| Commit message (Collapse) | Author | Age | Files |
|
|
|
|
|
| |
Update instructions/documentation obsolete since
a1c089b997ebf705a9023b4f0f97327e5bd2814e and
733ed91162b02cd0fa5d7d1c443c780d3d4405e9.
|
|
|
|
| |
Per convention, cf. https://www.gnu.org/prep/standards/html_node/Standard-Targets.html .
|
|
|
|
|
|
|
|
|
| |
And make the installation path configurable at `make` time. Moreover,
adjust the 'test' target so the site directory and interimap/pullimap
path are configurable with INTERIMAP_I and INTERIMAP_PATH respectively.
That way one can run `tests/run foo` to check the source, `make test` to
check what's been built, and we also have the possibility to check the
installed program e.g. for autopkgtests.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
That's when get_version() was introduced. Unfortunately the manual
doesn't mention it, but 1.85 is lacking the function, see
https://github.com/radiator-software/p5-net-ssleay/blob/1.88/Changes#L216
https://github.com/radiator-software/p5-net-ssleay/commit/ae33bb5405dadde973bc25a0c5e3941d5c83f8b1
Compatibility with Net::SSLeay 1.83 can be restored by reverting this
commit and 35f4ecefa9c9ff55acfdb337b215e3d13345c86d.
|
|
|
|
|
| |
Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below.
See SSL_CTX_set_cipher_list(3ssl).
|
|
|
|
| |
version used.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CAfile nor CApath are set.
In particular, OpenSSL's default locations can be overridden by the
SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see
SSL_CTX_load_verify_locations(3ssl).
This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is
used).
|
| |
|
|
|
|
|
|
|
|
| |
Using the libssl interface simplifies our protocol black/whitelist
greatly; this only allows simple min/max bounds, but holes are arguably
not very useful here.
Using the new settings bumps the required libssl version to 1.1.0.
|
|
|
|
|
|
|
|
| |
Namely, use the system default instead of "!SSLv2 !SSLv3 !TLSv1 !TLSv1.1".
As of Debian Buster (OpenSSL 1.1.1) this does not make a difference,
however using the system default provides better compatibility with
future libssl versions.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This is controlled by the new 'SSL_hostname' option. The default value
of that option is the value of the 'host' option when it is hostname,
and the empty string (which disables SNI) when it is an IP literal.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
More precisely, ensure that the certificate Subject Alternative Name
(SAN) or Subject CommonName (CN) matches the hostname or IP literal
specified by the 'host' option. Previously it was only verifying the
chain of trust.
This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version
1.0.2.
|
|
|
|
|
| |
Also, document that enclosing 'host' value in square brackets forces its
interpretation as an IP literal (hence skips name resolution).
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
to pin.
And succeeds if, and only if, the peer certificate SPKI matches one of
the pinned digest values. Specifying multiple digest values can key
useful in key rollover scenarios and/or when the server supports
certificates of different types (for instance RSA+ECDSA).
|
|
|
|
|
|
| |
The standard error is never sent to /dev/null in debug mode.
Closes: deb#968392
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Per Stefan Kangas' suggestion.
|
| |
|
|
|
|
| |
Closes: #946727.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Along with a comparison with OfflineIMAP.
|
|
|
|
|
| |
As of 0.4 --notify is no longer used in the systemd service file, cf.
d19ba0a20d0d7a7ec288c93df329210b31bf3c51.
|
|
|
|
| |
This uses the ‘header_attributes’ markdown extension.
|
| |
|
|
|
|
|
| |
Some of these pages, for instance https://wiki.dovecot.org/UserDatabase ,
are now redirecting to https://doc.dovecot.org/configuration_manual/… .
|
| |
|
|
|
|
|
|
|
| |
Also, introduce new option 'logger-prefix' to determine the prefix of
each log line.
Closes: #942725.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
In --debug mode in order to avoid inadvertently receiving credentials in
bug reports. --debug can be set twice to spell out these commands in
full.
|