From 90d926f6f32dd3ff06e5c49e6a982777ead9f691 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 15 Sep 2015 16:48:29 +0200 Subject: Remove support for the Binary Content extension [RFC3516]. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit “If the server does not know how to decode the section's CTE, it MUST fail the request and issue a "NO" response that contains the "UNKNOWN-CTE" extended response code.” — [RFC3516 section 4.3] Unfortunately the client doesn't know which message couldn't be decoded, so it can't fallback and use BODY instead. This made ‘use-binary=NO’ pretty much mandatory. Hence we remove support for BINARY [RFC3516]. Instead, we increase the thresold for when to add Zlib full flush points from 4096 to the buffer size (32768). --- Changelog | 4 ---- 1 file changed, 4 deletions(-) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 9d864f8..67f6833 100644 --- a/Changelog +++ b/Changelog @@ -6,10 +6,6 @@ interimap (0.2) upstream; server. * Add a configuration option 'null-stderr=YES' to send STDERR to /dev/null for type=tunnel. - * Add support for the Binary Content extension [RFC3516]. Enabled by - default if both the local and remote servers advertize "BINARY". - Can be disabled by adding 'use-binary=NO' to the default section in - the configuration file. * Exit with return value 0 when receiving a SIGTERM. * Add SSL options SINGLE_ECDH_USE, SINGLE_DH_USE, NO_SSLv2, NO_SSLv3 and NO_COMPRESSION to the compiled-in CTX options. -- cgit v1.2.3 From 40864537f86e31e037a1232f015a06e9d73bf1e6 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 15 Sep 2015 18:24:43 +0200 Subject: Don't set SO_KEEPALIVE on the socket. This is most likely useless in our case since the TCP keepalive time is usually much higher than the IMAP timeout. --- Changelog | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 67f6833..cf11878 100644 --- a/Changelog +++ b/Changelog @@ -13,7 +13,7 @@ interimap (0.2) upstream; handshake. * Rename the 'SSL_verify_trusted_peer', 'SSL_ca_path', and 'SSL_cipher_list' options to 'SSL_CApath', 'SSL_verify' and - 'SSL_cipherlist', respectively. + 'SSL_cipherlist', respectively. * Add an option 'SSL_CAfile' to specify a file containing trusted certificates to use during server certificate authentication. * Replace IO::Socket::SSL dependency by the lower level Net::SSLeay. @@ -22,6 +22,9 @@ interimap (0.2) upstream; IPv6. (Both are core Perl module.) * Add a configuration option 'proxy' to proxy TCP connections to the IMAP server. + * Don't set SO_KEEPALIVE on the socket. This is most likely useless + in our case since the TCP keepalive time is usually much higher than + the IMAP timeout. -- Guilhem Moulin Wed, 09 Sep 2015 00:44:35 +0200 -- cgit v1.2.3 From 0e1e8e06debc4d7b00670eaa981ca5b382d90591 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 16 Sep 2015 16:49:00 +0200 Subject: Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES. --- Changelog | 1 + 1 file changed, 1 insertion(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index cf11878..820ee6f 100644 --- a/Changelog +++ b/Changelog @@ -25,6 +25,7 @@ interimap (0.2) upstream; * Don't set SO_KEEPALIVE on the socket. This is most likely useless in our case since the TCP keepalive time is usually much higher than the IMAP timeout. + * Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES. -- Guilhem Moulin Wed, 09 Sep 2015 00:44:35 +0200 -- cgit v1.2.3 From cad0e125728658e4e899201e7cedc86036908057 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 16 Sep 2015 18:05:29 +0200 Subject: Display the certificate chain, SSL protocol and cipher in debug mode. --- Changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 820ee6f..79a7ea4 100644 --- a/Changelog +++ b/Changelog @@ -26,6 +26,8 @@ interimap (0.2) upstream; in our case since the TCP keepalive time is usually much higher than the IMAP timeout. * Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES. + * Display the certificate chain, SSL protocol and cipher in debug + mode. -- Guilhem Moulin Wed, 09 Sep 2015 00:44:35 +0200 -- cgit v1.2.3 From 612b9e2102e1907709dde325f91d5fdf70ed2534 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 17 Sep 2015 22:05:09 +0200 Subject: Use TCP keepalive to detect dead peers. --- Changelog | 3 --- 1 file changed, 3 deletions(-) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 79a7ea4..8cd8be2 100644 --- a/Changelog +++ b/Changelog @@ -22,9 +22,6 @@ interimap (0.2) upstream; IPv6. (Both are core Perl module.) * Add a configuration option 'proxy' to proxy TCP connections to the IMAP server. - * Don't set SO_KEEPALIVE on the socket. This is most likely useless - in our case since the TCP keepalive time is usually much higher than - the IMAP timeout. * Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES. * Display the certificate chain, SSL protocol and cipher in debug mode. -- cgit v1.2.3