[exim-dev] [Bug 1523] DANE support under GnuTLS

2018-03-04 Thread admin--- via Exim-dev 
https://bugs.exim.org/show_bug.cgi?id=1523

--- Comment #6 from Jeremy Harris  ---
Doh, thinko.
DANE was moved to mainline by c0635b6dfe and will be in 4.91

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Re: [exim-dev] [Bug 1523] DANE support under GnuTLS

2018-03-04 Thread Andrew C Aitchison via Exim-dev 

On Sat, 3 Mar 2018, admin--- via Exim-dev wrote:


https://bugs.exim.org/show_bug.cgi?id=1523

Jeremy Harris  changed:

  What|Removed |Added

Status|ASSIGNED|RESOLVED
Resolution|--- |FIXED

--- Comment #5 from Jeremy Harris  ---
DKIM was moved to mainline by c0635b6dfe and will be in 4.91



DKIM or DANE ?


--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 1523] DANE support under GnuTLS

2018-03-03 Thread admin--- via Exim-dev 
https://bugs.exim.org/show_bug.cgi?id=1523

Jeremy Harris  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #5 from Jeremy Harris  ---
DKIM was moved to mainline by c0635b6dfe and will be in 4.91

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 1523] DANE support under GnuTLS

2017-12-23 Thread admin 
https://bugs.exim.org/show_bug.cgi?id=1523

Jeremy Harris  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
   Target Milestone|Exim 4.85   |Exim 4.91
   Assignee|p...@exim.org|jgh146...@wizmail.org

--- Comment #4 from Jeremy Harris  ---
Followon commits:

28646fa9c7 DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode
3674140cdd DANE/GnuTLS: filter TLSA records for usability
94c1328507 DANE/GnuTLS: split verification of mixed sets of TLSA records by
usage

Known deficiencies:
- Viktor says the chain-handling is over-strict
- Not all cases of unusable-cert result in retry against further TLSA records
- No support for RFC7671 digest agility

Still Experimental, but consider moving to default build by next release.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 1523] DANE support under GnuTLS

2017-12-19 Thread admin 
https://bugs.exim.org/show_bug.cgi?id=1523

Git Commit  changed:

   What|Removed |Added

 CC||g...@exim.org

--- Comment #3 from Git Commit  ---
Git commit:
https://git.exim.org/exim.git/commitdiff/899b8bbc6d360af6362c2a41d40b786279f41492

commit 899b8bbc6d360af6362c2a41d40b786279f41492
Author: Jeremy Harris 
AuthorDate: Tue Dec 19 15:06:49 2017 +
Commit: Jeremy Harris 
CommitDate: Tue Dec 19 15:22:42 2017 +

dane: support under gnutls.  bug 1523

gnutls version 3.0.0 onwards; still experimental

 doc/doc-txt/NewStuff|   3 +
 doc/doc-txt/experimental-spec.txt   |   2 +
 src/OS/Makefile-Base|  16 ++--
 src/scripts/MakeLinks   |   2 +-
 src/src/EDITME  |   5 +-
 src/src/dane-gnu.c  |  21 -
 src/src/dane.c  |   4 +-
 src/src/tls-gnu.c   | 174 +---
 src/src/transports/smtp.c   |  11 +--
 test/confs/5820 |  52 +++
 test/confs/5840 |  14 +--
 test/confs/5860 |  14 +--
 test/dnszones-src/db.test.ex|  35 ++--
 test/log/5820   | 107 ++
 test/log/5840   |  58 +---
 test/log/5860   |   8 +-
 test/scripts/5820-DANE-GnuTLS/5820  | 102 +++--
 test/scripts/5840-DANE-OpenSSL/5840 |  37 ++--
 test/stderr/{5840 => 5820}  |  35 +---
 test/stderr/5840|  30 ---
 test/stdout/5800|   2 +-
 test/stdout/5820|  45 ++
 test/stdout/5840|  30 ---
 23 files changed, 628 insertions(+), 179 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 1523] DANE support under GnuTLS

2014-09-02 Thread Andreas Metzler 
--- You are receiving this mail because: ---
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1523




--- Comment #1 from Andreas Metzler eximus...@bebt.de  2014-09-02 18:04:23 ---
On 2014-09-02 Jeremy Harris jgh146...@wizmail.org wrote:
 EXPERIMENTAL_DANE only works with an OpenSSL build.
 We should do a GnuTLS implementation also.

 Viktor has, I think, opined that the builtin support
 in GnuTLS for DANE is insufficient; possibly we should
 try to use the same library (basically Viktor's code)
 for both.

Just as a data point:

GnuTLS DANE support is currently not used a lot since it requires
unbound which in turn requires one of the other two big SSL toolkits
(NSS or OpenSSL). That is why we are not shipping the library in
Debian yet.

That is supposed to change, though, see
http://lists.gnutls.org/pipermail/gnutls-devel/2014-July/007039.html

cu Andreas


-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 1523] DANE support under GnuTLS

2014-09-02 Thread Phil Pennock 
--- You are receiving this mail because: ---
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1523




--- Comment #2 from Phil Pennock p...@exim.org  2014-09-03 01:13:51 ---
The exbot42 build farm agent is using unbound as its local resolver.

Todd, shout if you want me to add a bunch more agents, as variant builds, or if
you just want ssh access to the build farm account on that machine.


-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##