| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-03-31 | man pages: add missing commas between subordinate and main clauses | Christian Weisgerber | |
| jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@ | |||
| 2022-02-25 | Whitespace. | Rob Pierce | |
| 2022-02-18 | Enable TLS verify by default for outbound "smtps://" and "smtp+tls://". | Todd C. Miller | |
| This restores the documented behavior that was broken by the fix for opportunistic TLS. OK semarie@. | |||
| 2022-02-18 | Revert changes to use the new libtls signer api | Todd C. Miller | |
| There are bugs in the new libtls signer that can lead to a crash. OK tb@ jsing@ | |||
| 2022-02-12 | use new libtls signer api | Eric Faurot | |
| ok tb@ | |||
| 2022-02-10 | Do not verify the cert or CA for a relay using opportunistic TLS. | Todd C. Miller | |
| If a relay is not explicitly configured to use TLS but the remote side supports STARTTLS, we will try to use it. However, in this case we should not verify the cert or CA (which may be self-signed). This restores the relay behavior before the switch to libtls was made. There is no change if the relay is explicitly configured to use TLS. OK eric@ | |||
| 2022-01-20 | remove unused variable from all copies of _asr_strdname() | Christian Weisgerber | |
| ... including those inlined into print_dname(). This also fixes -Wunused-but-set-variable warnings warnings in smtpd and smtpctl. The code was imported with asr and then copied around. ok deraadt@ guenther@ | |||
| 2021-12-13 | including sys/cdefs.h manually started as a result of netbsd trying to | Theo de Raadt | |
| macro-build a replacement for sccsid, and was done without any concern for namespace damage. Unfortunately this practice started infecting other code as others were unaware they didn't need the file. ok millert guenther | |||
| 2021-11-21 | smtpd-filters.7 referred to itself internally as just filters(7): fix that, | Jason McIntyre | |
| and put some Xr in smtpd.conf.5 so people can find it; from leon fischer | |||
| 2021-11-20 | install smtpd-filters.7; | Jason McIntyre | |
| cleanup/push from larry hynes; gilles agreed the page is suitable for installation; | |||
| 2021-10-15 | Don't declare variables as "unsigned char *" that are passed to | Christian Weisgerber | |
| functions that take "char *" arguments. Where such chars are assigned to int or passed to ctype functions, explicitly cast them to unsigned char. For OpenBSD's clang, -Wpointer-sign has been disabled by default, but when the parse.y code was built elsewhere, the compiler would complain. With help from millert@ ok benno@ deraadt@ | |||
| 2021-09-22 | remove test traces committed by mistake | Eric Faurot | |
| 2021-09-22 | bump version to 7.0.0 | Eric Faurot | |
| 2021-09-22 | decode srs-encoded address in the right place. | Eric Faurot | |
| fixes a bug where ruleset was not evaluated with the expanded address. reported by Stefan Haller ok millert@ | |||
| 2021-09-22 | sync table_db capabilities with table_static | Eric Faurot | |
| ok millert@ | |||
| 2021-08-05 | rework the "host relay-url" text block a little so it reads better, | Jason McIntyre | |
| and formats a bit nicer; while here, wrap lines to <80; | |||
| 2021-08-02 | Fix incorrect status code for expired mails resulting in a misleading | Eric Faurot | |
| bounce report. From Erik Brens | |||
| 2021-07-28 | add format attribute to vaararg functions. | Sebastian Benoit | |
| millert@ thinks its useful. | |||
| 2021-07-14 | Remove unneeded calls to tls_init(3) | kn | |
| As per the manual and lib/libtls/tls.c revision 1.79 from 2018 "Automatically handle library initialisation for libtls." initialisation is handled automatically by other tls_*(3) functions. Remove explicit tls_init() calls from base to not give the impression of it being needed. Feedback tb OK Tests mestre | |||
| 2021-07-01 | remove useless and confusing log message when client has no certificate | Eric Faurot | |
| ok millert@ | |||
| 2021-06-14 | add required headers for smtpd.h and remove unnecessary ones in other files. | Eric Faurot | |
| ok jung@ | |||
| 2021-05-26 | replaces calls to err(3)/errx(3) with fatal()/fatalx() from log.c | Eric Faurot | |
| for code that runs in the daemon. ok florian@ millert@ | |||
| 2021-05-26 | remove unused code | Eric Faurot | |
| ok millert@ | |||
| 2021-05-25 | remove obsolete files | Eric Faurot | |
| 2021-05-23 | add missing entry for cafile | Eric Faurot | |
| 2021-05-23 | add more TLS options to smtp(1): | Eric Faurot | |
| - cafile=<path>: override the default root certificates - nosni: disable SNI completely - noverify: do not verify sevrer certificate (replaces -C) - servername=<name>: set server name for SNI ok tb@ | |||
| 2021-05-22 | add semantic markup as suggested by schwarze@ and jmc@ | Eric Faurot | |
| 2021-05-22 | reorder entries | Eric Faurot | |
| 2021-05-22 | allow to specify TLS ciphers and protocols in smtp(1) | Eric Faurot | |
| improvements from jmc@ schwarze@ tb@ ok tb@ | |||
| 2021-05-20 | Call tls_accept_socket() and tls_connect_socket() immediatly instead of | Eric Faurot | |
| going through a deferred event. It makes the code simplier and eliminates the need to keep the listener tls context in the io structure. ok tb@ | |||
| 2021-04-21 | unplug unused certificate verification code, now that this is done by libtls. | Eric Faurot | |
| ok tb@ millert@ | |||
| 2021-04-11 | do not build unused code and remove uneeded dependency on libm. | Eric Faurot | |
| ok tb@ | |||
| 2021-04-10 | remove dead code and unused dependencies | Eric Faurot | |
| ok tb@ | |||
| 2021-04-10 | bump smtpd version | Eric Faurot | |
| 2021-04-09 | allow to specify tls ciphers and protocols on listeners | Eric Faurot | |
| ok tb@ | |||
| 2021-04-05 | Until tls_accept_socket() succeeds, the tls context bound to a session | Eric Faurot | |
| belongs to the listener, and should not be freed with that session if an error occurs before. Unlink it from the session early in the accept callback to avoid this. tweaks and ok millert@ | |||
| 2021-04-02 | if cipher list is not specified for a relay action, use the global | Eric Faurot | |
| cipher list if defined. otherwise fallback to libtls default. ok millert@ | |||
| 2021-03-31 | turn log_trace() into a macro to prevent evaluating the format string | Eric Faurot | |
| parameters when tracing is not enabled. ok millert@ | |||
| 2021-03-31 | allow to specify tls protocols and ciphers on relay actions | Eric Faurot | |
| ok espie@ sthen@ tb@ | |||
| 2021-03-10 | do not request client certificate unless required | Eric Faurot | |
| issue hit by florian@ diff by jsing@ ok tb@ | |||
| 2021-03-07 | use the mx hostname for sni on outgoing connection, not the reverse | Eric Faurot | |
| dns for the peer address. spotted by krw@ ok krw@ tb@ | |||
| 2021-03-05 | Start porting smtpd to libtls. | Eric Faurot | |
| Note that it changes the way SNI works: The certificate to use is now selected by looking at the names found in the certificates themselves, rather than the names of the pki entries in the configuration file. The set of certificates for a tls listener must be defined explicitly by using the pki listener option multiple times. ok tb@ | |||
| 2021-02-13 | -h does not display version; from larry hynes | Jason McIntyre | |
| 2021-02-13 | readability fixes; from larry hynes | Jason McIntyre | |
| 2021-02-13 | various readability fixes; from larry hynes | Jason McIntyre | |
| 2021-02-13 | various readability fixes; from larry hynes | Jason McIntyre | |
| 2021-02-13 | add some missing articles; from larry hynes | Jason McIntyre | |
| 2021-02-13 | readability fix; from larry hynes | Jason McIntyre | |
| 2021-02-13 | comma swap; from larry hynes | Jason McIntyre | |
| 2021-01-27 | mark up fixes; from lyndon | Jason McIntyre | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |