h.default
Jeremy Harris [Mon, 4 Jun 2012 12:14:28 +0000 (13:14 +0100)]
Remove extraneous #ifndef guards from config.h.default

12 years agoImplement -G => "control=suppress_local_fixups"
Phil Pennock [Mon, 4 Jun 2012 00:27:59 +0000 (20:27 -0400)]
Implement -G => "control=suppress_local_fixups"

fixes bug 1117

12 years agoCmdline -L option; also -Ac -Am -X<logfile>
Phil Pennock [Sun, 3 Jun 2012 22:46:58 +0000 (18:46 -0400)]
Cmdline -L option; also -Ac -Am -X<logfile>

These are for Sendmail compatibility.
bug 1117

12 years agoChangeLog: note cyrus plugin use situation
Phil Pennock [Sun, 3 Jun 2012 17:27:20 +0000 (13:27 -0400)]
ChangeLog: note cyrus plugin use situation

12 years agoCyrus SASL: set host;port properties on auth driver
Phil Pennock [Sun, 3 Jun 2012 17:18:03 +0000 (13:18 -0400)]
Cyrus SASL: set host;port properties on auth driver

12 years agocopyright year
Phil Pennock [Sun, 3 Jun 2012 17:04:54 +0000 (13:04 -0400)]
copyright year

12 years agoDSCP: inbound via control = dscp/<value>
Phil Pennock [Sun, 3 Jun 2012 13:42:50 +0000 (09:42 -0400)]
DSCP: inbound via control = dscp/<value>

12 years agoDocs: pipes in redirect, need for quote caution
Phil Pennock [Sat, 2 Jun 2012 21:43:19 +0000 (17:43 -0400)]
Docs: pipes in redirect, need for quote caution

12 years agoChristof Meerwald (for patches in bug 1095)
Phil Pennock [Sat, 2 Jun 2012 21:19:32 +0000 (17:19 -0400)]
Christof Meerwald (for patches in bug 1095)

12 years agoDSCP: take numeric values too.
Phil Pennock [Sat, 2 Jun 2012 18:45:26 +0000 (14:45 -0400)]
DSCP: take numeric values too.

Also fix doc claim that value is unexpanded.
Also strip affix whitespace before numeric conversion and fixed string comparison.

12 years agoFreeBSD is ELF and has been for a long time
Phil Pennock [Sat, 2 Jun 2012 14:41:41 +0000 (10:41 -0400)]
FreeBSD is ELF and has been for a long time

12 years agoDSCP: document; hex print; -bI:dscp pdp/feature_dscp
Phil Pennock [Sat, 2 Jun 2012 13:10:44 +0000 (09:10 -0400)]
DSCP: document; hex print; -bI:dscp

12 years agoDSCP support, tentative
Phil Pennock [Fri, 1 Jun 2012 16:05:42 +0000 (12:05 -0400)]
DSCP support, tentative

12 years agoDNSSEC babystep: dns_use_dnssec & $sender_host_dnssec
Phil Pennock [Fri, 1 Jun 2012 14:15:14 +0000 (10:15 -0400)]
DNSSEC babystep: dns_use_dnssec & $sender_host_dnssec

12 years agoimprove PH entry, per Bill Hacker's suggestion
Phil Pennock [Fri, 1 Jun 2012 12:30:06 +0000 (08:30 -0400)]
improve PH entry, per Bill Hacker's suggestion

12 years agoACKNOWLEDGEMENTS update, covering a few years
Phil Pennock [Fri, 1 Jun 2012 11:49:05 +0000 (07:49 -0400)]
ACKNOWLEDGEMENTS update, covering a few years

12 years agotls_dh_min_bits smtp transport option
Phil Pennock [Fri, 1 Jun 2012 09:52:31 +0000 (05:52 -0400)]
tls_dh_min_bits smtp transport option

Could not find an API for use with OpenSSL, so GnuTLS only

12 years agoMake -n combine with -bP to inhibit names
Phil Pennock [Fri, 1 Jun 2012 08:29:39 +0000 (04:29 -0400)]
Make -n combine with -bP to inhibit names

12 years agoAdd -bI:help and -bI:sieve
Phil Pennock [Fri, 1 Jun 2012 07:37:26 +0000 (03:37 -0400)]
Add -bI:help and -bI:sieve

12 years agoDoc: drop .new/.wen, update previousversion.
Phil Pennock [Thu, 31 May 2012 10:29:28 +0000 (06:29 -0400)]
Doc: drop .new/.wen, update previousversion.

Also, drop fix one place which claimed TLS SNI support was OpenSSL only.

12 years agoRevert "Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512." exim-4_80
Phil Pennock [Thu, 31 May 2012 00:40:15 +0000 (20:40 -0400)]
Revert "Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512."

This reverts commit 83f4c7515f3eb06dc070e78edd2694c1d088e5fd.

This was not a new check!  The call to gnutls_dh_set_prime_bits() was
made with DH_BITS in Exim 4.77, so the only difference is that now an
administrator can choose at compile time to change the lower bound.

So keeping this at 1024 is not a regression and if we can't talk to them
now, we couldn't before, and we shouldn't lower security by default.
The reverted commit was only acceptable IF it was still better than what
we had in Exim 4.77.

12 years agoLower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512.
Phil Pennock [Wed, 30 May 2012 23:38:20 +0000 (19:38 -0400)]
Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512.

Wolfgang Breyha saw a real-world site using 768 bits.

12 years agoMerge openssl_disable_ssl2 branch exim-4_80_RC7
Phil Pennock [Mon, 28 May 2012 05:11:48 +0000 (01:11 -0400)]
Merge openssl_disable_ssl2 branch

12 years agotypo fix: "overriden" -> "overridden" from Andreas Metzler
Phil Pennock [Sun, 27 May 2012 16:21:37 +0000 (12:21 -0400)]
typo fix: "overriden" -> "overridden" from Andreas Metzler