|  | Commit message (Collapse) | Author | Age | Files | 
|---|
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | CAfile nor CApath are set.
In particular, OpenSSL's default locations can be overridden by the
SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see
SSL_CTX_load_verify_locations(3ssl).
This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is
used). | 
| | 
| 
| 
| 
| 
| | handshake is aborted.
(Unless STARTTLS is used to upgrade the connection.) | 
| | 
| 
| 
| 
| 
| 
| 
| | So we can test TLSv1 as well, not just TLSv1.2 and later.
Also, explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration
file (the default as of 2.3.11.3), hence running TLS tests now require
Dovecot 2.3 or later. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | More precisely, ensure that the certificate Subject Alternative Name
(SAN) or Subject CommonName (CN) matches the hostname or IP literal
specified by the 'host' option.  Previously it was only verifying the
chain of trust.
This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version
1.0.2. | 
| | 
| 
| 
| 
| | In addition, sign test certificates with the same root CA.  Hence
running `make test` now requires OpenSSL 1.1.1 or later. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | It's arguably the most common use-case.  Generated with
  $ openssl genpkey -algorithm RSA -out tests/snippets/dovecot/dovecot.rsa.key
  $ openssl req -x509 -days 3650 -subj "/CN=InterIMAP test suite" \
        -key tests/snippets/dovecot/dovecot.rsa.key \
        -out tests/snippets/dovecot/dovecot.rsa.crt | 
|  | SSL connections are accepted on TCP port 10993.  Also, fix STARTTLS
directive, broken since fba1c36… |