interimap/tests/tls-verify-peer, branch master Fast bidirectional synchronization for QRESYNC-capable IMAP servers tests: Use "openssl rehash" instead of c_rehash 2025-10-07T17:23:15+00:00 Sebastian Andrzej Siewior sebastian@breakpoint.cc 2025-10-06T19:27:06+00:00 c8e3e71201434d5ab3f958d7ecc3f1c6d595142a The built-in version of c_rehash is "openssl rehash" and is available since the 3.0 series. The c_rehash is a perl script which is considered legacy. Switch to "openssl rehash" Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> 
The built-in version of c_rehash is "openssl rehash" and is available since the
3.0 series. The c_rehash is a perl script which is considered legacy.

Switch to "openssl rehash"

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Port tests and documentation to Dovecot 2.4. 2025-04-26T16:03:03+00:00 Guilhem Moulin guilhem@debian.org 2025-04-25T15:59:57+00:00 66aeda7f653cfb72731fe7ff2925d7291158500f See https://doc.dovecot.org/main/installation/upgrade/2.3-to-2.4.html . 
See https://doc.dovecot.org/main/installation/upgrade/2.3-to-2.4.html .
tests/*/t: Explicitly pass `-in /dev/stdin` to openssl(1). 2024-03-06T14:09:05+00:00 Guilhem Moulin guilhem@fripost.org 2024-03-06T13:52:56+00:00 a4accc44ac1fddffba31d9bf52b76738a3562057 






tests/*/t: Replace filetype=sh with filetype=bash.
2024-03-06T13:36:38+00:00

Guilhem Moulin
guilhem@fripost.org

2024-03-06T13:36:38+00:00

53a296f8b629e002b13f328c74ff905963f75dc4












libinterimap: use default locations for trusted CA certificates when neither CAfile nor CApath are set.
2020-12-13T17:44:18+00:00

Guilhem Moulin
guilhem@fripost.org

2020-12-13T16:43:52+00:00

8c43ed9baa905d907a6aad77de2282a852ba69a9

In particular, OpenSSL's default locations can be overridden by the
SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see
SSL_CTX_load_verify_locations(3ssl).

This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is
used).





In particular, OpenSSL's default locations can be overridden by the
SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see
SSL_CTX_load_verify_locations(3ssl).

This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is
used).







test suite: ensure we haven't started speaking IMAP when the SSL/TLS handshake is aborted.
2020-12-13T16:38:07+00:00

Guilhem Moulin
guilhem@fripost.org

2020-12-13T16:37:32+00:00

ba9d8af01141a6d5d5b98a0e249c311814b844a6

(Unless STARTTLS is used to upgrade the connection.)





(Unless STARTTLS is used to upgrade the connection.)







test suite: supply our own OpenSSL configuration file with MinProtocol=None.
2020-12-11T17:44:13+00:00

Guilhem Moulin
guilhem@fripost.org

2020-12-11T17:28:32+00:00

ed263d4a380036b654525ee268db615c17d0d216

So we can test TLSv1 as well, not just TLSv1.2 and later.

Also, explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration
file (the default as of 2.3.11.3), hence running TLS tests now require
Dovecot 2.3 or later.





So we can test TLSv1 as well, not just TLSv1.2 and later.

Also, explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration
file (the default as of 2.3.11.3), hence running TLS tests now require
Dovecot 2.3 or later.







libinterimap: make SSL_verify check the hostname as well.
2020-12-11T10:20:41+00:00

Guilhem Moulin
guilhem@fripost.org

2020-12-10T18:39:10+00:00

265f133600e9812726a52ea3067409ed3578e882

More precisely, ensure that the certificate Subject Alternative Name
(SAN) or Subject CommonName (CN) matches the hostname or IP literal
specified by the 'host' option.  Previously it was only verifying the
chain of trust.

This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version
1.0.2.





More precisely, ensure that the certificate Subject Alternative Name
(SAN) or Subject CommonName (CN) matches the hostname or IP literal
specified by the 'host' option.  Previously it was only verifying the
chain of trust.

This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version
1.0.2.







test suite: always generate new certificates on `make test`.
2020-12-11T10:20:41+00:00

Guilhem Moulin
guilhem@fripost.org

2020-12-10T13:34:48+00:00

26e5c04abfb81bdcbd4d89d9f9329b8433920b26

In addition, sign test certificates with the same root CA.  Hence
running `make test` now requires OpenSSL 1.1.1 or later.





In addition, sign test certificates with the same root CA.  Hence
running `make test` now requires OpenSSL 1.1.1 or later.







libinterimap: show the matching pinned SPKI in --debug mode.
2020-12-11T10:20:37+00:00

Guilhem Moulin
guilhem@fripost.org

2020-12-10T13:28:29+00:00

17b263c49df682fc45f0e50cceb01db4366ad9a7