Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Testsuite: fix TLSA record | Jeremy Harris | 2022-11-24 | 1 | -1/+6 |
| | |||||
* | Lose duplicated cert in ocsp response | Jeremy Harris | 2022-11-22 | 2 | -10/+20 |
| | |||||
* | Testsuite: regenerate OCSP proofs with proof-signer certs | Jeremy Harris | 2022-11-22 | 2 | -21/+11 |
| | |||||
* | Testsuite: regenerate certificates tree | Jeremy Harris | 2022-11-03 | 2 | -10/+10 |
| | | | | The OCSP proofs had become out-of-date | ||||
* | Testsuite: Automation for TLDA regen | Jeremy Harris | 2022-11-03 | 2 | -0/+26 |
| | |||||
* | Testsuite: regen certificates suite with fixed Authority Identifier | Jeremy Harris | 2021-06-04 | 2 | -11/+11 |
| | |||||
* | TLS DANE to multiple recipients w/ different DNSSec status | Heiko Schlittermann (HS12-RIPE) | 2021-05-11 | 1 | -0/+16 |
| | |||||
* | Testsuite: fix testcase for SPF empty-mailfrom-use-helo. Bug 467 | Jeremy Harris | 2021-02-02 | 1 | -0/+1 |
| | |||||
* | DANE: Fix 2 messages from queue case | Jeremy Harris | 2020-08-26 | 1 | -0/+1 |
| | |||||
* | DANE: Fix 2-rcpt message, diff domins case. Bug 2265 | Jeremy Harris | 2020-08-23 | 1 | -0/+1 |
| | |||||
* | dnslists: hardwired return value check. Bug 2631 | Jeremy Harris | 2020-08-10 | 1 | -0/+11 |
| | |||||
* | TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present. ↵ | Jeremy Harris | 2020-06-11 | 1 | -1/+4 |
| | | | | Bug 2594 | ||||
* | Testsuite: more tidying for Alpine | Jeremy Harris | 2020-04-22 | 1 | -0/+8 |
| | |||||
* | Testsuite: SPF testcase additions | Jeremy Harris | 2019-12-28 | 1 | -0/+4 |
| | |||||
* | SPF: support uppercase in v=spf1, permerror-on-multiple-RRs. Bug 2499 | Jeremy Harris | 2019-12-27 | 1 | -0/+5 |
| | |||||
* | Be careful about DNS response AD/AA bits for error returns | Jeremy Harris | 2019-10-22 | 1 | -0/+30 |
| | |||||
* | Testsuite: increase RBL record TTL | Jeremy Harris | 2019-09-07 | 1 | -1/+1 |
| | |||||
* | Testsuite: drop test.ex domain neg-cache ttl to 3000 | Jeremy Harris | 2019-09-05 | 1 | -1/+1 |
| | |||||
* | Support TTL from SOA for NXDOMAIN & NODATA cache entries for dnslists. Bug 1395 | Jeremy Harris | 2019-09-05 | 1 | -1/+1 |
| | |||||
* | Testsuite: keep noqualify testcase from using external DNS | Jeremy Harris | 2019-09-01 | 1 | -0/+5 |
| | |||||
* | Support TTL from SOA for NXDOMAIN & NODATA cache entries. Bug 1395 | Jeremy Harris | 2019-09-01 | 1 | -0/+3 |
| | |||||
* | SPF: use exim facilities for DNS lookups | Jeremy Harris | 2019-08-13 | 1 | -0/+4 |
| | | | | This enables testing with the testsuite | ||||
* | Testsuite: regenerate CA trees with 2048-bit keys | Jeremy Harris | 2018-11-27 | 2 | -30/+12 |
| | | | | This is to support RHEL 8.0 where OpenSSL dislikes 1024 | ||||
* | DANE - testcase for fail under GnuTLS with TA-mode to a selfsigned server cert | Jeremy Harris | 2018-09-09 | 1 | -0/+19 |
| | |||||
* | DKIM: add support for the SubjectPublicKeyInfo wrapped form of pubkey | Jeremy Harris | 2018-04-13 | 1 | -1/+7 |
| | |||||
* | DKIM: move ed25519_privkey_pem_to_pubkey_raw_b64 to src/util/ and add usage ↵ | Jeremy Harris | 2018-03-25 | 1 | -1/+1 |
| | | | | notes to docs | ||||
* | DKIM: Ed25519 signatures (GnuTLS 3.6.0 and later) | Jeremy Harris | 2018-02-06 | 1 | -0/+8 |
| | |||||
* | DANE/GnuTLS: split verification of mixed sets of TLSA records by usage | Jeremy Harris | 2017-12-22 | 1 | -1/+6 |
| | | | | | This is because we cannot do the required CA-anchor and names checks for TA-mode and not for EE-mode, without knowing which usage TLSA was used. | ||||
* | DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode | Jeremy Harris | 2017-12-20 | 1 | -0/+20 |
| | | | | Not quite right for a mixed TA+EE set of TLSA records, but better than always-enforcing | ||||
* | DANE: support under GnuTLS. Bug 1523 | Jeremy Harris | 2017-12-19 | 1 | -8/+27 |
| | | | | GnuTLS version 3.0.0 onwards; still Experimental | ||||
* | Testsuite: move CRL testcases away from using SHA1-signed certs | Jeremy Harris | 2017-12-18 | 1 | -2/+2 |
| | |||||
* | Testsuite: regenerate certs tree | Jeremy Harris | 2017-12-16 | 1 | -2/+2 |
| | |||||
* | Testsuite: restore lost dns config for DKIM extra-txt-records testcase | Jeremy Harris | 2017-12-16 | 1 | -0/+2 |
| | | | | Broken-by: 854586e149 | ||||
* | Testsuite: testcase for Bug 2198 | Jeremy Harris | 2017-12-16 | 1 | -3/+22 |
| | |||||
* | Testsuite: regen TLSA records, to match cert tree | Jeremy Harris | 2017-12-09 | 1 | -1/+1 |
| | |||||
* | DKIM: Ignore non-DKIM TXT records in DNS response. Bug 2207 | Heiko Schlittermann (HS12-RIPE) | 2017-12-03 | 1 | -0/+2 |
| | |||||
* | DKIM: Enforce any "h" field present in the DNS publickey record. This can ↵ | Jeremy Harris | 2017-08-09 | 1 | -0/+6 |
| | | | | | | | be set to require specific hash types, eg sha256, in signatues. There is an IETF draft in discussion which deprecates sha1 so this feature may start to be used. | ||||
* | Testsuite: add DANE cases for DNS secure no-TLSA lookups | Jeremy Harris | 2017-05-07 | 1 | -1/+11 |
| | |||||
* | Testsuite: add DANE testcase for TLSA lookup SERVFAIL | Jeremy Harris | 2017-05-07 | 1 | -0/+4 |
| | |||||
* | Testsuite: use certs expring before end of 2037, to avoid GnuTLS top-limit ↵ | Jeremy Harris | 2017-01-31 | 1 | -1/+1 |
| | | | | clamp on small-size_t platforms | ||||
* | DKIM: More validation of DNS key record. Bug 1926 | Jeremy Harris | 2016-12-29 | 1 | -0/+3 |
| | |||||
* | Testsuite: regen certs, now with additional LetsEncrypt-style OCSP proofs | Jeremy Harris | 2016-11-02 | 1 | -1/+1 |
| | |||||
* | DKIM: fix base64 decode to ignore whitespace; needed for private-key input | Jeremy Harris | 2016-01-05 | 1 | -1/+1 |
| | | | | | from file. Use this for general-purpose b64decode also. Testsuite: DKIM signing testcase | ||||
* | DANE: do not override a cert verify failure, in callback. Also fix some ↵ | Jeremy Harris | 2015-12-17 | 1 | -1/+1 |
| | | | | test mistakes | ||||
* | DANE: fix testcase 2/0/1 TLSA record | Jeremy Harris | 2015-12-16 | 1 | -1/+17 |
| | |||||
* | DKIM: $dkim_key_length visibility variable. Bug 1311 | Jeremy Harris | 2015-12-01 | 1 | -0/+4 |
| | |||||
* | DKIM: relaxed body canonicalisation should ignore whitespace at EOL | Jeremy Harris | 2015-11-29 | 1 | -0/+8 |
| | | | | and empty lines at EOM. Bug 1721 | ||||
* | DNS: time-limit cached returns, using TTL. Bug 1395 | Jeremy Harris | 2015-09-17 | 1 | -1/+5 |
| | | | | This can matter for fast-changing data such as DNSBLs. | ||||
* | Testsuite: fakens may return AUTHORITY records | Heiko Schlittermann (HS12) | 2015-06-22 | 1 | -0/+3 |
| | | | | | | If an entry in db.<zone> is prefixed with "AA ", fakens will put a valid NS record into the AUTHORITY section of the returned packet. This will be used by dns_trust_aa checks. | ||||
* | tidying | Jeremy Harris | 2015-05-23 | 1 | -1/+1 |
| |