| Commit message (Collapse) | Author | Age | Files |
|\
| |
| |
| | |
interimap Debian release 0.5.6-1
|
| | |
|
| |
| |
| |
| |
| | |
Next stable upstream release after developer release 1.86_06, and also
earliest version available in Debian.
|
| |\
| | |
| | |
| | | |
Release version 0.5.6
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
That's when get_version() was introduced. Unfortunately the manual
doesn't mention it, but 1.85 is lacking the function, see
https://github.com/radiator-software/p5-net-ssleay/blob/1.88/Changes#L216
https://github.com/radiator-software/p5-net-ssleay/commit/ae33bb5405dadde973bc25a0c5e3941d5c83f8b1
Compatibility with Net::SSLeay 1.83 can be restored by reverting this
commit and 35f4ecefa9c9ff55acfdb337b215e3d13345c86d.
|
| | | |
|
|\| |
| | |
| | |
| | | |
interimap Debian release 0.5.5-1
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
We're using ssl_min_protocol in the test suite, see
feeb91998a29ca040f6e5dd103e09507a6355e32 .
|
| | |
| | |
| | |
| | |
| | | |
The components are tightly tied together and libinterimap makes no
promise of API stability.
|
| | | |
|
| |\|
| | |
| | |
| | | |
Release version 0.5.5
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below.
See SSL_CTX_set_cipher_list(3ssl).
|
| | |
| | |
| | |
| | | |
version used.
|
| | |
| | |
| | |
| | |
| | | |
It's best to use a stock (clean) environment when possible. We only
need to test TLS protocol version <1.2 for tests/tls-protocols.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It could in principle still work with earlier versions if the new
settings SSL_protocol_{min,max} are not used, however it's cumbersome to
do individual checks for specific settings, let alone maintain test
coverage with multiple OpenSSL versions.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
CAfile nor CApath are set.
In particular, OpenSSL's default locations can be overridden by the
SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see
SSL_CTX_load_verify_locations(3ssl).
This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is
used).
|
| | |
| | |
| | |
| | |
| | |
| | | |
handshake is aborted.
(Unless STARTTLS is used to upgrade the connection.)
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Not a good idea to use a world-writable directory, see ssh_config(5)…
Note that variable expansion is only available in OpenSSH 8.4 and later,
cf. https://bugzilla.mindrot.org/show_bug.cgi?id=3140 .
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is shorter and more future-proof. Quoting the manual:
restrict
Enable all restrictions, i.e. disable port, agent and X11
forwarding, as well as disabling PTY allocation and execution of
~/.ssh/rc. If any future restriction capabilities are added to
authorized_keys files they will be included in this set.
Note that this won't work with Jessie's OpenSSH server.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Also, make use the tag doesn't exist, and fail early if we can't detect
the version.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Using the libssl interface simplifies our protocol black/whitelist
greatly; this only allows simple min/max bounds, but holes are arguably
not very useful here.
Using the new settings bumps the required libssl version to 1.1.0.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
So we can test TLSv1 as well, not just TLSv1.2 and later.
Also, explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration
file (the default as of 2.3.11.3), hence running TLS tests now require
Dovecot 2.3 or later.
|
| | | |
|
| | |
| | |
| | |
| | | |
This avoids maintaing our own map.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Namely, use the system default instead of "!SSLv2 !SSLv3 !TLSv1 !TLSv1.1".
As of Debian Buster (OpenSSL 1.1.1) this does not make a difference,
however using the system default provides better compatibility with
future libssl versions.
|
| | |
| | |
| | |
| | |
| | | |
The test suite already required OpenSSL ≥1.1.1 as some tests are using
TLSv1.3.
|
| | | |
|
| | | |
|
| | | |
|