summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd/ssl.c
AgeCommit message (Expand)Author
2014-04-29Implement RSA privilege separation for OpenSMTPD, based on my previousReyk Floeter
2014-04-29It is only required to load the keys and certs into the same SSLReyk Floeter
2014-04-19(void) cast a snprintf() call that can't possibly truncate unless weGilles Chehade
2014-02-17fix possible NULL-deref in error code pathEric Faurot
2014-02-04pki code cleanupEric Faurot
2013-12-26bcopy -> memmoveEric Faurot
2013-11-28fix loading of passphrase-protected keys.Eric Faurot
2013-11-06Much much improved config parser and related changes.Eric Faurot
2013-10-26%i -> %d in format stringsEric Faurot
2013-07-19tls perfect forward secrecy with ecdheEric Faurot
2013-05-24sync with OpenSMTPD 5.3.2Eric Faurot
2013-01-26Sync with our smtpd repo:Gilles Chehade
2012-11-23knfEric Faurot
2012-11-12Cleanups and improvements:Eric Faurot
2012-10-14enforce different permissions on different files in ssl_load_file()Alexander Hall
2012-10-09Reject ssl key/certs/CA/DH files if their ownership/permissions are notEric Faurot
2012-09-14Remove s_ssl from the smtp session since it is duplicated in the io struct.Eric Faurot
2012-08-19coding style: replace all occurences of u_int* with uint*Charles Longeau
2012-01-29Rewrite io code in smtp and mta using the iobuf/ioev interface to haveEric Faurot
2012-01-11enable back CA support, just don't verify client ...Gilles Chehade
2011-12-21disable temporarily CA support, it prevents some remote hosts fromCharles Longeau
2011-12-14add missing prototypeEric Faurot
2011-12-13*finally* make use of certificate authority file if available !Gilles Chehade
2011-10-27Don't offer or negotiate SSLv2 and, since we don't do SSL sessionPhilip Guenthe
2011-10-23add a missing DH_free() after ssl_set_ephemeral_key_exchange().Charles Longeau
2011-10-13Drop a reference to the client SSL_CTX after SSL_new(), so that it isEric Faurot
2011-09-01Introduce a small set of functions to manage stat counters in aEric Faurot
2011-05-21make the "no DH parameters" warning a log_info()Gilles Chehade
2011-05-17somehow a previous sync with relayd missed one line...Gilles Chehade
2011-05-14more clang warnings fixedGilles Chehade
2011-05-01the smtpd env is meant to be global, so do not pass it all around.Eric Faurot
2011-03-15let smtpd use user-provided Diffie-Hellman parameters for ephemeral keyGilles Chehade
2010-11-28a bit of .h cleanups, no functionnal changeGilles Chehade
2010-11-24add *maxactive statsTodd T. Fries
2010-10-09backout the "new" queue code commited 4 months ago. it has many good ideas,Gilles Chehade
2010-06-01new queue, again; gcc2 compile tested by deraadtJacek Masiulaniec
2010-06-01New queue doesn't compile on gcc2, back out. Spotted by deraadt@Jacek Masiulaniec
2010-05-31Rewrite entire queue code.Jacek Masiulaniec
2010-05-26Rename some imsg bits to make namespace collisions less likely buf toNicholas Marriott
2010-05-19cleanup-only commit, removes unrequired includes, no functionnal changeGilles Chehade
2009-11-11Check if the receive buffer has any unused space before reading from socket inJacek Masiulaniec
2009-10-03dont dereference garbage pointer, from martynas@Jacek Masiulaniec
2009-09-22fix handling of certificates to unbreak DSA; allows starttls(8) instructions ...Janne Johansson
2009-09-15Extend SMTP client_* API to support SSL+AUTH, and use it in the mtaJacek Masiulaniec
2009-06-02make env->sc_listeners and env->sc_ssl pointers, one step further towardGilles Chehade
2009-06-01fix function name in log_debugJacek Masiulaniec
2009-05-30It is now possible to specify a certificate to use when relaying to anotherGilles Chehade
2009-05-24Instead of keeping stats private to each process, and querying everyJacek Masiulaniec
2009-05-19remove useless check on NULL ssl cert and key, the check cannot be reachedGilles Chehade
2009-05-18Complete rework of bufferevent event masking allowing for moreJacek Masiulaniec