interimap/tests/certs, branch debian/0.5.5-1 Fast bidirectional synchronization for QRESYNC-capable IMAP servers libinterimap: add support for the TLS SNI (Server Name Indication) extension. 2020-12-11T10:20:41+00:00 Guilhem Moulin guilhem@fripost.org 2020-12-10T20:52:44+00:00 4ed6f0982cc0553e31e7beadf441beb8573a07d4 This is controlled by the new 'SSL_hostname' option. The default value of that option is the value of the 'host' option when it is hostname, and the empty string (which disables SNI) when it is an IP literal. 
This is controlled by the new 'SSL_hostname' option.  The default value
of that option is the value of the 'host' option when it is hostname,
and the empty string (which disables SNI) when it is an IP literal.
libinterimap: make SSL_verify check the hostname as well. 2020-12-11T10:20:41+00:00 Guilhem Moulin guilhem@fripost.org 2020-12-10T18:39:10+00:00 265f133600e9812726a52ea3067409ed3578e882 More precisely, ensure that the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches the hostname or IP literal specified by the 'host' option. Previously it was only verifying the chain of trust. This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version 1.0.2. 
More precisely, ensure that the certificate Subject Alternative Name
(SAN) or Subject CommonName (CN) matches the hostname or IP literal
specified by the 'host' option.  Previously it was only verifying the
chain of trust.

This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version
1.0.2.
test suite: always generate new certificates on `make test`. 2020-12-11T10:20:41+00:00 Guilhem Moulin guilhem@fripost.org 2020-12-10T13:34:48+00:00 26e5c04abfb81bdcbd4d89d9f9329b8433920b26 In addition, sign test certificates with the same root CA. Hence running `make test` now requires OpenSSL 1.1.1 or later. 
In addition, sign test certificates with the same root CA.  Hence
running `make test` now requires OpenSSL 1.1.1 or later.