[exim-dev] [Bug 1523] DANE support under GnuTLS
https://bugs.exim.org/show_bug.cgi?id=1523 --- Comment #6 from Jeremy Harris--- Doh, thinko. DANE was moved to mainline by c0635b6dfe and will be in 4.91 -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: [exim-dev] [Bug 1523] DANE support under GnuTLS
On Sat, 3 Mar 2018, admin--- via Exim-dev wrote: https://bugs.exim.org/show_bug.cgi?id=1523 Jeremy Harrischanged: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED --- Comment #5 from Jeremy Harris --- DKIM was moved to mainline by c0635b6dfe and will be in 4.91 DKIM or DANE ? -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 1523] DANE support under GnuTLS
https://bugs.exim.org/show_bug.cgi?id=1523 Jeremy Harrischanged: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED --- Comment #5 from Jeremy Harris --- DKIM was moved to mainline by c0635b6dfe and will be in 4.91 -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 1523] DANE support under GnuTLS
https://bugs.exim.org/show_bug.cgi?id=1523 Jeremy Harrischanged: What|Removed |Added Status|NEW |ASSIGNED Target Milestone|Exim 4.85 |Exim 4.91 Assignee|p...@exim.org|jgh146...@wizmail.org --- Comment #4 from Jeremy Harris --- Followon commits: 28646fa9c7 DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode 3674140cdd DANE/GnuTLS: filter TLSA records for usability 94c1328507 DANE/GnuTLS: split verification of mixed sets of TLSA records by usage Known deficiencies: - Viktor says the chain-handling is over-strict - Not all cases of unusable-cert result in retry against further TLSA records - No support for RFC7671 digest agility Still Experimental, but consider moving to default build by next release. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 1523] DANE support under GnuTLS
https://bugs.exim.org/show_bug.cgi?id=1523 Git Commitchanged: What|Removed |Added CC||g...@exim.org --- Comment #3 from Git Commit --- Git commit: https://git.exim.org/exim.git/commitdiff/899b8bbc6d360af6362c2a41d40b786279f41492 commit 899b8bbc6d360af6362c2a41d40b786279f41492 Author: Jeremy Harris AuthorDate: Tue Dec 19 15:06:49 2017 + Commit: Jeremy Harris CommitDate: Tue Dec 19 15:22:42 2017 + dane: support under gnutls. bug 1523 gnutls version 3.0.0 onwards; still experimental doc/doc-txt/NewStuff| 3 + doc/doc-txt/experimental-spec.txt | 2 + src/OS/Makefile-Base| 16 ++-- src/scripts/MakeLinks | 2 +- src/src/EDITME | 5 +- src/src/dane-gnu.c | 21 - src/src/dane.c | 4 +- src/src/tls-gnu.c | 174 +--- src/src/transports/smtp.c | 11 +-- test/confs/5820 | 52 +++ test/confs/5840 | 14 +-- test/confs/5860 | 14 +-- test/dnszones-src/db.test.ex| 35 ++-- test/log/5820 | 107 ++ test/log/5840 | 58 +--- test/log/5860 | 8 +- test/scripts/5820-DANE-GnuTLS/5820 | 102 +++-- test/scripts/5840-DANE-OpenSSL/5840 | 37 ++-- test/stderr/{5840 => 5820} | 35 +--- test/stderr/5840| 30 --- test/stdout/5800| 2 +- test/stdout/5820| 45 ++ test/stdout/5840| 30 --- 23 files changed, 628 insertions(+), 179 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 1523] DANE support under GnuTLS
--- You are receiving this mail because: --- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=1523 --- Comment #1 from Andreas Metzler eximus...@bebt.de 2014-09-02 18:04:23 --- On 2014-09-02 Jeremy Harris jgh146...@wizmail.org wrote: EXPERIMENTAL_DANE only works with an OpenSSL build. We should do a GnuTLS implementation also. Viktor has, I think, opined that the builtin support in GnuTLS for DANE is insufficient; possibly we should try to use the same library (basically Viktor's code) for both. Just as a data point: GnuTLS DANE support is currently not used a lot since it requires unbound which in turn requires one of the other two big SSL toolkits (NSS or OpenSSL). That is why we are not shipping the library in Debian yet. That is supposed to change, though, see http://lists.gnutls.org/pipermail/gnutls-devel/2014-July/007039.html cu Andreas -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 1523] DANE support under GnuTLS
--- You are receiving this mail because: --- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=1523 --- Comment #2 from Phil Pennock p...@exim.org 2014-09-03 01:13:51 --- The exbot42 build farm agent is using unbound as its local resolver. Todd, shout if you want me to add a bunch more agents, as variant builds, or if you just want ssh access to the build farm account on that machine. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##