| Commit message (Collapse) | Author | Age | Files |
| |
|
| |
|
|
|
|
|
| |
And pass CA:TRUE as basic constraint. This fixes the test suite with
OpenSSL 3.2 with defaults to X.509v3 and CA:FALSE.
|
| |
|
| |
|
| |
|
|
|
|
| |
POSIX doesn't mandate expansion of the former.
|
|
|
|
|
|
|
|
| |
The commit message for 2447861913835637bbf49d96728ce9ac6ab0ae22 was
misleading. DB creation does obey umask settings as of perl 5.34.0-3,
libdbi-perl 1.643-3+b2, libdbd-sqlite3-perl 1.70-3+b1 and libsqlite3-0
3.37.2-2 from Debian Sid. Prefixing `make installcheck-interimap` with
`umask 0077` makes the test suite pass for interimap 0.5.6-1.
|
| |
|
| |
|
| |
|
|
|
|
| |
To avoid depending on the system default.
|
|
|
|
| |
That way we can avoid using autopkgtest's 'allow-stderr' restriction.
|
| |
|
|
|
|
| |
https://doc.dovecot.org .
|
| |
|
|
|
|
|
|
|
| |
It wasn't the case for interimap(1), see https://bugs.debian.org/608604 …
Fortunately we create $XDG_DATA_HOME/interimap with a secure mode, but
there is no reason to have the DB world-readable. Since we can't rely
on SQLITE_OPEN_CREATE for secure mode we use sysopen(,,O_CREAT,0600).
|
|
|
|
|
| |
And make location for systemd user unit files configurable with
systemd_userunitdir=.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Update instructions/documentation obsolete since
a1c089b997ebf705a9023b4f0f97327e5bd2814e and
733ed91162b02cd0fa5d7d1c443c780d3d4405e9.
|
| |
|
| |
|
|
|
|
| |
Per convention, cf. https://www.gnu.org/prep/standards/html_node/Standard-Targets.html .
|
|
|
|
| |
This is useful for Debian packages built under ‘nodoc’ profile.
|
|
|
|
|
|
|
|
|
| |
And make the installation path configurable at `make` time. Moreover,
adjust the 'test' target so the site directory and interimap/pullimap
path are configurable with INTERIMAP_I and INTERIMAP_PATH respectively.
That way one can run `tests/run foo` to check the source, `make test` to
check what's been built, and we also have the possibility to check the
installed program e.g. for autopkgtests.
|
| |
|
| |
|
|
|
|
|
| |
Defaulting to ‘build’. Also, remove BUILD_DOCDIR= (replaced with
‘$(builddir)/doc’).
|
|
|
|
| |
Per https://www.gnu.org/prep/standards/html_node/Standard-Targets.html#Standard-Targets .
|
|
|
|
| |
Per https://www.gnu.org/prep/standards/html_node/DESTDIR.html .
|
|
|
|
| |
Cf. https://www.gnu.org/prep/standards/html_node/Command-Variables.html .
|
|
|
|
| |
Cf. https://www.gnu.org/prep/standards/html_node/Directory-Variables.html .
|
|
|
|
|
| |
And use security level 2 for ssl_cipher_list. As of dovecot 2.3.18
ssl_min_protocol defaults to TLSv1.2.
|
|
|
|
|
|
| |
This is required to test TLS version <1.2 on systems with higher
security levels, see SSL_CTX_set_security_level(3ssl). Addapted from a
patch from <xnox> for Unbuntu.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per RFC3501 §6.3.1 and §6.3.2 ‘UIDNEXT’ must be returned in an OK
untagged response. See also Appendix B#34.
However §6.3.1 suggests that it's in fact optional: “If this is missing,
the client can not make any assumptions about the next unique identifier
value.”
A correction was proposed in Errata ID 3445 https://www.rfc-editor.org/errata/eid3445 ,
and rejected on the ground that clients SHOULD support the implement
default behavior for missing data.
We heavily rely on the ‘UIDNEXT’ presence and won't implement a
workaround for its absence; instead we panic() with a more informative
message.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
That's when get_version() was introduced. Unfortunately the manual
doesn't mention it, but 1.85 is lacking the function, see
https://github.com/radiator-software/p5-net-ssleay/blob/1.88/Changes#L216
https://github.com/radiator-software/p5-net-ssleay/commit/ae33bb5405dadde973bc25a0c5e3941d5c83f8b1
Compatibility with Net::SSLeay 1.83 can be restored by reverting this
commit and 35f4ecefa9c9ff55acfdb337b215e3d13345c86d.
|
| |
|
| |
|
|
|
|
|
| |
Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below.
See SSL_CTX_set_cipher_list(3ssl).
|
|
|
|
| |
version used.
|
|
|
|
|
| |
It's best to use a stock (clean) environment when possible. We only
need to test TLS protocol version <1.2 for tests/tls-protocols.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
It could in principle still work with earlier versions if the new
settings SSL_protocol_{min,max} are not used, however it's cumbersome to
do individual checks for specific settings, let alone maintain test
coverage with multiple OpenSSL versions.
|
|
|
|
|
|
|
|
|
|
|
| |
CAfile nor CApath are set.
In particular, OpenSSL's default locations can be overridden by the
SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see
SSL_CTX_load_verify_locations(3ssl).
This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is
used).
|