From c011e17d4f238882686e3f0e59c444a1c53ac8e3 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 10 Dec 2020 14:24:49 +0100 Subject: documentation: replace example.org with example.net for consistency. --- Changelog | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 4d9b9a4..6036b46 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,9 @@ +interimap (0.5.4) upstream; + + - documentation: replace example.org with example.net for consistency. + + -- Guilhem Moulin Thu, 10 Dec 2020 14:22:05 +0100 + interimap (0.5.3) upstream; * libinterimap: SSL_fingerprint now supports a space-separate list of -- cgit v1.2.3 From 17b263c49df682fc45f0e50cceb01db4366ad9a7 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 10 Dec 2020 14:28:29 +0100 Subject: libinterimap: show the matching pinned SPKI in --debug mode. --- Changelog | 1 + 1 file changed, 1 insertion(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 6036b46..cd474a0 100644 --- a/Changelog +++ b/Changelog @@ -1,5 +1,6 @@ interimap (0.5.4) upstream; + + libinterimap: show the matching pinned SPKI in --debug mode. - documentation: replace example.org with example.net for consistency. -- Guilhem Moulin Thu, 10 Dec 2020 14:22:05 +0100 -- cgit v1.2.3 From 26e5c04abfb81bdcbd4d89d9f9329b8433920b26 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 10 Dec 2020 14:34:48 +0100 Subject: test suite: always generate new certificates on `make test`. In addition, sign test certificates with the same root CA. Hence running `make test` now requires OpenSSL 1.1.1 or later. --- Changelog | 3 +++ 1 file changed, 3 insertions(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index cd474a0..7a04963 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,9 @@ interimap (0.5.4) upstream; + libinterimap: show the matching pinned SPKI in --debug mode. + + test suite: always generate new certificates on `make test`. Hence + running `make test` now requires OpenSSL 1.1.1 or later. + + test suite: sign all test certificates with the same root CA. - documentation: replace example.org with example.net for consistency. -- Guilhem Moulin Thu, 10 Dec 2020 14:22:05 +0100 -- cgit v1.2.3 From 84d1829fd0f955cf9fb7add54f60fc314b0d42b1 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 10 Dec 2020 15:26:46 +0100 Subject: libinterimap: factor out hostname/IP parsing. Also, document that enclosing 'host' value in square brackets forces its interpretation as an IP literal (hence skips name resolution). --- Changelog | 3 +++ 1 file changed, 3 insertions(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 7a04963..71e11f7 100644 --- a/Changelog +++ b/Changelog @@ -4,6 +4,9 @@ interimap (0.5.4) upstream; + test suite: always generate new certificates on `make test`. Hence running `make test` now requires OpenSSL 1.1.1 or later. + test suite: sign all test certificates with the same root CA. + + libinterimap: factor out hostname/IP parsing. + + document that enclosing 'host' value in square brackets forces its + interpretation as an IP literal (hence skips name resolution). - documentation: replace example.org with example.net for consistency. -- Guilhem Moulin Thu, 10 Dec 2020 14:22:05 +0100 -- cgit v1.2.3 From 265f133600e9812726a52ea3067409ed3578e882 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 10 Dec 2020 19:39:10 +0100 Subject: libinterimap: make SSL_verify check the hostname as well. More precisely, ensure that the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches the hostname or IP literal specified by the 'host' option. Previously it was only verifying the chain of trust. This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version 1.0.2. --- Changelog | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 71e11f7..d227efb 100644 --- a/Changelog +++ b/Changelog @@ -1,5 +1,10 @@ interimap (0.5.4) upstream; + * libinterimap: make SSL_verify also checks that the certificate + Subject Alternative Name (SAN) or Subject CommonName (CN) matches the + hostname or IP literal specified by the 'host' option. Previously it + was only checking the chain of trust. This bumps the minimum + Net::SSLeay version to 1.83 and OpenSSL version 1.0.2. + libinterimap: show the matching pinned SPKI in --debug mode. + test suite: always generate new certificates on `make test`. Hence running `make test` now requires OpenSSL 1.1.1 or later. -- cgit v1.2.3 From 4ed6f0982cc0553e31e7beadf441beb8573a07d4 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 10 Dec 2020 21:52:44 +0100 Subject: libinterimap: add support for the TLS SNI (Server Name Indication) extension. This is controlled by the new 'SSL_hostname' option. The default value of that option is the value of the 'host' option when it is hostname, and the empty string (which disables SNI) when it is an IP literal. --- Changelog | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index d227efb..87ce9fd 100644 --- a/Changelog +++ b/Changelog @@ -5,6 +5,11 @@ interimap (0.5.4) upstream; hostname or IP literal specified by the 'host' option. Previously it was only checking the chain of trust. This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version 1.0.2. + * libinterimap: add support for the TLS SNI (Server Name Indication) + extension, controlled by the new 'SSL_hostname' option. The default + value of that option is the value of the 'host' option when it is + hostname, and the empty string (which disables SNI) when it is an IP + literal. + libinterimap: show the matching pinned SPKI in --debug mode. + test suite: always generate new certificates on `make test`. Hence running `make test` now requires OpenSSL 1.1.1 or later. -- cgit v1.2.3 From 528bf74289c01bcd2b8a8e7e9a99eba41039b09b Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 10 Dec 2020 22:27:59 +0100 Subject: Makefile: new 'release' target. Also, change the tag format from upstream/$VERSION to v$VERSION. --- Changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 87ce9fd..36b0e73 100644 --- a/Changelog +++ b/Changelog @@ -17,6 +17,8 @@ interimap (0.5.4) upstream; + libinterimap: factor out hostname/IP parsing. + document that enclosing 'host' value in square brackets forces its interpretation as an IP literal (hence skips name resolution). + + Makefile: new 'release' target; also, change the tag format from + upstream/$VERSION to v$VERSION. - documentation: replace example.org with example.net for consistency. -- Guilhem Moulin Thu, 10 Dec 2020 14:22:05 +0100 -- cgit v1.2.3 From 46fe928647ad8d38ced79a36d38cd152055ed005 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 10 Dec 2020 23:43:16 +0100 Subject: rename 'debian' branch to 'debian/latest' for DEP-14 compliance. --- Changelog | 1 + 1 file changed, 1 insertion(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 36b0e73..8cac65d 100644 --- a/Changelog +++ b/Changelog @@ -20,6 +20,7 @@ interimap (0.5.4) upstream; + Makefile: new 'release' target; also, change the tag format from upstream/$VERSION to v$VERSION. - documentation: replace example.org with example.net for consistency. + - rename 'debian' branch to 'debian/latest' for DEP-14 compliance. -- Guilhem Moulin Thu, 10 Dec 2020 14:22:05 +0100 -- cgit v1.2.3 From 8130c75c18408ba8e2e635894d87878078e3f1f8 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 11 Dec 2020 11:21:11 +0100 Subject: Prepare new release v0.5.4. --- Changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 8cac65d..2bd9fbe 100644 --- a/Changelog +++ b/Changelog @@ -22,7 +22,7 @@ interimap (0.5.4) upstream; - documentation: replace example.org with example.net for consistency. - rename 'debian' branch to 'debian/latest' for DEP-14 compliance. - -- Guilhem Moulin Thu, 10 Dec 2020 14:22:05 +0100 + -- Guilhem Moulin Fri, 11 Dec 2020 11:21:11 +0100 interimap (0.5.3) upstream; -- cgit v1.2.3 From a51f2efacebbf941585809853d1adbfddc165ac2 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 11 Dec 2020 11:21:17 +0100 Subject: Prepare new release v0.5.4. --- Changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 2bd9fbe..28a1ef4 100644 --- a/Changelog +++ b/Changelog @@ -22,7 +22,7 @@ interimap (0.5.4) upstream; - documentation: replace example.org with example.net for consistency. - rename 'debian' branch to 'debian/latest' for DEP-14 compliance. - -- Guilhem Moulin Fri, 11 Dec 2020 11:21:11 +0100 + -- Guilhem Moulin Fri, 11 Dec 2020 11:21:17 +0100 interimap (0.5.3) upstream; -- cgit v1.2.3