interimap/lib/Net, branch v0.5.4

typofix

2020-12-11T10:20:41+00:00

libinterimap: add support for the TLS SNI (Server Name Indication) extension.

2020-12-11T10:20:41+00:00

This is controlled by the new 'SSL_hostname' option.  The default value
of that option is the value of the 'host' option when it is hostname,
and the empty string (which disables SNI) when it is an IP literal.

libinterimap: make SSL_verify check the hostname as well.

2020-12-11T10:20:41+00:00

More precisely, ensure that the certificate Subject Alternative Name
(SAN) or Subject CommonName (CN) matches the hostname or IP literal
specified by the 'host' option.  Previously it was only verifying the
chain of trust.

This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version
1.0.2.

libinterimap: factor out hostname/IP parsing.

2020-12-11T10:20:41+00:00

Also, document that enclosing 'host' value in square brackets forces its
interpretation as an IP literal (hence skips name resolution).

libinterimap: show the matching pinned SPKI in --debug mode.

2020-12-11T10:20:37+00:00

libinterimap: SSL_fingerprint now supports a space-separate list of digests to pin.

2020-12-09T14:29:54+00:00

And succeeds if, and only if, the peer certificate SPKI matches one of
the pinned digest values.  Specifying multiple digest values can key
useful in key rollover scenarios and/or when the server supports
certificates of different types (for instance RSA+ECDSA).

libinterimap: 'debug' forces 'null-stderr' = 0.

2020-12-08T15:03:23+00:00

The standard error is never sent to /dev/null in debug mode.

Closes: deb#968392

Upgrade URLs to secure HTTP.

2020-08-04T00:35:05+00:00

libinterimap: abort on PREAUTH greeting received on plaintext connections

2020-08-03T18:50:08+00:00

Set "STARTTLS = NO" to ignore.  This is similar to CVE-2020-12398 and
CVE-2020-14093.

libinterimap: Fix response injection vulnerability after STARTTLS.

2020-08-03T18:30:46+00:00

For background see https://gitlab.com/muttmua/mutt/-/issues/248 .