summaryrefslogtreecommitdiffstats
path: root/TLS_CHANGES
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:06:34 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:06:34 +0000
commit5e61585d76ae77fd5e9e96ebabb57afa4d74880d (patch)
tree2b467823aaeebc7ef8bc9e3cabe8074eaef1666d /TLS_CHANGES
parentInitial commit. (diff)
downloadpostfix-upstream/3.5.24.tar.xz
postfix-upstream/3.5.24.zip
Adding upstream version 3.5.24.upstream/3.5.24upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'TLS_CHANGES')
-rw-r--r--TLS_CHANGES2418
1 files changed, 2418 insertions, 0 deletions
diff --git a/TLS_CHANGES b/TLS_CHANGES
new file mode 100644
index 0000000..62a529e
--- /dev/null
+++ b/TLS_CHANGES
@@ -0,0 +1,2418 @@
+2004/09/12 == Released 0.8.19 ==
+
+2004/09/01
+ - Finished updating the code by adjusting to postfix-2.2-20040829
+ and started using it at my own site.
+
+2004/08/01
+ - Started adjusting the patch to postfix-2.2-20040729.
+
+2004/06/21 == Re-released 0.8.18 ==
+
+2004/06/21
+ - Postfix 2.1.3 has been released. Shortlived 2.1.2 did bring an
+ incompatibel change (patch conflict) which has been resolved.
+ - Fixed some typos in the tlsmgr.8 manual page (Chris Pepper
+ <pepper@reppep.com>).
+
+2004/04/27 == Re-released 0.8.18 ==
+
+2004/04/27
+ - Postfix 2.1.0 has been released. Some minor patch conflicts with respect
+ to the actual code and build environment.
+ - Due to the restructuring of the documentation the old sample-*.cf
+ files are no longer available.
+ Took documentation already adopted by Wietse for the 2.1-RC2-IPV6+TLS
+ snapshot.
+
+2004/02/09 == Re-released 0.8.18 ==
+
+2004/02/09
+ - Postfix 2.0.18-20040205 is available, patchkit applies without
+ problems.
+
+2004/02/02 == Release 0.8.18 ==
+
+2004/02/02
+ - Incorporated Luca Berra's information into the patchkit and ran tests
+ with my own versions.
+
+2004/02/01
+ - Reports about server side SMTP failure with Carsten's patch can be
+ found on postfix-users.
+ 'Luca Berra' <bluca@comedia.it> informs, that he discoverd another
+ failure of the GNU patch program with a misplaced patch hunk in
+ smtpd.c
+
+2004/01/30
+ - Edited in additional #ifdef USE_TLS conditionals. If the TLS patch
+ is applied but not activated (USE_TLS is not defined), a warning is
+ printed as soon as TLS shall be used.
+
+2004/01/23
+ - Postfix 2.0.18-20040122 is now available. Several patch conflicts occur.
+ Even more: one hunk of the patch (which is provided in unified diff)
+ fails in smtp.c and causes a segmentation violation.
+ Carsten Hoeger <choeger@suse.de> provides an adapted patch kit.
+
+2004/01/02 == Released 0.8.17 ==
+
+2004/01/02
+ - Postfix-2.0.16-20031231 is released. No patch conflicts.
+ - Changed autoresponder for TLS tests to "The Postfix Book" echo
+ responder (provided by Patrick Koetter and Ralf Hildebrandt).
+
+2003/12/30
+ - Postfix-2.0.16-20031226 is released. No patch conflicts.
+
+2003/12/26
+ - Postfix-2.0.16-20031224 is released. Resolved patch conflicts.
+
+2003/12/16
+ - Postfix-2.0.16-20031215 is released. Resolved patch conflicts.
+ - src/global/pfixtls.c: changed occurance of "ssize_t" to "size_t"
+ as some quite old operating systems do no have ssize_t
+ (Reported by Klaus Jaehne <kj@uue.org> for SunOS 4.1.4).
+ - src/global/pfixtls.c: both the client and the server engine did
+ print out messages even when tls_loglevel was set to 0 (reported
+ by Florian Effenberger <florian@effenberger.org>): evaluate loglevel
+ before printing any message.
+
+2003/11/17 == Re-released 0.8.16 ==
+
+2003/11/17
+ - Postfix 2.0.16-20031113 is released. Some minor patch conflicts.
+
+2003/10/27 == Re-released 0.8.16 ==
+
+2003/10/24
+ - Postfix 2.0.16-20031022 is released. Some minor patch conflicts.
+
+2003/09/23 == Re-released 0.8.16 ==
+
+2003/09/23
+ - Postfix 2.0.16 and 2.0.16-20030921 are now available.
+ Resolved some minor patch conflicts.
+
+2003/09/10 == Released 0.8.16 ==
+
+2003/09/09
+ - Postfix 2.0.15 has been released including another workaround for
+ select() on Solaris problems. It contains additional code to catch
+ EAGAIN on read() in the timed_read() routine (and the respective
+ precautions in timed_write()
+ - Note: this fix is not yet part of Postfix 2.0.14-20030812.
+ - Added corresponding code to pfixtls_timed_read()/_write().
+ - Changed SSL wrappermode behaviour: use smtpd_sasl_tls_security_options
+ instead of smtpd_sasl_security_options as is to be expected because TLS
+ is active. (Bug reported by Bob Snyder <rsnyder@toontown.erial.nj.us>.)
+
+2003/08/29 == Re-released 0.8.15 ==
+
+2003/08/29
+ - Adapted patchkit to Postfix 2.0.14. No patch conflicts.
+
+2003/07/17 == Re-released 0.8.15a (-20030715 only) ==
+
+2003/07/16
+ - Experimental version Postfix 2.0.14-20030715 is released, including
+ the SASL changes. Resolved some minor patch conflicts.
+
+2003/07/11 == Released 0.8.15a (-20030706 only) ==
+
+2003/07/11
+ - Received error report about about TLS failing with the new smtpd_proxy
+ feature including instructions on how to reproduce.
+ (Did receive an earlier report on 2003/07/09, that however indicated other
+ setup problems, so that the actual problem was not visible.)
+ - Analysis: when introducing the new smtpd_proxy feature, different mechnisms
+ where introduced to either write to the cleanup daemon (as before) or to
+ the smtpd_proxy connection. Functions and streams are now expressed in
+ out_fprintf() function pointers etc. being assigned accordingly.
+ When updating to 0.8.15/2.0.13-20030706 this change was missed and the
+ routine adding the TLS information to the Received: headers did use the
+ older rec_fprintf() functions etc. This did work fine for the traditional
+ connection to the cleanup service, but naturally failed for smtpd_proxy
+ (with a segmentation violation).
+ Solution: access out_stream via the according pointers.
+ - The 2.0.13 stable version is not affected.
+
+2003/07/08 == Released 0.8.15 ==
+
+2003/07/07
+ - Postfix 2.0.13 and 2.0.13-20030706 are released.
+ Patchkit for 2.0.13 applies cleanly.
+ Patchkit for 2.0.13-20030607 requires several adaptations (patch conflicts,
+ no functional changes).
+ - Slightly modified SASL interface code (smpt[d]_sasl_glue layer) to
+ allow setting the security policy during session setup instead of
+ process start. This allows to actually choose SASL mechanisms available
+ depending on the availability of TLS encryption and authentication.
+ New parameters: smtpd_sasl_tls_security_options,
+ smtp_sasl_tls_security_options, smtp_sasl_tls_verified_security_options
+ - Submitted change to SASL interface to Wietse, who accepted the change
+ as part of the Snapshot line.
+
+2003/06/19 == Released 0.8.14 ==
+
+2003/06/19
+ - Add support for SubjectAlternativeName "dNSName" entries in certificate
+ checking (applies for client mode only).
+ If the client connects to the server, it does check the list of dNSName
+ entries against the expected hostname (therefore allowing the server to
+ have multiple identities). As described in RFC2818 (HTTP over TLS),
+ CommonName (CN) entries are only checked, if no dNSName entries are found
+ at all.
+ Initial patch proposed by Deti Fliegl <fliegl@cs.tum.edu>, reworked to
+ follow the RFC2818 rules and some cleanup.
+
+2003/06/18
+ - Checked out similar settings, found another missing entry:
+ var_smtp_scert_vd was missing src/smtp/smtp.c.
+ - Renamed HAS_SSL to USE_TLS for compilation (have to use -DUSE_SSL
+ in the future). Currently pfixtls.h will take care of setting
+ USE_TLS, when HAS_SSL has been defined.
+
+2003/06/17
+ - Received bug reports about Postfix/TLS failing (connection closing)
+ after having finished the "STARTTLS"/"220 Ready to start TLS"
+ dialogue. (Actually the first report came in via private mail on
+ 2003/06/12, but the information was too diffuse to track down).
+ Tracking down became possible after it became clear, that only Solaris
+ systems are affected.
+ Analysis:
+ * As of 2003/06/09 postfix uses non-blocking socket I/O for the SMTP
+ connection on Solaris platforms. This requires using "select()" style
+ waiting before read() or write() access (which are not prepared EAGAIN
+ or EWOULDBLOCK in the Postfix case and therefore indicate error).
+ * As the var_smtpd_starttls_tmout variable is not correctly initialized
+ (value is 0), the select() style function is not called, therefore
+ read() fails with EAGAIN and the connection is closed due to a
+ presumed error condition.
+ * The initialization of the variable should be done in the time_table[]
+ list during main().
+ The entry however was lost during the patch adaptation from 0.7.13e
+ to 0.7.14-snap20020107 on 2002/01/07.
+ Impact:
+ * On Solaris systems, STARTTLS fails during handshake (server only).
+ * On other systems, the TLS negotiation phase is not protected by the
+ smtpd_starttls_tmout (default 300s) value and may hang until the
+ watchdog kills smtpd, if the client does not continue the handshake.
+ Restored var_smtpd_starttls_tmout variable initialization.
+
+2003/06/12 == Re-released 0.8.13 ==
+
+2003/06/11
+ - Adapted to snapshot 2.0.12-20030611. No patch conflicts.
+
+2003/06/11
+ - Adapted to snapshot 2.0.11-20030609. One minor patch conflict.
+
+2003/05/23 == Re-released 0.8.13 ==
+
+2003/05/23
+ - First release against snapshot 2.0.10-20030523.
+
+2003/04/26 == Re-released 0.8.13 ==
+
+2003/04/26
+ - Updated patchkit to apply to Postfix 2.0.9.
+ - Updated patchkit-name to reflect the release of OpenSSL 0.9.7b.
+
+2003/03/06 == Re-released 0.8.13 ==
+
+2003/03/06
+ - Postfix 2.0.6 has been released. No patch conflicts.
+
+2003/03/02 == Re-released 0.8.13 ==
+
+2003/03/02
+ - Postfix 2.0.4 has been released. "patch" should work with some warnings
+ about moved line numbers.
+ - OpenSSL 0.9.7a has been released. No visible changes with respect to
+ Postfix/TLS.
+
+2003/01/26 == Re-released 0.8.13 ==
+
+2003/01/26
+ - Postfix 2.0.3 has been released. One minor patch-conflict.
+
+2003/01/13 == Released 0.8.13 ==
+
+2003/01/13
+ - Postfix 2.0.1 has been released. Some minor patch conflicts resolved.
+ - Added HOWTO documents contributed by Justin Davies <justin@palmcoder.net>
+ to the contribution area.
+ - Added RFC3207 (SMTP Service Extension for Secure SMTP over Transport Layer
+ Security) to the documentation. RFC3207 is the successor of RFC2487.
+ - Updated TODO list to reflect release ideas up to the release of
+ Postfix/TLS 0.9.0. (Or will it finally be 1.0.0? :-)
+
+2002/12/30
+ - OpenSSL 0.9.7 has been released. Postfix/TLS works best with the new
+ 0.9.7 release.
+
+2002/12/24 == Re-released 0.8.12 ==
+
+2002/12/24
+ - Postfix 2.0.0.1 has been released. Resolved one minor patch conflict.
+
+2002/12/20 == Re-released 0.8.12 ==
+
+2002/12/20
+ - Postfix snapshot 1.1.12-20021214 has been released. Resolved minor
+ patch conflicts.
+
+2002/12/15 == Re-released 0.8.12 ==
+
+2002/12/15
+ - Postfix snapshot 1.1.12-20021214 has been released. Two minor patch
+ conflicts.
+
+2002/12/06 == Released 0.8.12 ==
+
+2002/12/06
+ - OpenSSL 0.9.6h has been released. Update documentation and filenames
+ to reflect this new release.
+ - Minor bug fix: when calling "sendmail -bs", smtpd is not run with
+ superuser permissions, therefore the loading of the private key fails.
+ STARTTLS is not used anyway, so the key is not needed anyway, but the
+ failure to load creates a misleading warning.
+ Do not initialize TLS engine at all when not started with superuser
+ permissions.
+
+2002/12/03
+ - Postfix snapshot 1.1.12-20021203 has been released. Resolved one patch
+ conflict.
+
+2002/11/01 == Re-released 0.8.11a ==
+
+2002/11/01
+ - Postfix snapshot 1.1.11-20021031 has been released. No patch conflicts.
+
+2002/10/30 == Re-released 0.8.11a ==
+
+2002/10/30
+ - Postfix snapshot 1.1.11-20021029 has been released. No patch conflicts.
+
+2002/09/30 == Re-released 0.8.11a ==
+
+2002/09/30
+ - Postfix snapshot 1.1.11-20020928 has been released. No patch conflices.
+
+2002/09/24
+ - Postfix snapshot 1.1.11-20020923 has been released. Adapt patchkit.
+
+2002/09/19 == Re-released 0.8.11a ==
+
+2002/09/18
+ - Postfix snapshot 1.1.11-20020917 has been released. Adapt patchkit.
+
+2002/08/23 == Re-released 0.8.11a ==
+
+2002/08/23
+ - Postfix snapshot 1.1.11-20020822 has been released. Adapt patchkit.
+
+2002/08/20
+ - Postfix snapshot 1.1.11-20020819 has been released with several
+ enhancements and changes. Adapt patchkit (minor issues).
+
+2002/08/12
+ - OpenSSL has experienced several (security critical) updates.
+
+2002/07/26 == Re-released 0.8.11a ==
+
+2002/07/26
+ - On popular demand, a new diff for the snapshot version of Postfix
+ is created: postfix-1.1.11-20020719.
+
+2002/06/18 == Re-released 0.8.11a ==
+
+2002/06/18
+ - On popular demand, a new diff for the snapshot versions of Postfix
+ is created: postfix-1.1.11-20020613.
+
+2002/06/03 == Released 0.8.11a ==
+
+2002/06/03
+ - When compiling with SSL but without SASL, compilation fails due to
+ the modification of state->sasl_mechanism_list that is not part of the
+ "state" structure when SASL is not compiled in.
+ This bug was introduced in version 0.8.11.
+ Bug reported and patch supplied by Bernd Matthes
+ <bernd.matthes@gemplus.com>.
+
+2002/05/29 == Released 0.8.11 ==
+
+2002/05/29
+ - Postfix 1.1.11 is released.
+
+2002/05/25
+ - Fix processing of options after STARTTLS handshaking: AUTH= was not
+ handled, as the "=" was not recognized as for the extension list for
+ the case without TLS. (The TLS case was a copy of an older version
+ of the code not yet containing the "=" and the change in the main
+ code slipped through without noting the difference, hence the option
+ as not added to the TLS part.
+ Found by "Christoph Vogel" <Christoph.Vogel@Corbach.de>.
+
+2002/05/24
+ - Bug reported by "Christoph Vogel" <Christoph.Vogel@Corbach.de>:
+ Client side AUTH does not work, if STARTTLS is used: if a server
+ announces AUTH and STARTTLS, AUTH is being used if TLS is disabled.
+ Once TLS is enabled, AUTH is still offered by the server, but the
+ client does not use it any longer.
+ Reason: when AUTH is offered, not only the SMTP_REATURE_AUTH flag
+ is set in state->features, but also the available mechanisms are
+ remembered in state->sasl_mechanism_list. As AUTH may be offered
+ twice by some hosts (in the correct "AUTH mech" form and the older
+ and deprecated "AUTH=mech" form), a check against processing the
+ line twice is included in smtp_sasl_helo_auth(). This check now
+ prevented the correct processing in the second evaluation of the
+ ESMTP extensions offered after the STARTTLS activation.
+ Solution: reset state->sasl_mechanism_list before processing the
+ extension list just like state->features.
+
+2002/05/15 == Released 0.8.10 ==
+
+2002/05/15
+ - Postfix 1.1.10 has been released. No changes.
+
+2002/05/14 == Released 0.8.9 ==
+
+2002/05/14
+ - Postfix 1.1.9 has been released. Patchkit requires a small adjustment
+ (supplied by Tuomo Soini <tis@foobar.fi>).
+
+2002/05/10 == Released 0.8.8 ==
+
+2002/05/10
+ - OpenSSL 0.9.6d has been released. Release the unchanged patchkit
+ with a new version number and under a new filename to indicate
+ that it should be built against 0.9.6d (it has the session caching
+ failure of 0.9.6c fixed). Update documentation accordingly.
+
+2002/05/05
+ - Postfix 1.1.8 has been released, the patchkit applies cleanly.
+
+2002/04/03 == Re-released 0.8.7 ==
+
+2002/04/03
+ - Postfix 1.1.7 has been released, the patchkit applies cleanly.
+ Re-released the patchkit.
+
+2002/03/29 == Released 0.8.7 ==
+
+2002/03/29
+ - Postfix/TLS did not honor the per-recipient-switching-off in SMTP
+ client mode via tls_per_site (per-host-switching off was honored).
+ Patch by Will Day <wd@hpgx.net>.
+
+2002/03/27 == Released 0.8.6 ==
+
+2002/03/27
+ - Postfix 1.1.6 has been released. Adapted patchkit to resolve minor
+ patch conflict. (Template provided by Simon Matter
+ <simon.matter@ch.sauter-bc.com>)
+
+2002/03/13 == Released 0.8.5 ==
+
+2002/03/13
+ - Postfix 1.1.5 has been released. The patchkit would apply cleanly, but
+ obviously the "lock_fd" change that applies to dict_dbm.c (Wietse)
+ also has to be applied to dict_sdbm.c. Tuomo Soini <tis@foobar.fi>
+ kindly provided this change.
+
+2002/02/25 == Released 0.8.4 ==
+
+2002/02/25
+ - Postfix 1.1.4 became visible. One patch conflict in a Makefile
+ (Carsten Hoeger <choeger@suse.de>).
+
+2002/02/21
+ - Dates in this CHANGES document were showing 2001 even though 2002 already
+ began :-). Fixed. (Marvin Solomon <solomon@conceptshopping.com>)
+
+2002/02/07
+ - Bug in the documentation (setup.html): the main.cf variables for the
+ SMTP server process have to be named smtpd_* instead of smtp_*.
+ Found by Andreas Piesk <a.piesk@gmx.net>.
+
+2002/02/03 == Released 0.8.3 ==
+
+2002/02/03
+ - Patch from Andreas Piesk <a.piesk@gmx.net>: remove some compiler warnings
+ by using explicit type casts in hexdump print statements.
+ - Re-released otherwise unchanged patchkit against Postfix-1.1.3.
+
+2002/01/30 == Released 0.8.2 ==
+
+2002/01/30
+ - Re-released unchanged patchkit against Postfix-1.1.2.
+
+2002/01/24 == Released 0.8.1 ==
+
+2002/01/24
+ - Postfix-1.1.1 has been released. The patchkit needed some small adjustment.
+ - Both Tuomo Soini <tis@foobar.fi> and Carsten Hoeger <choeger@suse.de>
+ helped out with this small adjustment. As a side effect of Carsten's
+ complete pfixtls.diff, which I compared after applying Tuomo's adjustment,
+ I found that pfixtls.c contained several wrong "'" characters: on the
+ german keyboard there is an accent looking like the apostroph but producing
+ a different binary code. Obviously on Carsten's machine the code was
+ changed which became obvious during the comparison.
+ (Conclusion: I wrote the comments affected on my SuSE-Linux PC at home with
+ german keyboard. In my university-office I do have HP-UX workstations
+ with US keyboards.)
+
+2002/01/22 == Released 0.8.0 ==
+
+2002/01/22
+ - Received a comment from Wietse on the mailing list, that it is better
+ to resolve the "standalone" issue by using the already available
+ SMTPD_STAND_ALONE() macro in smtpd. Undid 0.7.16 change and made
+ new change in smtpd.c.
+ - Updated links in the References section of the documentation.
+
+2002/01/21 == Released 0.7.16 ==
+
+2002/01/21
+ - When calling "sendmail -bs" and STARTTLS is enabled, smtpd tries to
+ read the private key and fails due to insufficient permissions (smtpd
+ is run with the privileges of the user). This case is caught since
+ version 0.6.18 of the Postfix/TLS patchkit: STARTTLS is still being
+ offered but a "465 temporary failure" message is issued. Some mailers
+ (read this: PINE) will then refuse to continue. (And an irritating
+ error message indicating the failure to read the key will be logged.)
+ Experienced by "Lucky Green" <shamrock@cypherpunks.to> .
+ - Solution: Disable STARTTLS when running "sendmail -bs" by adding
+ "-o smtpd_use_tls=no -o smtpd_enforce_tls=no" to smtpd's arguments
+ upon startup. Using STARTTLS does not make sense in simulated
+ SMTP mode.
+
+2002/01/18 == Released 0.7.15 ==
+
+2002/01/18
+ - Postfix 1.1.0 has been released. The patchkit for the former snapshot
+ version applied cleanly and now becomes the patchkit for the stable
+ version.
+
+2002/01/16 == Released 0.7.14a ==
+
+2002/01/16
+ - Snapshot-20020115 is released. Adapted patchkit.
+ - Add Postfix/TLS entries into the new conf/postfix-files
+ (Tuomo Soini <tis@s.foobar.fi>, Carsten Hoeger <choeger@suse.de>).
+
+2002/01/14
+ - OpenSSL: a user reported that session caching stopped working for him
+ with OpenSSL 0.9.6c. I found that this is also true for my own
+ Postfix/TLS installation.
+ Solution: server side session caching is broken in OpenSSL 0.9.6c when
+ using non-blocking semantics (Postfix/TLS is affected as it uses
+ BIO-pairs); sessions are simply not added to the cache. This bug
+ is not security relevant. A fix has been applied to the OpenSSL source
+ tree for the next release.
+
+2002/01/08 == Released 0.7.14 ==
+
+2002/01/07
+ - New snapshots released as release candidates. Adapted the patchkit
+ to snapshot-20020107. Moved our production servers from 20010228-pl08
+ to snapshot-20020107 with the adapted patchkit.
+ - Fix documentation: tlsmgr can be run chrooted since a long time.
+
+2001/12/21
+ - OpenSSL 0.9.6c is released. Postfix/TLS is fully compatible.
+
+2001/12/19 == Released 0.7.13e ==
+
+2001/12/19
+ - Adapted patchkit to snapshot-20011217.
+
+2001/12/12 == Released 0.7.13d ==
+
+2001/12/12
+ - Adapted patchkit to snapshot-20011210. Adaption provided by
+ Tuomo Soini <tis@foobar.fi>.
+
+2001/11/28 == Released 0.7.13c ==
+
+2001/11/28
+ - Adapted patchkit to snapshot-20011127.
+
+2001/11/26 == Released 0.7.13b ==
+
+2001/11/26
+ - Adapted patchkit to snapshot-20011125.
+
+2001/11/22 == Released 0.7.13a ==
+
+2001/11/22
+ - Adapted patchkit to snapshot-20011121.
+
+2001/11/15 == Released 0.7.13 ==
+
+2001/11/15
+ - Adapted patchkit to postfix-20010228-pl08 and snapshot-20011115.
+
+2001/11/06 == Re-released 0.7.12 ==
+
+2001/11/06
+ - Snapshot-20011105 released. No patch conflicts, but in order to have
+ the pfixtls-* filename and home page entry reflect the new version,
+ I'll re-release 0.7.12.
+
+2001/11/05 == Released 0.7.12 ==
+
+2001/11/05
+ - Release of Postfix-20010228-pl06 and snapshot-20011104. The snapshot
+ version had some minor patch conflicts to be resolved.
+
+2001/10/14 == Released 0.7.11 ==
+
+2001/10/14
+ - Bug fix (client mode): when the peername is checked against the CommonName
+ in the certificate, the comparison does not correclty ignore the case
+ (the peername as returned by DNS query or set in the transport map
+ is not transformed to lower case). This bug was introduced in 0.7.5.
+
+2001/10/09 == Released 0.7.10 ==
+
+2001/10/09
+ - Snapshot-20011008 is released. Some minor adaptions are required to
+ sort out patch conflicts.
+
+2001/09/28
+ - Received patch from Uwe Ohse <use@ohse.de>: There is a bug in sdbm's
+ handling of the .dir file, that also applies to Postfix/TLS.
+ The problem only appears for large databases.
+ - The example entries in conf/master.cf for the submission and smtps services
+ use "chroot=y" flags, while the Postfix default is "chroot=n". This could
+ lead to hardly explainable problems when users did not note this fact
+ during setup.
+ Fixed example entries to also use "chroot=n" default.
+
+2001/09/18
+ - Wietse releases Postfix-20010228-pl05. The patch applies cleanly with
+ "patch -p1 ...", so it is not necessary to release a new patchkit.
+
+2001/09/04 == Released 0.7.9 ==
+
+2001/09/04
+ - Due to unititialized variable in smtpd_state.c, AUTH may not be offered
+ without TLS even though smtpd_tls_auth_only was not enabled.
+ (Patch from Nick Simicich <njs@scifi.squawk.com>.)
+
+2001/08/29
+ - In the snapshot-20010808 version of 0.7.9, the "tlsmgr" line in the sample
+ conf/master.cf is missing (reported by Will Day <wd@hpgx.net>). Fixed.
+
+2001/08/27 == Released 0.7.8 ==
+
+2001/08/27
+ - Received bugreport about issuer_CN imprints consisting of long strings
+ of nonsense. This only appeard with certificates issued from a certain
+ CA (RSA Data Security Inc., Secure Server Certification Authority).
+ (Will Day <wd@hpgx.net>)
+ - The problem: the issuer data of this certificate is:
+ Issuer
+ C=US
+ O=RSA Data Security, Inc.
+ OU=Secure Server Certification Authority
+ It does not contain a CN (CommonName) field. OpenSSL's
+ X509_NAME_get_text_by_NID() function does not catch this condition
+ (no error flag set), but it also does not set the name in the memory
+ location specified.
+ - Solution:
+ 1. Preset the memory for the string to '\0', so that a string of length
+ 0 is obtained on the failure described above.
+ 2. When no CN data is available, use the O (Organization) field
+ instead. The data are used for logging only (it is the issuer, not
+ the subject name), so this change does not affect functionality.
+
+2001/08/22 == Released 0.7.7 ==
+
+2001/08/22
+ - Found one more bug: erronously called SSL_get_ex_new_index() instead
+ of SSL_SESSION_get_ex_new_index() (note the _SESSION missing). This
+ could be responsible for the failure at the locations found during
+ debugging. Works fine on HP-UX (did also before), must cross check
+ at home...
+
+2001/08/21
+ - Received report, that smtp (client) fails with signal 11 (platform:
+ linux redhat). Cannot reproduce any problem on HP-UX (did run 1
+ week in production before release). But malloc() and stack strategies
+ are different between platforms.
+ - Can reproduce the failure on my Linux PC at home :-(.
+ - Found one bug in new_session_cb(): on successfull external caching,
+ success is reported by a return value of 1. This however must be another
+ bug, as it has nothing to do with the locations of the failure, when
+ analyzing the core dumps/running under debugger.
+ Still getting SIGSEGV...
+
+2001/08/20 == Released 0.7.6 ==
+
+2001/08/20
+ - Following "popular demand" implemented new feature and configuration option
+ "smtpd_tls_auth_only": Only allow authentication using the AUTH protocol,
+ when the TLS encryption layer is active. Default is "no" in order to
+ keep compatiblity to postfix without TLS patch.
+ This option does not distinguish between different AUTH mechanisms.
+
+2001/08/16 == Released 0.7.5 ==
+
+2001/08/15
+ - The new session cache handling is working now at my site for quite some
+ time.
+ - Client side: modified peername matching code, such that wildcard
+ certificates can be used. Matching is done as in HTTP/TLS: only the
+ leftmost part of the hostname may be replaced by a '*'.
+
+2001/08/09
+ - Further debugged the CRYPTO_set_ex_data() functionality.
+ - Unified "external cache write" and "external cache remove" callbacks
+ for client and server side. The "external cache read" functions are not
+ that easy to combine, as the lookup keys are quite different and do not
+ match the fixed interface to the callback function.
+ - Change shutdown behaviour according to SSL_shutdown(). When SSL_shutdown()
+ returns, the shutdown handshake may not be complete, if we were the first
+ party to send the shutdown alert. We must call SSL_shutdown() again,
+ to wait for the peer's alert.
+
+2001/08/08
+ - Postfix snapshot 20010808 is being released.
+
+2001/08/08
+ - Rewrite server side to remove externally cached sessions via callback.
+ - Rewrite client side to remove externally cached sessions via callback.
+ This turns out to be more difficult as expected, as the client side
+ session cache is sorted by hostnames, but the callbacks are called
+ with the SSL_SESSION objects. The information must be stored into the
+ SSL_SESSION objects by using the CRYPTO_set_ex_data() functionality,
+ the documentation of which, ahem, ...
+ - Reloading sessions stays separate, as the functionality is different.
+
+2001/08/07
+ - Started reworking the session cache code.
+ * On the server side the retrieval from the external cache and the writing
+ to the cache are handled by callback functions. The removal is handled
+ directly.
+ * On the client side, all session cache operations are performed explicitly.
+ * The explicit handling is on the client side is bad, as it requires a
+ quite complicated logic to detect session reuse and the appropriate
+ handling.
+ * The explicit handling of session removal on both sides is bad, as
+ the OpenSSL library will remove sessions (on session failure) according
+ to the TLS specifications automatically, so we want to take advantage
+ of this feature and have the externally cached sessions removed as
+ required via callback.
+ - First step: on the client side, also use the new_session_cb(), so that
+ new sessions are automatically saved to the external cache on creation.
+
+2001/08/01
+ - Postfix-20010228-pl04 is being released.
+
+2001/07/11 == Released 0.7.4 ==
+
+2001/07/10
+ - Postfix snapshot 20010709 was released. Resolved some minor patch
+ conflicts.
+
+2001/07/10
+ - OpenSSL 0.9.6b has been released including a security fix for the
+ libraries internal pseudo random number generator.
+ * Note: to exploit the weakness, an attacker must be able to retrieve
+ single random bytes. As in Postfix/TLS random bytes are only used
+ indirectly during the SSL handshake, an attacker could never access
+ the PRNG in the way required to exploit the weakness.
+ * Postfix/TLS is therefore not vulnerable (as are most (all?) applications
+ utilizing the SSL layer).
+ * The OpenSSL team however recommends to upgrade or install the bugfix
+ included in the announcement in any case.
+ * Details can be found at http://www.openssl.org/
+
+2001/05/31 == Released 0.7.3a ==
+
+2001/05/30
+ - Report from <Andre.Konopka@Presse-Data.de>: TLS logging does not work.
+ Reason: parameters are not evaluated in mail_params.c, as the corresponding
+ lines for other_int_defaults[] were missing from the patch. This
+ only affected the 0.7.3-snapshot version, the version for "stable"
+ is correct.
+ I will release 0.7.3a with this fix only for the snapshot version to keep
+ version numbering consistent with the "stable" version.
+
+2001/05/28 == Released 0.7.3 ==
+
+2001/05/28
+ - Upgraded to snapshot-20010425: resolved some minor patch conflicts.
+ No functional changes.
+
+2001/05/16
+ - Received french documentation (doc_french/) contributed by
+ Etienne Roulland <Etienne.Roulland@univ-poitiers.fr>.
+
+2001/05/03 == Released 0.7.2 ==
+
+2001/05/03
+ - Postfix-Snapshot 20010502 is released. Bernhard Rosenkraenzer
+ <bero@redhat.de> supplies an adapted patch for Postfix/TLS, as the
+ normal patch has several rejections because of code changes;
+ functionality has not changed.
+
+2001/05/01
+ - Patchlevel 02 of Postfix 20010228 is being released. The Postfix/TLS
+ patchkit applies cleanly when using the "-p1" switch to patch.
+
+2001/04/09 == Released 0.7.1 ==
+
+2001/04/06
+ - OpenSSL 0.9.6a is released. It contains several bugfixes and will become
+ the recommended version to be used with Postfix/TLS.
+ I will run some more test and then re-release Postfix/TLS (without
+ additional changes to the source) as 0.7.1 to make people aware of the
+ new versions of Postfix and OpenSSL.
+
+2001/04/05
+ - Hint from Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>:
+ the "Known Bugs" section in doc/test.html actually contains bugs
+ of clients and/or interoperatbility problems. Better name it
+ "Known interoperability problems" and rename the entries
+ "Postfix/TLS server" and "Postfix/TLS client" to improve clarity.
+
+2001/03/29
+ - Patchlevel 01 of Postfix 20010228 is being released. The Postfix/TLS
+ patchkit applies cleanly when using the "-p1" switch to patch.
+ OpenSSL 0.9.6a will be out within the next handful of days, so I will
+ delay the release of a new patchlevel until then.
+
+2001/03/01 == Released 0.7.0 ==
+ - IMPORTANT: If you are upgrading from a much older version, you will find
+ that some configuration options have changed over time (fingerprints are
+ now handled with ':'. check_relay_ccerts is now permit_tls_clientcerts.
+ Session caching has been reworked.)
+ It is recommended to re-read the sample-tls.cf file or the html version
+ in the documentation.
+
+2001/03/01
+ - Wietse has announced the _release_ version (non-beta) or postfix:
+ 20010228!
+ - Applied the Patchkit to the _release_ version (not the snapshot version).
+ Resolved one minor patch conflict.
+ - So, it's time to call this Postfix/TLS 0.7.0.
+
+2001/02/26 == Released 0.6.38 ==
+
+2001/02/26
+ - Snapshot-20010225 has been released. Resolved one minor patch conflict.
+
+2001/02/23 == Released 0.6.37 ==
+
+2001/02/23
+ - Snapshot-20010222 has been announced as RELEASE CANDIDAT. Resolved one
+ minor patch conflict.
+ - Removed "check_relay_ccerts" restriction which has been replaced
+ by "permit_tls_clientcerts" in 0.6.24. (Was left in until now for
+ transition.)
+ - Do not try to save session data > 8kB, since this cannot be handled
+ by SDBM. (This is more or less academical, since I have never met a
+ session even half that large.)
+
+2001/02/19 == Released 0.6.36 ==
+
+2001/02/05
+ - Snapshot-20010204 has been released. Resolved one minor patch conflict.
+
+2001/02/03 == Released 0.6.35 ==
+
+2001/02/03
+ - Snapshot-20010202 has been released. Resolved one minor patch conflict.
+
+2001/01/29 == Released 0.6.34 ==
+
+2001/01/29
+ - Snapshot-20010128 has been released. Resolved some minor patch conflicts.
+
+2001/01/11 == Released 0.6.33 ==
+
+2001/01/10
+ - Discussion in Thread "When to get peer certificate?" continues and it
+ comes out, that cross references between datastructures are well maintained
+ inside OpenSSL. A fact not well known due to lack of documentation
+ (seems I am facing some more work on the OpenSSL manpages :-).
+ - Moved around data needed for the certificate verification: a lot of
+ "static" entries globally needed inside pfixtls.c could now be moved
+ into the connection specific TLScontext.
+
+2001/01/07 == Released 0.6.32 ==
+
+2001/01/07
+ - Since now the checks at handshake stage (in pfixtls.c) are more strict,
+ some of the checks in smptd.c and smtp_proto.c could be removed.
+ At a later point I can probably move even more checks into pfixtls.c...
+
+2001/01/05
+ - Had a discussion with Ari Pirinen <aripirin@europe.com> on openssl-users
+ (Thread: When to get peer certificate?) about the earliest possible
+ place to check the CommonName of the peer against the expected name.
+ (This is what smtp does when enforcing the peername of the server it
+ is connecting to.)
+ The final result was, that the check can already been done inside the
+ verifiy_callback() routine even before the handshake is completed.
+ The positive side effect is, that since the session is never completly
+ established, it is also not cached on either client or server.
+ - Since this is a good idea, I have extended the verify_callback in
+ src/global/pfixtls.c to check the CommonName of the peer (if applicable)
+ and have the handshake shut down immediatly on failure. I have also
+ changed the behaviour so that whenever a positive certificate verification
+ is required, the handshake is shut down immediatly.
+ (The versions up to now did delay these checks until the session was
+ established and then shut down the connection. I had established this
+ practice while working on BIO-pairs and running into a bug in
+ OpenSSL 0.9.5 (fixed now) and with the verify depth.)
+
+2000/12/23 == Released 0.6.31 ==
+
+2000/12/23
+ - Bug: When only enabling smtpd_tls_wrappermode and not additionally setting
+ smtpd_use_tls or smtpd_enforce_tls, the TLS engine was not fired up on
+ startup of smtpd
+ Fixed: also start TLS engine when only smtpd_tls_wrappermode is enabled.
+ (Experienced by "Fiamingo, Frank" <FiamingF@strsoh.org>)
+
+2000/12/18 == Released 0.6.30 ==
+
+2000/12/18
+ - New snapshot 20001217 has been released. Due to the change of "timeout"
+ parameters now being its own class and table, the old patchkit does not
+ apply cleanly!
+ - Checked out Postfix/TLS parameters being timeout values and put them into
+ the new style time parameter table. This allows to specify time values
+ like 3600s or 1h. Updated sample configuration to reflect this new style.
+ - "Fiamingo, Frank" <FiamingF@strsoh.org> pointed out to me, that there are
+ three parameters in src/global/mail_params.h (namely DEF_TLS_RAND_EXCH_NAME,
+ DEF_SMTPD_TLS_CERT_FILE, DEF_SMTPD_TLS_CA_FILE) that are hardcoded as
+ "/etc/postfix/something".
+ This does not match the usual style of postfix, where no paths are
+ hardcoded this way. I have removed the defaults for CERT_FILE and CA_FILE.
+ The RAND_EXCH is needed for good PRNG seeding on systems without
+ /dev/urandom, I however don't know yet, how to rearrange this requirement.
+ I could use the Postfix internal mechanisms to enforce a parameter, but
+ this would annoy people having compiled in TLS but not activated.
+
+2000/12/13 == Released 0.6.29 ==
+
+2000/12/13
+ - Snapshot-20001212 has been released.
+ - Undid bugfixes for 20001210 which now are included in the new snapshot.
+
+2000/12/12 == Released 0.6.28 ==
+
+2000/12/12
+ - Added bugfix provided by Wietse on postfix-users@postfix.org for
+ "postconf -m" behaviour.
+
+2000/12/11
+ - New snapshot-20001210 released. Some patch conflicts occur. Additionally
+ * adjusted calls to myflock() to changed interface,
+ * fixed bug in smtpd_sasl_glue(), where a change to the name_mask()
+ call was not applied in the original snapshot.
+
+2000/12/05 == Released 0.6.27 ==
+
+2000/12/04
+ - Print informational message "SSL session removed" only when
+ var_smtp[d]_loglevel >= 2. (Proposed by Craig Sanders <cas@taz.net.au>.)
+ - Extend logging of "setting up TLS connection from/to" and corresponding
+ success/failure messages so that they include the hostname/ip address.
+ This way it is much easier to automatically analyze errors by simply
+ grepping for e.g. "SSL_accept error" and immediately get the peer
+ causing the problem without further logfile processing.
+ (Proposed by Craig Sanders <cas@taz.net.au>.)
+ - When experiencing a TLS failure due to TLS-enforced failure in client mode
+ (no certificate or hostname/certificate mismatch etc), immediately shut
+ down the TLS mode with "failure" indication, so that the SSL session is
+ removed immediately. This way a new session is always enforced in the
+ case the peer has fixed the problem; no need to wait for the timeout.
+
+2000/11/29 == Released 0.6.26 ==
+
+2000/11/29
+ - Found security relevant bug in the OpenSSL library: the verify_result
+ stating whether or not the certificate verification succeeded is not
+ stored in the session data to be cached and reused.
+ - This bug was found during the development of Postfix/TLS around one
+ year ago, the bug in the library was however only fixed for the server
+ side. At that time I also tested the server side behaviour but ommitted
+ to check the client side, too.
+ - Versions before Postfix/TLS 0.4.4 experienced this problem for both
+ server and client side. Before 0.6.0 a workaround was active for both
+ sides, which has been removed at 0.6.0 in the believe that the bug
+ was gone (I only tested the server side, which was fixed).
+ - Fixed that bug in OpenSSL also for the client side (I can do this myelf
+ now that I have been invited to join the OpenSSL developers team :-).
+ The fix is availabe as of today and will be part of the 0.9.7 release
+ of OpenSSL (or 0.9.6a, if this release will be published).
+ - Included a workaround inside Postfix/TLS for OpenSSL library versions
+ before 0.9.6a or 0.9.7, respectively.
+
+********************** Begin Description
+
+ - By not caching the verify_result for the client side, the following
+ behaviour could appear:
+ * The problem can only appear when smtp_tls_session_cache_database
+ is activated.
+ * smtp_use_tls = yes
+ X On the first connection, the certificate fails verification, failure
+ is logged:
+ smtp[*]: Unverified: subject_CN=serv01.aet.tu-cottbus.de, issuer_CN=BTU-CA
+ For any following connections until the session times out (default 1 hour),
+ the peer certificate seems to pass verification:
+ smtp[*]: Verified: subject_CN=serv01.aet.tu-cottbus.de, issuer_CN=BTU-CA
+ X Security Impact:
+ Unverified certificates are logged as if verification had succeeded.
+ * smtp_enforce_tls = yes
+ X After the verification failure, the session is never correctly established
+ and hence not reused.
+ X Security impact:
+ None, as the session is never reused.
+ * smtp_enforce_tls = yes after smtp_tls_enforce_tls = yes for a server.
+ X If the session has been recorded with use_tls and then for this server
+ enforce_tls is set, the wrong verify_result could be used within the
+ session cache timeout (default = 1 hour).
+ X Security impact:
+ If TLS shall be enforced for a recipient, there is a window of approx.
+ one hour from setting the "enforce_tls" switch until a verification
+ failure is noted. For this to happen, a TLS session to that server must
+ have been used with use_tls set and the not-verifiable certificate must
+ have been recorded in that session.
+ - Evaluation:
+ Even though this _is_ a security problem, I consider risk to be *low*,
+ given the conditions under which the problem might occur.
+
+********************** End Description
+
+2000/11/27 == Released 0.6.25 ==
+
+2000/11/26
+ - Added "permit_tls_all_clientcerts" for smtpd_recipient_restrictions.
+ When this option is enabled, any valid client certificate allows relaying.
+ This can be practical, if e.g. a company has a special CA to create
+ these certificates and only this CA is "trusted". It however does not
+ allow finer control, so if e.g. an employee leaves, he could still
+ relay. Postfix/TLS does not (yet) allow CRL (certificate revocation lists).
+ (Added on popular demand.)
+ - Make the client behaviour more configurabe: when enforcing TLS connections,
+ the peer's name is checked against the CommonName in its certificate.
+ New configuration variable "smtp_tls_enforce_peername" (default=yes)
+ can now be used to accept peername!=CommonName. The server's certificate
+ must still pass the verifcation process against a trusted CA!
+ In tls_per_site, the according key is MUST_NOPEERMATCH.
+ (Added on demand.)
+
+2000/11/24
+ - If the server requires a client certificate and no certificate is presented
+ or the certificate fails verification, the connection is shut down but
+ no information is logged.
+ -> add according msg_info() in smtpd/smtpd.c:startls_cmd().
+ - If TLS is not enforced, it does not make sense for a server to require a
+ client certificate. If no STARTTLS is issued, the SMTP would continue
+ anyway, so why shut down when TLS is activated without verifyable client
+ certificate?
+ -> ignore smtpd_tls_req_ccert=yes, if TLS is not enforced and only treat
+ like smtpd_tls_ask_ccert = yes with an according information logged.
+
+2000/11/22 == Released 0.6.24 ==
+
+2000/11/22
+ - Installed on my own servers and changed configuration to use the new
+ "permit_tls_clientcerts" option name. Patchkit will be released after
+ some hours of successfull operation.
+
+2000/11/21
+ - New snapshot-20001121 is being released. The patch applies without any
+ conflict when applied with "patch -p1", so no need to rush out an updated
+ patchkit.
+ - Rename the smtpd_recipient_restrictions option from "check_relay_ccerts"
+ to "permit_tls_clientcerts" to better match the naming scheme.
+ Leave in the old option for now to not break existing configurations.
+ The final incompatible removing is scheduled of release 0.7.0 of the
+ patchkit which will be matching the next "stable" release of postfix.
+ - There is no manual page for tlsmgr.8 (pointed out by Terje Elde
+ <terje@thinksec.com>).
+ Fix the comments at the beginning of tlsmgr.c and create tlsmgr.8.
+ - In the session cache code an additional 20 bytes were allocated when
+ converting SSL_SESSION data to binary using i2d_SSL_SESSION().
+ In adding these 20 bytes to the size listed by i2d_SSL_SESSION() I followed
+ the example in the OpenSSL source (PEM_ASN1_write()). These 20 bytes are
+ only added since when writing the PEM, a 20 byte checksum is added, so
+ we don't need it in our case -> removed.
+ (Researched after Carlos Vicente <cvicente@mat.upc.es> asked what these
+ 20 bytes are good for :-)
+
+2000/10/30 == Re-Released 0.6.23 ==
+
+2000/10/30
+ - Postfix snapshot-20001030 with an important bug fix is made available.
+ The patchkit applies without any problem (patch -p1).
+ Hence, I re-release the 0.66.23 release for the new snapshot.
+
+2000/10/30 == Released 0.6.23 ==
+
+2000/10/30
+ - New Postfix snapshot 20001029 available with some important bug fix.
+ Adjusted patchkit (only minor conflicts).
+
+2000/10/27
+ - The CN_sanitize function (src/smtpd/smtpd.c) that shall make sure that
+ no illegal sign is included into the Received: header does not work
+ on systems were "char" is unsigned by default.
+ (Linux on s390, found by Carsten Hoeger <choeger@suse.de>)
+ -> Worked out a more precise (even though not looking elegant) solution
+ that checks out all acceptable characters.
+ - Sent new smptd.c to Carsten Hoeger for testing, will wait with new
+ Postfix/TLS release.
+
+2000/10/06 == Released 0.6.22 ==
+
+2000/10/06
+ - snapshot-20001005 has been released, featuring fast ETRN. Only some minor
+ patch conflicts needed to be resolved.
+
+2000/09/28 == Released 0.6.21 ==
+
+2000/09/28
+ - snapshot-20000924 seems to be somewhat longer lasting. I have been asked
+ for a new Postfix/TLS release against snapshot-20000924, hence I will
+ create one.
+ - Running OpenSSL 0.9.6 for a week now to my full satisfaction. I will bump
+ bump up the Postfix/TLS version counting to include "0.9.6", even though
+ it will still run fine with 0.9.5a.
+
+2000/09/25/
+ - snapshot-20000924 is available; only small adjustments.
+ - Wietse seems to release new snaphots on a daily basis, it doesn't make
+ sense to follow with a new Postfix/TLS release every day.
+
+2000/09/23 == Released 0.6.20 ==
+
+2000/09/23
+ - Recompile OpenSSL-0.9.6-beta3 with the change and reinstall old pfixtls.c:
+ works again. Hence, all versions of Postfix/TLS working against 0.9.5a
+ will also work again 0.9.6-final, which shall be released on 2000/09/24!
+ - Wietse releases snapshot-20000923, patchkit adapted.
+ - Went through the "install.html" document to add a remark about
+ OpenSSL-0.9.6. This document is of historic quality but did not fit
+ actual versions of Postfix/TLS, we are far beyond OpenSSL 0.9.2: Updated.
+
+2000/09/22
+ - Wietse releases snapshot-20000922. The source directory hierarchie has
+ changed, so the patch needs to be adjusted at several places.
+ - Run tests against OpenSSL 0.9.6-beta3: problems occur!
+ * Certificates are no longer verified, since an informationa flag about the
+ CA certificate search process is written into the error storage and
+ thus misinterpreted as verification failure.
+ * Changed Postfix/TLS source to maintain its own error storage based on
+ the verify_callback, send out according warning to Postfix/TLS mailing
+ list.
+ * Unfortunately, this will break all older versions of Postfix/TLS.
+ Sent out analysis to OpenSSL-bugs@openssl.org.
+ * Additional change is made to OpenSSL: the new behaviour is only activated
+ when a special flag is set, so compatibility is restored!
+
+2000/09/21
+ - Wietse releases snapshot-20000921. Some minor patch conflicts resolved.
+
+2000/09/14 == Released 0.6.19 ==
+
+2000/09/14
+ - Received a bug report: Postfix/TLS will accept a mail even though
+ smtpd_req_ccert=yes (require use of client certificate) and no
+ client certificate is presented.
+ Reason: when no client certificate is presented SSL_get_verify_result()
+ will return X509_V_OK, since this is the default value.
+ Solution: only set "peer_verified" internal information, if the
+ verify_result is X509_V_OK _and_ a peer certificate is available.
+ Remark: This default value does not make too much sense. I will file
+ a bug report/patch before the next release of OpenSSL...
+
+2000/09/03 == Released 0.6.18 ==
+
+2000/09/03
+ - When calling "sendmail -bs", smtpd is started without root privileges,
+ hence it cannot open the private key file and the session cache database.
+ Since the database routines do not offer a graceful return (only fatal
+ and abort), this leads to a failure when TLS and session caching is
+ activated.
+ This affects PINE users (noted by Craig Sanders <cas@taz.net.au>).
+ Solution: Try to read the private key first; if that fails, we can
+ gracefully recover and won't touch the session cache database at all.
+ - When STARTTLS is configured for smtpd but does not work (e.g. because of
+ unaccessible keys), smtpd answers with "465 TLS not available due to
+ temporary reasons". After that the connection was closed, this is however
+ not necessary, as the client may decide to continue without TLS activated.
+ - Craig Sanders <cas@taz.net.au> contributes a script to automatically
+ generate the keys and certificates for Postfix/TLS usage. Added
+ "make-postfix-cert.sh" to the contributed/ directory.
+
+2000/09/02 == Released 0.6.17 ==
+
+2000/09/02
+ - Craig Sanders <cas@taz.net.au> reports that he has connection problems
+ with a site; the message in the log is:
+ SSL_connect error 0
+ 8847:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:956:SSL alert number 10:
+ * This is the error caused by the faulty TLS implementation with
+ CommunigatePro. The bug is fixed in later versions of CommunigatePro,
+ The site shall be contacted, they should update.
+ - More important, he reports a segmentation fault immediately after this
+ problem.
+ - Bug: when not using session caching and an error occurs during the TLS
+ handshake, pfixtls_start_clienttls() tried to remove the erronous
+ session from a non-existant session cache.
+ Fix: check the existence of the session cache before trying to access it.
+ Comment: at all other places in the code this condition was already
+ caught.
+ - Remark: actually session caching was configured, but the configuration
+ variable was mistyped because...
+ it was wrong in conf/sample-tls.cf and doc/conf.html.
+ The correct values are "smtp[d]_tls_session_cache_database" instead of
+ "smtp[d]_tls_use_session_cache_database".
+ Unfortunately this is not flagged by Postfix...
+
+2000/08/25 == Released 0.6.16 ==
+
+2000/08/25
+ - Make sure, that the smtp[d] processes will try to access the "daemon"
+ entropy sources, but will only print an info when not available. Using
+ the PRNG-exchange file, they can happily run without.
+ - Moved HAS_SSL checks, such that the package compiles also when configured
+ without -DHAS_SSL.
+
+2000/08/24
+ - Changed the handling of the PRNG-exchange file. Until now it was written
+ by tlsmgr and read by the smtp[d] daemons. This had the disadvantage, that
+ until tlsmgr rewrote new bytes to the file, all starting daemons read the
+ same seed (to which some more bits, but not too much were added).
+ - Now the file is handled in read->stir into pool->write back mode, so that
+ every daemon will add its own entropy bits.
+ - The smtp[d] processes will do so when starting, when opening a TLS
+ connection and when closing.
+ - The tlsmgr will also read back the file and add it to its pool, so that
+ no entropy is lost.
+ - This change significantly increases the "self seeding" capability of
+ the TLS service.
+
+2000/08/09
+ - Cleaned up the new PRNG-seeding.
+ - When tlsmgr looses connection to an EGD-source (because it was restarted),
+ tlsmgr performes an exit(0), so that a newly started tlsmgr can reconnect.
+ [chroot/dropped privileges].
+
+2000/08/04
+ - Introduced new entropy sources for single daemons:
+ * tls_daemon_random_source
+ Using this source (same style as for tlsmgr), each starting daemon can
+ obtain additional entropy (32 bytes by default). The PRNG-exchange file
+ is still read.
+ - I am not sure about the policy for this feature. If such a source is
+ given, should a failure be considered fatal?
+
+2000/07/23
+ - Started reworking the PRNG seeding:
+ * tlsmgr now recognizes tls_random_source as
+ dev:/dev/urandom /* Direct read from device file */
+ egd:/path/to/socket /* Connection via EGD-socket */
+ /path/of/plain-file
+ * If a dev: or egd: is given, tlsmgr will connect and keep the connection
+ open, so that it now can run in chroot-mode with dropped privileges.
+ - Since EGD can be drained, but the connection is permanently open, only
+ suck a small number of bytes (default 32) at a time, but do it more
+ often.
+
+2000/08/09 == Released 0.6.15 ==
+
+2000/08/09
+ - Traced through OpenSSL to learn more about the verify_callback-feature.
+ The callback is called several times. When it returns "1", the handshake
+ will continue, when it calls "0", the handshake will immediately fail
+ (and Postfix/TLS will also close the TCP connection).
+ - Following the sample in the OpenSSL-apps, the verification chain depth
+ was the only property triggering this effect, so this stood hidden until
+ now. Obviously, users having longer chains did set the verifcation
+ depth accordingly or they gave up, since this was never reported...
+ - Changed the behaviour of verify_callback() to never return "0", such that
+ we can deal with the verification result later in a more consistent manner.
+ If we only enable and not enforce, we simply want to ignore problems with
+ the certificate.
+ - verify_callback() did not print out all information, since the wrong
+ state variables (pfixtls_*active instead of pfixtls_*engine) were
+ checked. The *active state variables are only set later.
+ As the verify process now became rather narrative, the normal logging
+ is only done in loglevel 2!
+ - Arrrghhh. The conf/sample-tls.cf _and_ the html-docu (which is actually
+ copied from conf/sample-tls.cf) has wrong names for the verification-
+ depth parameters. *_vd instead of *_verifydepth and ccert<->scert.
+ [Wondering, why this never popped up before...]
+ - Changed the default-verifydepth to "5" which should suffice for most
+ cases. Maybe the limit could also be completely removed, but we should
+ at least receive a warning hint when something goes wild.
+ Since OpenSSL>=0.9.5 is required for Postfix/TLS anyway, certificate chain
+ verification can now be used, so the caution applied before is no longer
+ necessary.
+
+2000/08/08
+ - Tracked down the double-free() call in smtp with Efence. SSL_free()
+ does call SSL_SESSION_free() on the negotiated session. Hence, I must
+ not call SSL_SESSION_free() on the session in question, it will be
+ removed anyway.
+ - Also tracked down the certificate chain feature. Reason is the
+ verify_callback() in global/pfixtls.c. It flags a chain depth that
+ is too long as fatal, hence the connection is immediately closed.
+
+2000/08/04
+ - Received information from Alain Thivillon <Alain.Thivillon@hsc.fr>:
+ FreeBSD-CURRENT offers malloc() with additional checks enabled.
+ After successfully delivering, smtp dumps core with free() called
+ twice in TLS mode.
+ - I noted, that there is a communication problem with his site an my new
+ certificate issued by the universities computer center (which has a chain
+ depth of 2). Step back to the old self certificate for the time being.
+
+2000/07/27 == Released 0.6.14 ==
+
+2000/07/27
+ - Introduced new configuration parameter "smtpd_tls_wrappermode" that
+ enables the (deprecated) old style SSL-wrapping around SMTP. It could
+ be run on a different port (once smtps=465) was recommended for this
+ services.
+ This method is used by old versions of Outlook (Express), the Mac versions
+ and even actual versions, when not run on port 25.
+ [Actually it was only a handful of lines, so it doesn't hurt too much,
+ even though it does not follow any RFC.]
+ - I recommend using this option only from master.cf. Example lines added
+ to conf/master.cf and description added to Postfix/TLS-doc/conf.html.
+ - When having SASL enabled and TLS-enforce mode in "smtpd", only offer
+ AUTH, when TLS has been activated. Otherwise the client might simply
+ send the unencrypted credentials before it receives
+ 530 Must issue a STARTTLS command first
+ and an eavesdropper already has what he was looking for.
+
+2000/07/19 == Released 0.6.13 ==
+
+2000/07/19
+ - Changed the library-initializaton call to new naming scheme
+ (SSLeay_add_ssl_algorithms() to OpenSSL_add_ssl_algorithms() :-).
+ - Updated documentation to reflect the use of chain certificates with
+ CAfile and smtp[d]_tls_cert_file (see 2000/07/06).
+ - Documentation: the interoperability problem with CommunigatePro has been
+ solved: CommunigatePro violated the TLS-RFC and has been fixed.
+ - Typo: It is "to stir" not "to stirl" :-)
+
+2000/07/06
+ - Received certificate for our site from our computer center. It's a chain
+ certificate. Now load the cert with SSL_CTX_use_certificate_chain_file(),
+ in order to better load the chain CA certificates.
+
+2000/07/04
+ - Reported Wietse about a possible problem in the SASL code, a relay check
+ may also be performed if sasl was not enabled and might lead to unwanted
+ relay.
+ As the fix is in my own codebase, I will leave it Postfix/TLS until a
+ new snapshot (or final release) is available.
+
+2000/06/02 == Released 0.6.12 ==
+
+2000/06/02
+ - Adapted to Snapshot-20000531 (minor patch conflict).
+ - Cleaned up some old header file dependencies in global/pfixtls.c and
+ global/Makefile.in that are no longer needed due to the interface changes
+ (timed_read()/write()) in 0.6.7.
+
+2000/05/29 == Released 0.6.11 ==
+
+2000/05/29
+ - Following Bodo Moeller's analysis, the error is due to a mismatch between
+ the CA certificate accessible in the smtp[d]_tls_CAfile and the one used
+ in the actual certificate (smtp[d]_tls_cert_file).
+ Daniel Miller fixed his setup and the problem is gone.
+ - Introduced a workaround into Postfix/TLS: if the padding error is found,
+ it is removed from the error-queue by Postfix/TLS, in order to protect
+ more sites from experiencing this problem.
+ - Added a warning to conf/sample-tls.cf
+ - Updated to the latest snapshot-20000528.
+
+2000/05/27
+ - After some fiddling around working through the binary certificate data to
+ see where it is modified at 0.6.10, I actually note, that both 0.6.9 and
+ 0.6.10 choke on the data. Now going back up through the functions very
+ fast reveals the problem:
+ * The certificate supplied triggers the "RSA-padding" error in any case.
+ Since the certificate authencity is not enforced on OpenSSL-library level
+ but inside postfix later, the error is not enforced.
+ The error messages generated stay however in the error queue.
+ - For blocking sockets, the SSL_accept()/connect() calls return
+ "success", so the error-queue is never checked.
+ - With BIO-pairs, the error queue is checked to find out, whether the
+ function has just to be called again to continue the handshake, so
+ the error messages are found and the connection is shut down due to
+ the error condition.
+ - Submitted bug report to Bodo Moeller. Bug fix is checked into the OpenSSL
+ CVS archive: if the error is ignored during the handshake, clear the
+ error-queue.
+ * The next release of OpenSSL will behave consistently.
+ - This leaves open the question, why the RSA-padding error is issued in the
+ first place. Sent a query to the OpenSSL-* mailing lists.
+
+2000/05/26
+ - A second site experiencing this problem pops up.
+ -> Issued a warning to the postfix_tls mailing list.
+
+2000/05/24
+ - Contacted Damien Miller <djm@mindrot.org>. He did not change his TLS setup
+ in the last time. He is running Postfix/TLS-0.6.6.
+ - Contacted Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>, the author
+ of the BIO-pair part of OpenSSL for some debugging hints. Received several
+ worthful remarks on what to look for.
+ - Checked byte-for-byte the data fed into the OpenSSL-library. It does not
+ differ between 0.6.9 and 0.6.10, so my handling seems to be actually
+ correct.
+
+2000/05/23
+ - A communication error occurs when talking to mail.mindrot.org:
+ SSL_accept error -1
+ 10264:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
+ 10264:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:396:
+ 10264:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1 object call:a_verify.c:109:
+ - The error occurs both in client and server mode. 0.6.9 does not show
+ this problem.
+ - Tried to connect with several other sites, all connections are fine,
+ this includes sendmail and qmail peers; hence decided to not recall 0.6.10.
+
+2000/05/23 == Released 0.6.10 ==
+
+2000/05/23
+ - Sent a note to openssl-dev@openssl.org about the behaviour of SSL_free()
+ and BIO_free(), hoping for some clarification whether my way of doing
+ it is the recommended way.
+ - Run the software in production mode on my own servers...
+ - Finished writing the in-source documentation.
+ - Updated sample-tls.cf and sample-smtp[d].cf to reflect the new timeout
+ parameters.
+
+2000/05/21
+ - Removed error messages produced by the now non-blocking behaviour of the
+ TLS layer [apps_ssl_info_callback()].
+
+2000/05/20
+ - Took results home and tried to run it on my Linux-box: SEGV after
+ successfully handling the SMTP session!!
+ * It seems that the SSL_free() and BIO_free() functions interact.
+ SSL_free() releases the underlying BIO and it will bomb out when
+ it is then explicitely BIO_free()'ed again and vice versa.
+ * It did not bomb out on HP-UX, but such things happen. I however want to
+ know, why the example program does not fail...
+ * With respect to the bevaviour as is, SSL_free(TLScontext->con);
+ BIO_free(TLScontext->network_bio) and not touching
+ TLScontext->internal_bio works.
+ - Introduced special timeout values for the TLS negotiation stage, as the
+ timeout values may change with protocol state (suggested by Wietse).
+ - Started writing a full description of the BIO-pair concept and its
+ special treatment into the pfixtls.c sourcecode.
+
+2000/05/19
+ - Systematicly implemented a generalized layer handling:
+ * do_tls_operation() is the generic handler for all SSL_*() input/output
+ functions. It deals with the non-blocking behaviour of this functions,
+ requiring appropriate retrys.
+ * network_biopair_interop() handles the interaction between the socket/fd
+ and the buffering BIO-pair.
+
+2000/05/18
+ - Based on the example in openssl-0.9.5a/ssl/ssltest.c realized the first
+ usage of BIO-pairs. (Can do server handshaking.)
+ - Learned, that the BIO-pair has its own buffering that needs its own
+ flushing. It is not enough to relay on the SSL_ERROR_WANT_READ/WRITE
+ state information.
+
+2000/05/17 == Released 0.6.9 ==
+ - Important: the seperator in the relay-fingerprints is now ':'!!!
+ Don't forget to change your relay_clientcerts databases.
+
+2000/05/16
+ - Changed pfixtls.c to only use the interface described in util/vstream.c
+ for handling the VSTREAM.
+ * Added vstream_context() macro to the VSTREAM-interface.
+ - Introduce TLScontext to identify the connection instead of the file
+ descriptor. Move all static data (SSL structure and information gathered
+ about the connection) into the context.
+ The TLScontext is allocated on TLS-start for a connection and saved with
+ the VSTREAM, so several streams can be used at the same time.
+ - Removed "pfixtls_setfd()" as it is no longer needed.
+ - Changed the relay_clientcerts list from string_list_* to maps_* interface
+ to allow usage of ":" in the list.
+ THIS IS AN INCOMPATIBLE CHANGE!!!!
+ - Updated documentation accordingly.
+
+2000/05/12 == Re-released 0.6.8 ==
+
+2000/05/12
+ - Wietse announces snapshot-20000511 with an important bugfix.
+ - Since upgrading from 20000507 to 20000511 is highly recommended,
+ Postfix/TLS 0.6.8 is re-released for this snapshot (the patch applied
+ cleanly, just the name of the toplevel directory has changed).
+
+2000/05/11 == Released 0.6.8 ==
+
+2000/05/11
+ - Unlike expected I found some time to install the latest cyrus-sasl-1.5.21
+ and test some parts the integration. It does, well, work as advertised
+ (and the advertisement in SASL_README is not too optimistic).
+ - When checking all of the rejected patch-snippets for 0.6.6->0.6.7
+ I missed the parameter "smtpd_enforce_tls" (noted since I wanted to
+ enforce TLS encryption while playing around with plaintext passwords)
+ in the static CONFIG_BOOL_TABLE bool_table[] = {..} in smtpd/smtpd.c
+ -> I will immediately release a corrected version 0.6.8.
+
+2000/05/11 == Released 0.6.7 ==
+
+2000/05/11
+ - The latest sendmail.8.11.0.Beta1 includes STARTTLS support; it is available
+ in source code and also uses OpenSSL.
+
+2000/05/10
+ - After having it running at home (Linux) I also install it at work for
+ the field test.
+ - No time to install the SASL kit, so this part stays untested as of now.
+
+2000/05/09
+ - Downloaded snaphot and apply the patchkit.
+ - Straightened out the rejected parts of the patch.
+ - Due to the new layering with timed_read() and timed_write() functions
+ the integration of the TLS layer needed special adjustment.
+ * When TLS is active, the timed_read() and timed_write() functions are
+ replaced by the corresponding pfixtls_timed_read() and
+ pfixtls_timed_write() functions. When the TLS functionality is stopped,
+ the old functions are restored.
+ * The names of the pfixtls_timed_*() functions are looking into the future,
+ because they are working as before, the timeout functionality is not
+ in, yet.
+
+2000/05/08
+ - Wietse announces snapshot-20000507 with a lot of changes. Especially
+ important: the I/O handling of the smtp-stream has been changed to
+ a more layered technique that allows easier integration of the TLS layer.
+
+2000/04/27 == Released 0.6.6 ==
+
+2000/04/27
+ - Fixed inconsistency between documentation and actual behaviour: peer
+ certificate information was not logged at level 1 (found by
+ Damien Miller <djm@mindrot.org>).
+ * While at it: the logged information did not say whether the certificate
+ data logged passed verification or not: fixed. (The information logged
+ in the Received: header already contained that information.)
+ - Backported dict_dbm.c from snapshot-20000309 with the updated
+ dict_delete() behaviour (key not found is not considered fatal).
+ Maintained dict_sdbm.c accordingly.
+
+2000/04/18 == Released 0.6.5 ==
+ - Important:
+ * New session cache mechanism SDBM. Please adapt your main.cf and delete
+ any old ".db" session cache files manually.
+
+2000/04/18
+ - I am using the SDBM session cache for a week right now and did not have
+ any trouble, so I think its worth pushing it out.
+ - I am not completely happy with the dict_del() behaviour of considering
+ a not-found key fatal. It might happen when the smtp[d] processes would
+ be allowed to delete themselves. They are not as of now, so I accept it
+ for now but will reconsider it.
+ - Updated documentation accordingly.
+
+2000/04/17
+ - Received corrections for the HTML-docs from Ralf Hildebrandt
+ <R.Hildebrandt@tu-bs.de>.
+
+2000/04/11
+ - Transfered SDBM from home (Linux-testbed :-) to work [found and fixed some
+ small items when compiling on HP-UX]. Started running it under
+ "real life" conditions.
+
+2000/04/07
+ - Implemented "SDBM" Simple Database Management routines as also utilized in
+ ModSSL. Of course, it requires reopening of the databases, so the
+ routines are changed, that the _file_descriptors_ are left open, but
+ the _in_memory_ database stuff (especially the cached data) is closed
+ and reopened on access. This is what is really needed. The pagesize
+ is increased from standard DBM compatibility to hold the session
+ information.
+ Additionally, this software is in the public domain, so no additional
+ license problems arise.
+ - The access goes through the dict_* interface, hence the locking is
+ performed by myflock().
+
+2000/04/01 == Released 0.6.4 ==
+
+2000/04/01
+ - Updated to the new patchlevel of Postfix (19991231-pl06), some parts of
+ the patch were rejected due to changes in smtpd.
+ - Changed patch name with respect of today's release of OpenSSL-0.9.5a.
+ The code remained unchanged.
+
+2000/03/25-31
+ - The cached informations are not deleted by "tlsmgr" even though stored
+ and retrieved by the smtp[d] processess. Strange.
+ - Spend some large amount of time digging through the Berkeley DB
+ documentation and code.
+ * It claims that Berkeley DB is multi-process capable. Caveat: it takes
+ the very complicated "transaction model", that I did not use until now.
+ Hence the session cache does not work as is.
+ * Even with transaction model, Berkeley DB requires re-opening of the
+ databases to get rid of cached information. F*ck.
+ - Finally, I give up on Berkeley DB for session caching. It will never
+ work for us. Even if it would, it requires a large amount of helper files
+ and it seems, that the transaction environment is somewhat fragile when it
+ comes to some problem. I won't rely on it.
+
+2000/03/28 == Released 0.6.3 ==
+
+2000/03/28
+ - As has been pointed out to me, the TLS information in the Received:
+ header is not conform to RFC822.
+ - The TLS protocol and peer CN information is now included in '()', so
+ that it is a comment.
+
+2000/03/21 == Released 0.6.2 ==
+
+2000/03/21
+ - I have been running DB based session caching with the changes for some
+ more time now without problems. Am I really confident? No, not really.
+ I remember the trouble I had with Berkeley DB and sendmail on HP-UX.
+ I don't think I really trust it.
+ - Realized single "smtp_tls_per_site" lookup. I cannot use the more or
+ less comfortable "domain_list" lookups as before, since these do not
+ return the value, just found or not :-(.
+ Hence the lookup is realized with maps and exact lookup. I never tried
+ regexp. But if I understand the docs correctly, it should be possible to
+ use it here to realize wildcard lookups, if it would not have been
+ disabled :-(.
+ - Summary:
+ * Session Cache will be cleaned at "postfix reload" or "postfix start"
+ * New table "smtp_tls_per_site"
+ * Gone: "smtp_tls_[use/enforce]_[recipients/sites]"
+
+
+2000/03/16
+ - Changed pfixtls.c, so that it will only open Session Cache databases,
+ that are already available. tlsmgr is responsible for creation.
+ - Change tlsmgr.c, such that session cache databases will be removed before
+ opening, so that fresh databases are used whenever postfix is restarted.
+ This means, that session information is not kept over a postfix stop/start
+ or reload sequence, but it also means, that issuing a postfix reload will
+ clean the session cache.
+ I don't use simple dict_open with O_TRUNC, because this would not help
+ against database files, that are locked by hanging smtp[d] processes.
+ If you think it will also solve the "hang" problem described for
+ 2000/03/15: in a certain sense it can, since tlsmgr will be killed by
+ the watchdog and new, fresh cache files are installed, but that is not
+ more than an ugly hack. It must be solved in a clean manner.
+
+2000/03/15
+ - Experienced some strange problem with Berkeley DB based session cache.
+ The DB routines hang while trying to delete an entry. I did save the
+ corresponding "hash:" file and could reproduce it (and walk through
+ the endless loop with a debugger), but I didn't find the reason why.
+ Since during "db->del" the database is exclusively locked all other
+ processes hang however, so this is really bad!!!!!!!!
+
+2000/03/12 == Released 0.6.1 ==
+
+2000/03/12
+ - Created tls_info_t structure to hold all information about the active
+ TLS connection. Remove all global variables except those for the
+ running client/server engines (those might be replaced with global
+ variables in smtpd/smtp, though).
+ - Added field "dNSName" to the structure (still unused). This will be
+ used with X503v3 extensions.
+ - Cleaned up TODO, since some items are now done...
+
+2000/03/11
+ - Added missing #include <sys/time.h> to tlsmgr.c. (Worked without on HP-UX,
+ showed up on Linux.)
+ - Bug: removal of server side sessions from the cache in case of trouble
+ failed, because uppercase hex was used instead of lowercase for the key.
+ This does not affect removal of expired sessions by tlsmgr.
+ - Stepped up to postfix-19991231-pl05.
+
+2000/03/09 == Released 0.6.0 ==
+ - Important:
+ * This release features an additional daemon, the "tlsmgr", please update
+ your master.cf accordingly.
+ * This release does not use the /var/spool/postfix/TLS* directories
+ anymore. Remove them and re-install the original postfix-script.
+ * Check the new/changed configuration parameters tls_random* and
+ smtp[d]_tls_session_cache*.
+ * This release will only work with OpenSSL >= 0.9.5!!!!!
+
+2000/03/09
+ - Testcompilation of Postfix/TLS without -DSSL and the OpenSSL includes and
+ libraries passed.
+ - Worked through tlsmgr.c to remove unneeded header files.
+ - Wrote documentation for tlsmgr.c.
+ - Updated documentation on top of pfixtls.c.
+ - Put (char *) casts into the myfree() calls, where necessary, to make the
+ HP compiler happy.
+ - Updated html PRNG documentation in Postfix/TLS.
+
+2000/03/08
+ - Finished first version of "tlsmgr". Does run through session cache
+ databases and detects and deletes (*) old sessions.
+ * Had to realize SYNC_UPDATES for the dict_db_delete() function and patch
+ the flag handling within the function. Changes sent to Wietse.
+ - Restored qmgr to its original state.
+ - Extended pfixtls.c to need an additional "needs_095_or_later()" function
+ when compiled with an older version of postfix.
+ - The session cache is now enabled, when a database filename is given.
+ smtp[d]_tls_use_session_cache configuration parameters removed,
+ updated documenation accordingly.
+ - Moved the PRNG handling to tlsmgr, applying the new model. tlsmgr will
+ query external sources at startup and will then feed a PRNG exchange
+ file with random data in intervals of configurable (but random driven)
+ length.
+ If running outside chroot, tlsmgr can query the entropy source (e.g.
+ EGD or /dev/urandom) again and so increase entropy with time. If the
+ entropy sources don't limit access, the tlsmgr can run with "postfix"
+ privileges. Mine does.
+ -> master.cf became a new entry.
+ - tlsmgr is realized as a trigger server and has the "fifo" entry. Actually,
+ it does not take any input. One could utilize it to feed back some entropy
+ from running smtp[d] processes, but I think this would overload the
+ issue.
+ - I will release a 0.6.0 pre-version as is. tlsmgr still lacks the detailed
+ information in the header and the interface description in pfixtls.c
+ probably is also not longer up do date.
+
+2000/03/07
+ - Since defective session data can cause SEGFAULTs, it is now armored
+ by a leading structure that does contain a session cache version and
+ the postfix library version before the timestamp. If a session does
+ not match exactly the version numbers, it is immediately discarded
+ and deleted to avoid harm.
+ - Removed the seperate storage of the peer's certificate verify_result,
+ so starting from this moment, Postfix/TLS will only work safely with
+ OpenSSL >= 0.9.5!!!
+ - Ported server side session cache routines to the client side; works.
+ - Analyzed structure of "qmgr" to understand consequences for the planned
+ "tlsmgr" daemon. Transferred the sceleton.
+ - Received word from sendmail, a (at least preliminary) TLS enabled test
+ address is "bounce@esmtp.org".
+
+2000/03/06
+ - Wietse supplied a change to the dict/dict_db mechanism to allow for
+ synchronous updates.
+ Session cache updates for the server side seem to work now, removal of
+ old sessions (when called from the client) integrated.
+
+2000/03/05
+ - Got the database style session cache to run for the server side (at least
+ partial). The removal of old sessions is not yet realized.
+ [There are several man pages for OpenSSL as of 0.9.5, but the i2d etc
+ interfaces are not belong them, so I had to study the source code instead.]
+ * What is not working by now is the synchronization of the memory database
+ to disk. It only is synchronized automatically upon close. It would be
+ necessary to sync after each update or delete, but this is not implemented
+ in Wietse's dict library. I will post an according proposal.
+
+2000/03/04
+ - Wietse posts a patch to select "EHLO" negotiation even if ESMTP is
+ not recognized from the 220 greeting. Activating this flag will however
+ break compatibility with mailers, that simply close the connection
+ upon EHLO. I don't know how the large the number of these broken mailers
+ is, but activating "smtp_always_send_ehlo" is a tradeoff.
+ - Integrated Wietse's patch into Postfix/TLS.
+
+2000/03/03
+ - Received update from Matti Aarnio (Zmailer) is now for some time able
+ to do server _and_ client side TLS. Updated documenation accordingly.
+ When testing, Postfix client to Zmailer server failed, because
+ Zmailer announces with "ESMTP+IDENT" and Postfix does not recognize
+ the ESMTP token (must be seperate), so only HELO is used and STARTTLS
+ is not offered by the Zmailer server. Informed Matti accordingly,
+ will wait until the problem is resolved before actually publishing
+ the update.
+ - Enhanced the documentation by listing automatic reply services at which
+ interoperability can be tested.
+
+2000/03/02
+ - Went through the Postfix source to check out the database routines.
+ It should be possible to move session caching from directory/file-
+ based to database. Since DBM only allows blocks (key+contents) of
+ 1024 bytes and a session is larger, only Berkeley DB can be used.
+ Put some first bits into Postfix/TLS.
+
+2000/02/29 == Released 0.5.5 ==
+
+2000/02/29
+ - OpenSSL 0.9.5 has been released. Since I want to promote 0.9.5, as it
+ contains several bugfixes and enhancements, I release a new version
+ of Postfix/TLS. My personal highlights:
+ * The bug with Win32 Netscape not commencing after certificate storage
+ unlocking should be fixed. (I will leave the not in however, as long
+ as I have not positively checked it myself. Reproducibility...)
+ * The bug, that the certificate verifiation result is not stored in the
+ session cache (discovered for Postfix/TLS 0.4.4) is fixed. I will leave
+ the Postfix/TLS workaround in as long as it will run with older versions
+ of OpenSSL.
+ * The OpenSSL commandline tools like "openssl gendh" now support EGD, so
+ that the examples for generating the DH parameters now will really work
+ with high quality random data :-)
+ * The support of 56bit ciphers has lost its importance since 128bit
+ versions of Netscape etc are now easily available...
+ - This version does not feature source code changes but updated documenation
+ when compared with 0.5.4:
+ * List examples on how to generate good entropy for the PRNG seed in
+ /etc/postfix/random_file.
+ - Update the TODO document with respect to the discussion about session
+ caching and other security items. This document is a very short summary,
+ for the full discussion check the mail archive at
+ http://www.aet.tu-cottbus.de/mailman/listinfo/postfix_tls/
+
+2000/02/26-28
+ - Wietse considers including Postfix/TLS into the main release. A discussion
+ about security relevant features, especially the session cache inside
+ the chroot jail takes place.
+ The discussion will definetely lead to some changes; I have however not
+ decided on the first step, yet :-)
+
+2000/02/21 == RELEASED 0.5.4 ==
+ - Important: Another directoy is created in /var/spool/postfix, so don't
+ forget to install the new versions of conf/postfix-script-*sgid.
+
+2000/02/21
+ - Finished the seed-exchange architecture by saving the random seed at exit
+ of smtp and smtpd.
+ - Wrote documentation for the PRNG handling to the documentation.
+ - Tested on HP-UX (with a current OpenSSL-pre-0.9.5 snapshot and 0.9.4)
+ and on SuSE-Linux (with 0.9.4).
+ * THIS VERSION WILL STILL RUN WITH OPENSSL-0.9.4, but it will also run
+ with OpenSSL-0.9.5. Older versions of Postfix/TLS will not, because the
+ PRNG is not seeded!
+
+2000/02/19
+ - Start to implement my own model of collecting entropy. All smtp and smtpd
+ processes will record some items (mainly the time of actions) to add
+ some entropy into the PRNG. The state is saved and used to re-seed by the
+ smtp and smtpd processes, so that entropy adds up into the pool.
+ The seeding by external file is additionally kept in order to be able
+ to inject additional entropy.
+
+2000/02/18
+ - Included routines to add random seed from a configurable file
+ "rand_file_name". I don't want to retrieve the entropy from a real
+ random system source, because the amount of entropy that can be collected
+ is limited. We might hence stall. Let's think about this problem.
+ - The SSL_CTX_load_verify_locations() has been fixed in the latest
+ OpenSSL snapshot.
+
+2000/02/17
+ - Tracked down the SSL_CTX_load_verify_locations() problem in the OpenSSL
+ library. If more than one CA-certificate is loaded, a bogus return value 0
+ is created, because the count of certs is checked to be "1" instead of
+ allowing ">=1". Reported to openssl-dev.
+
+2000/02/16
+ - Downloaded the latest openssl-SNAPSHOT-20000215 and installed it on
+ my development machine, then recompiled Postfix/TLS and try to run it.
+ * Failure: SSL_CTX_load_verify_locations() fails on reading the CAfile with
+ return value 0, but no actual error is displayed.
+ If the return value is not checked, the CA-certificates work, so that
+ they are loaded and the error indicator seems to be bogus.
+ Reported to openssl-dev mailing list.
+ * Failure: OpenSSL has become picky about correct seeding of the PRNG
+ Pseudo Random Number Generator. Installed some "testseed" that is
+ actually not random, but then Postfix/TLS starts to work again. We
+ will need some good random seed setup, probably reading from either
+ /dev/random (if available) or from EGD.
+ Found out during the experiments, that EGD is not that simple to use
+ as described in some of my Postfix/TLS docs. Must be upgraded.
+ Asked in the openssl-dev mailing list about the recommended amount
+ of random data needed for seeding the PRNG. Ulf Moeller recommends
+ a minimum of 128bit.
+
+2000/02/14 == Released 0.5.3 ==
+
+2000/02/14
+ - OpenSSL 0.9.5 is to be released within the next hours/days. Since I intend
+ to use some of its new features soon, I will re-release 0.5.2 as the last
+ version that will run with 0.9.4 but for the latest postfix patchlevel.
+ - No functional changes.
+ - Updated patch for postfix-19991231-pl04.
+
+2000/01/28 == Released 0.5.2 ==
+
+2000/01/28
+ - Stepped up the next postfix patchlevel postfix-19991231-pl03.
+ No functional changes.
+
+2000/01/03 == Released 0.5.1 ==
+
+2000/01/03
+ - Bug fixed: Don't specify a default value for "smtpd_tls_dcert_file",
+ assuming that typically a DSA certificate is not used.
+ Otherwise smtpd will try to read it on startup and the TLS engine won't
+ start since it is not found.
+ I didn't note this bug before today, because I could not install this
+ release in a larger scale on my own servers due to a network failure
+ of our campus backbone lastring from Dec 31 until today.
+ - Stepped up to the just released postfix-19991231-pl01.
+
+2000/01/01 == Released 0.5.0 ==
+
+2000/01/01
+ - Upgraded to the new postfix release 19991231.
+
+1999/12/30
+ - Enabled support for DSA certificate and key for the server side. One
+ can have both at the same time, the selected cipher decides which one
+ is used. OpenSSL clients (like Postfix/TLS) will prefer the RSA cipher
+ suites, if not especially changed in the cipher selection list.
+ Netscape will only use the RSA cert.
+ - The client side can only have one certificate. There is a way out by using
+ a callback function, that will receive the list of acceptable CAs and
+ then do some clever selection: SSL_CTX_set_client_cert_cb().
+ I will however have to figure out, how it has to be prepared, it seems,
+ that there is no example available.
+ - I have been able to successfully generate a DSA CA and certificates for
+ some Postfix hosts and to do authentication and relaying as expected.
+ So now I have to document how it is done in a practical manner...
+ - Moved up prerelease 0.5.0pre02 to the download site.
+
+1999/12/28
+ - Moved up to SNAPSHOT-19991227.
+ - Don't forget to check the return value when calling
+ SSL_CTX_set_cipherlist().
+ - Add code to load DH-parameters from disk.
+ - Add configuration information for the new functionality: DH paramter
+ support, possibility to influence the cipherlist.
+ - Moved up prerelease 0.5.0pre01 to the download site.
+
+1999/12/25
+ - Found some minutes to relax from the christmas business.
+ - Applied the 0.4.7 patch to SNAPSHOT-19991223 and included the new changes
+ of 1999/12/19.
+ Once the new stable release of postfix is out, this minimum state will be
+ the new Postfix/TLS patch: the new functionality will not influence
+ stability, so it can stay in even if still unfinished.
+
+1999/12/23
+ - Wietse announces SNAPSHOT-19991223: if no severe bugs are found, it will
+ be promoted as next stable release soon. Good to have kept everything
+ from yesterday.
+
+1999/12/22
+ - Got a query from a Postfix/TLS user: the patch does not apply cleanly to
+ SNAPSHOT-19991216 and he somehow messed up to integrate the rejected
+ parts (it later turned out he just forgot on reject).
+ Applied the patch myself and generated a diff, sent it to the user
+ and of course kept a copy for myself, since I will have to apply it
+ myself eventually once the next "stable" release of postfix is out.
+
+1999/12/19
+ - Began modifications for 0.5.x:
+ * Added configuration variables for specifying the cipherlist to be used
+ smtpd_tls_cipherlist and smtp_tls_cipherlist. For the format, there
+ is some (however sparse) documentation in the openssl package.
+ * Call SSL_CTX_set_cipherlist() with these data.
+ * Added default temporary DH parameters to pfixtls.c (only server side is
+ necessary) and configuration variables to specify user generated
+ parameters; they are however not used, yet.
+ The default parameters were generated using the presumably good
+ /dev/random source.
+
+1999/12/13 == Released 0.4.7 ==
+
+1999/12/13
+ - Addendum to the last change: do also remove sessions, that could _not_
+ be reused.
+ - Updated configuration information:
+ * As of OpenSSL 0.9.4, certificate chain verification is not sufficient,
+ since the certificate purpose is not checked, so I recommend to add
+ all intermediate CAs the the list of CAs and stay with a verification
+ depth of 1.
+ Work is in progress for 0.9.5.
+ - Stepped up to the just released new patchlevel postfix-19990906-pl09.
+
+1999/12/10 == Released 0.4.6 ==
+
+1999/12/10
+ - Realized changes implied below: Removed SSL_CTX_add_session() in the
+ client startup; remove session on stop with SSL_SESSION_free().
+ - In the morning there is a mail on the list, that Postfix might be
+ crashed with a single "\" on the "CC:" line. Hence, we should expect
+ a new patchlevel soon. Release the actual change anyway.
+
+1999/12/09
+ - Read in the "openssl-users" mailing list, that SSL_CTX_add_session()
+ is only intended for servers. On the client side, SSL_set_session()
+ is sufficient.
+ Additionally, the session should be explicitely freed, since
+ SSL_set_session() will increment the usage count for the session.
+ Explained by Bodo Moeller.
+
+1999/12/xx
+ - Had a discussion (by email) with Bodo Moeller about DH/DSS. It seems
+ I understand better now (after the discussion) how it works :-).
+ Implementing it should not be too difficult but might take some more
+ hours. Mentally scheduled it for Version "0.5.0" whenever this might
+ be (rough guess: christmas vacation).
+ Decided to hence not discuss this topic in the docs, since it might
+ change in the near future anyway.
+
+1999/11/23
+ - Discussion with rch@writeme.com (Richard) about implementing DH ciphers
+ and DSA keys and certificates on the Postfix/TLS list: It does not work
+ as of now.
+
+1999/11/15 == Released 0.4.5 ==
+
+1999/11/15
+ - Applied patch to postfix-19990906-pl07 without problems. Well, let's
+ release new version of Postfix/TLS, so that we look up to date.
+ - Add the "DO NOT EDIT THIS FILE" to conf/sample-tls.cf.
+
+1999/11/08
+ - Applied patch to the fresh release of postfix-19990906-pl06 without
+ problems. Nothing else, so no new release of Postfix/TLS.
+
+1999/11/07 == Released 0.4.4 ==
+
+1999/11/07
+ - Played around some more with the X509_verify_cert() function: when saving
+ a session, neither the verify_result is saved nor the certificate chain
+ necessary to re-verify. So there were two possibilities left: do a full
+ renegotiation negating the benefit of session caching or
+ - save the verify_result into to the session cache file and set the value
+ when rereading from disk. This way the positive result of session caching
+ is kept.
+ - Make sure, the verify_result value is propagated as pfixtls_peer_verified
+ and used where needed.
+ - After experiencing some failures at TLS connection setup, the SSL_sessions
+ are now freed again when closing. It seems, something is left over in the
+ session structures, even though SSL_clear() is called.
+
+1999/11/06
+ - When not asking for a client certificate, the "Received:" header will show
+ the protocol and cipher, but silently omit the client CN (because they
+ where not supplied). Noted by Craig Sanders <craig@taz.net.au>.
+ The same holds, if a certificate is asked for, but none supplied.
+ Now, in any case an appropriate information is added in the "Received:"
+ header.
+ - Added a hint to remove sessions from the cache during testing, since
+ old information may still be in the cache. Also proposed by Craig
+ Sanders <craig@taz.net.au>.
+ - While at it: client CN and issuer CN are printed, but the verification
+ state is not, so that the trust value of this data is not known.
+ * Added (verify OK/not verified) to the Received: header.
+ * Obtained information using the SSL_get_verify_result(SSL *con) call.
+ * Learned, that the state is not saved in the session information, so
+ that a recalled old session will always return "OK" even if the
+ certificate failed the verification! Call it a bug in OpenSSL.
+ Still investigating on a good way to work around this problem.
+ - Fixed a bug in the syslog entries: The client CN is logged, but the
+ issuer CN is not, because of a missing "%s" in the format string.
+
+1999/11/03 == Released 0.4.3 ==
+
+1999/11/03
+ - Added some hints about security to the html documentation.
+ - Tested the changes made two weeks ago at home in the large university
+ setup. I was to a conference in between and didn't want to release
+ the new version without having done some more tests.
+
+1999/10/17
+ - Added another half a ton of comments (this time for the client side),
+ yielding one ton alltogether...
+
+1999/10/16
+ - Rearranged some of the TLS-engine initialization to improve readability.
+ - Do not "free" the SSL connection, when it is not really necessary. Do only
+ reset information about the TLS connection, when there was one. This is
+ the better way instead of the quick fix applied for 0.4.2.
+ - Added half a ton of comments to the TLS code (server side) to document
+ what is done when and why, since there is no real documentation about
+ the OpenSSL library.
+
+1999/10/11 == Released 0.4.2 ==
+
+1999/10/11
+ - Fixed a severe bug introduced in 0.4.0: smtpd and smtp tried to flush
+ old session from the session cache even when TLS was not enabled. Since
+ no SSL-context was allocated, smtp would segfault on connection close.
+
+1999/10/10 == Released 0.4.1 ==
+
+1999/10/10
+ - Added a long description of the session cache handling to the top of
+ global/pfixtls.c.
+ - There is a race condition when cleaning up the session cache in qmgr, that
+ might lead to lost sessions in client mode. The worst consequence is an
+ additional session negotiation, so we can live with it as of now.
+ Bug described in qmgr/qmgr_tls.c.
+ - Implemented immediate removal of session cache files with expired sessions
+ when these are called. No need to first load and then discard them.
+ - Implemented the requirement from RFC2246 to remove sessions, when
+ connection failures occure (well actually, when TLS layer failures
+ occur, but I cannot seperate this from another) for the server side.
+ the client side is under work.
+
+1999/10/09
+ - Set an absolut maximum length of 32 for the IDs used for session caching.
+ This matches the default in OpenSSL, but I don´t want to see surprises
+ when somebody sometimes will run into a longer session id.
+
+1999/10/05 == Released 0.4.0 ==
+ - The new disk based session cache is a major step, so the minor release
+ number is pushed to 0.4.
+ - By now I think all necessary bells and whistles are in the code. What
+ is left is a big code cleanup and some more testing before calling this
+ patchkit "1.0.0".
+ - Initiated Mailing List at
+ http://www.aet.tu-cottbus.de/mailman/listinfo/postfix_tls
+
+1999/10/05
+ - Some code cleanup.
+ - Added new options to the documentation and the hint to update
+ "postfix-script", because otherwise qmgr might fail!
+
+1999/10/03
+ - Realized disc based session caching also for the Postfix/TLS client.
+ Must go to real world testing now between hosts.
+ And, of course, tune up the documentation, because users will have to
+ install a new postfix-script, too.
+
+1999/10/02
+ - The old sessions must be removed once they have timed out, so a process
+ is needed that will scan through the list of old sessions and remove
+ once they have expired.
+ Lucky me: this is what qmgr usually does with deferred messages, so
+ qmgr is extended only a little bit and will now also clean up the
+ old sessions from the cache directory.
+ And hey: it is good to see how easily this thing can be extended and
+ functions can easily be reused. Postfix is an excellent peace of
+ software engineering and there is no line of C++ or other "object
+ oriented modern junk" in it. It should be recommended as an example
+ to computer sience students.
+
+1999/09/28
+ - I cannot use the mod_ssl way for session caching and I don´t want to
+ spend an extra "gcache" daemon as ApacheSSL does. So I follow Wietse´s
+ idea realized for his mail queues and create hash level based subdirectory
+ structures. The good thing: I can cannibalize the mail_queue code.
+ The bad thing: there is a path length of 100 chars fix coded in Wietse´s
+ routines. It does hold for 32byte session ideas.
+ Status: can save sessions to disk and recall them (server side).
+
+1999/09/26
+ - Created new call backs for external session caching for the server side.
+ In a first step, they can print out the session ids for the newly created
+ session and when recalling a session.
+ As the OpenSSL documentation on this is pretty sparse, Ben Laurie´s
+ ApacheSSL code is very helpful, Ralph Engelschall´s Mod_SSL code for
+ session caching is far more complicated.
+
+1999/09/23 == Released 0.3.10 ==
+
+1999/09/23
+ - Debugging for 0.3.8/0.3.9 would have been so much easier, if the error
+ messages put onto the error message stack from the OpenSSL library would
+ have been printed out. The error was clearly stated from the library, I
+ just didn't print it. Added pfixtls_print_errors() calls where missing
+ after calls to the OpenSSL library.
+ Sometimes I feel so old...
+ - Used opportunity to upgrade to the latest postfix patchlevel 05:
+ postfix-19990906-pl05.
+
+1999/09/19 == Released 0.3.9 ==
+
+1999/09/19
+ - Added a "smtp_no_tls_sites" table to allow people to enable TLS negotiation
+ globally and only omit it on a per site basis.
+
+1999/09/18
+ - Finally found the bug described for 0.3.8: In the server setup, the
+ SSL_CTX_set_session_id_context() call was missing. To find this, I
+ had to trace through the OpenSSL library and when I finally found it
+ in ssl/ssl_sess.c, there was an appropriate comment about this. I however
+ have to find out why I didn´t receive the appropriate error message...
+ - This bug was hidden during the first developing stages, as the shutdown
+ sequence was not working correct, so the session was not cached.
+
+1999/09/17 == Released 0.3.8 ==
+
+1999/09/17
+ - Something is strange with the session caching in smtpd server mode
+ with Netscape 4.61 client. The first connection is fine, the next
+ one hangs after the server fails with errors while reading the
+ SSLv3 client hello C. (Found by Michael Stroeder <x_mst@propack-data.de>)
+ Reproducable with OpenSSL 0.9.3a, 0.9.4 and SNAPSHOT 19990915, so
+ the problem seems to be persistent. I will try to figure out the
+ problem myself before reporting it to the developers. If I don't find
+ it, maybe they do :-)
+ Workaround: the cached session is removed after connection is closed.
+ This will impose some time penalty on the negotiation. As the caching
+ is local in the smtp processes and they time out anyway, the penalty
+ should not be significant.
+ The problem does not occure with Postfix/TLS clients.
+
+1999/09/13 == Released 0.3.7 ==
+
+1999/09/13
+ - Ran tests, seems no further conflicts between Wietse's changes and my
+ extensions.
+
+1999/09/09
+ - Applied the patchkit 0.3.6 to postfix-19990906-pl02 and worked out
+ the rejected part of the patch. From this point of view the patch
+ is included. Now everything has to be retested.
+
+1999/09/09 == Released 0.3.6 ==
+
+1999/09/09
+ - Added a missing ´#ifdef HAS_SSL #endif´ in smtp_connect.c.
+ Noted by Jeff Johnson <jeff@websitefactory.net>.
+ - HINT:
+ On 1999/09/06 a new "stable" version of postfix was released.
+ Future Postfix/TLS enhancements will be against this new version 19990906.
+
+1999/08/25 == Released 0.3.5 ==
+
+1999/08/25
+ - Added Wietse's patch for postfix-19990601 to prevent crashing smtpd when
+ VRFY is called without setting the sender with "MAIL FROM:" first.
+
+1999/08/13
+ - Small changes to global/pfixtls.[ch]: Since we also support client STARTLS,
+ we check the peers certificate, which may also be a "server" certificate
+ (not just client). Hence I renamed "*ccert*" to "*peer*".
+ - global/pfixtls.c: add some "const" to "char *" for OpenSSL library calls,
+ to make gcc happy.
+ - Extended comments in pfixtls.[ch] to better match Wietse's style.
+
+1999/08/12 == Released 0.3.4 ==
+
+1999/08/12
+ - Enabled workarounds for known bugs in SSL-engines.
+ - Tested with OpenSSL 0.9.4.
+ - Windows95/NT: Problem with Netscape hanging on first connection when
+ the client certificate database has to be unlocked cannot be reproduced
+ anymore.
+ I am happy, but I am also not sure what caused the problem to go away
+ and I cannot figure out the security settings manually from the files...
+
+1999/08/11
+ - Corrected loglevel handling: At some points smtpd_tls_loglevel was used
+ instead of smtp_tls_loglevel (only noted at loglevels >= 2).
+
+1999/08/09 == Released 0.3.3 ==
+
+1999/08/09
+ - Removed SSL_CTX_set_quiet_shutdown() as it does prevent the shutdown
+ from actually being performed. In order to remove the annoying
+ "SSL3 alert write:warning:close notify" it is now explicitly handled
+ in apps_ssl_info_callback().
+ Bug found by Bodo Moeller <bodo@openssl.org>.
+
+1999/08/06 == Released 0.3.2 ==
+
+1999/08/06
+ - Add option "smtp_tls_note_starttls_offer" to collect information about
+ hosts, that offered the STARTTLS feature without using it.
+ - Shut up smtpd. Only print information about relaying based on certs
+ when msg_verbose is true.
+
+1999/07/20
+ - Added missing "const" in pfixtls.h (found by Juergen Scheiderer
+ <jnschei@suse.de>). HP-UX ANSI-C didn't complain.
+
+1999/07/08 == Released 0.3.1 ==
+
+1999/07/08
+ - New config variable "smtpd_tls_received_header". When "true", the protocol
+ and cipher data as well as subject and issuer CN of the client certificate
+ are included into the "Received:" header.
+
+1999/07/07
+ - "starting TLS engine" message will only be printed when loglevel >=2
+ to reduce unnecessary noise in the log files.
+ - Added code to fetch the protocol (e.g. TLSv1) and the cipher used (by name
+ and bits). Information is printed to the logfile.
+
+1999/07/01 == Released 0.3.0 ==
+
+1999/07/01
+ - (Client mode) Bug fix: Don't try to use STARTTLS if it is not offered. The
+ server we are connected to might not understand it and respond with a
+ "500 command not understood", causing the email to bounce back, even
+ when the lack of STARTTLS is just a temporary problem.
+ - Updated documentation for the new per recipient/site TLS decisions.
+
+1999/06/30
+ - Client mode: Added variables and routines to decide "per recipient" or
+ "per host/site" whether to use/enforce TLS or not.
+
+1999/06/18 == Released 0.2.8 ==
+
+1999/06/18
+ - In client mode the "use_tls" and "enforce_tls" internal variables were
+ not initialized correctly, such that the client could try to use the
+ STARTTLS negotiation even if not wanted. This error was introduced
+ in 0.2.7.
+ Noted by "Cerebus" <cerebus@sackheads.org>.
+
+1999/06/08 == Released 0.2.7 ==
+
+1999/06/08
+ - Studied discussions in the IETF-apps-TLS mailing list: MS Exchange
+ seems to offer STARTTLS even if not configured. Added this info to the
+ documentation.
+ - Updated Documentation regarding the changes made.
+
+1999/06/03
+ - The subject-CommonName (CN) of the server certificate is extracted when
+ connecting to a TLS server.
+ - In "smtp_*_tls" mode, this subject-CommonName is matched against the
+ hostname of the server. In "enforce" mode, the connection is droppend
+ when the certified server name and the real hostname differ.
+ - Added missing dependencies in smtp/Makefile.in (missing pfixtls.h since
+ 0.2.0).
+
+1999/06/02 == Released 0.2.6 ==
+
+1999/06/02
+ - Adapted patchkit to postfix-19990601.
+
+1999/06/01 == Released 0.2.5 ==
+
+1999/06/01
+ - Updated OpenSSL API to 0.9.3a -> position of include files has changed
+ from <xxx.h> to <openssl/xxx.h>. No functional changes.
+ - pkcs12 utility is now part of OpenSSL -> changed documentation
+ accordingly.
+
+1999/05/20 == Released 0.2.4 ==
+
+1999/05/20
+ - Updated postfix base 19990317 from pl04 to pl05.
+
+1999/05/14 == Released 0.2.3 ==
+
+1999/05/14
+ - Fixed a bug in pfixtls_stop_*(): there was a ";" to much directly
+ after "if (con);". This check is only done as a safety measure:
+ When SSL is not started you should not stop it. This case could however
+ only happen when the code in smtp[d] would be wrong, so it should never
+ be necessary. (Bug found by Uwe Ohse <uwe@ohse.de>)
+
+1999/05/11 == Released 0.2.2 ==
+
+1999/05/11
+ - Matti Aarnio: Reworked pfixtls_dump() to use fewer strcpy and strcat calls.
+ - Added information about Matti Aarnio (author/maintainer of ZMailer)
+ working on RFC2487 for ZMailer.
+
+1999/05/04 == Released 0.2.1 ==
+
+1999/05/04
+ - Stuffed up the documenation to reflect the actual status. No change
+ in functionality.
+
+1999/04/30 == Released 0.2.0 ==
+
+1999/04/30
+ - Adjusted the changes in smtp*.c to Wietse's indentation style.
+ - Sorry, the documentation about the client side has by now to be
+ taken from sample-tls.conf. The documenation has to be rearranged
+ in a larger scale.
+
+1999/04/29
+ - Finished client support for STARTTLS in smtp; some testing done.
+ - Fixed a race condition in smtpd: When in PIPELINE mode, the connection
+ was switched back from SSL to normal mode before the buffers were
+ flashed.
+ - Adjusted the code in pfixtls.[ch] and additions in smtpd*.c to
+ Wietse's indentation style.
+
+1999/04/28
+ - Incorporated skeleton of STARTTLS support into smtp.
+ - Introduced variables to control client STARTTLS to configuration.
+
+1999/04/15 == Released 0.1.5 ==
+
+1999/04/15
+ - Adjusted pfixtls.diff to postfix-19990317-pl04.
+
+1999/04/14
+ - Ported from OpenSSL the BIO_callback functions to dump out the negotiation
+ and transmission for debugging purposes. The functions are triggered
+ by the the new loglevels 3 and 4.
+ - Call SSL_free() to get rid of the SSL connection structure not used
+ anymore.
+
+1999/04/13 == Released 0.1.4 ==
+
+1999/04/13
+ - Based on a hint in the openssl-users list added an SSL_set_accept_state()
+ before the actual SSL_accept(). I don't really understand why, but the
+ documentation of SSL is a bit short anyway.
+
+1999/04/11
+ - Some more comments on certificates in the documentation.
+
+1999/04/10
+ - Moved initialization of the pfixtls_server_engine to the pre_jail_init()
+ section of smtpd, so that it is called with root privileges to read the
+ key and cert information. The secret key of the server can now be protected
+ by "chown root secretkey.pem; chmod 400 secretkey.pem".
+ Additionally, this makes it possible to run smtpd in chroot jail, even
+ though I didn't test that, yet. All information is read at smtpd startup
+ time except the CAcerts in tls_CApath, which are checked at runtime.
+ I have to look into that.
+ - Updated documentation accordingly.
+ - Rewrote the documentation with regard to the certificate setup and
+ explaining the different types of certificates.
+
+1999/04/09
+ - Introduced pfixtls_print_errors() which imitates BIO_print_errors()
+ (the typical way to print error information in OpenSSL) but writes
+ to syslog instead of a file handle.
+ Hence we can get more informative error information.
+
+1999/04/08 == Released 0.1.3 ==
+
+1999/04/08
+ - Stuffed up the documentation by reworking the references.
+ - Added contributed script for automatic addition of fingerprints.
+ - Added ACKNOWLEDGEMENTS file
+
+1999/04/06 == Released 0.1.2 ==
+
+1999/04/06
+ - Portability: removed call of "snprintf()", as it is not available on
+ some (older) UNIX versions (in this case Solaris 2.5).
+ - Removed calls to "select()" when in TLS mode: Even though no new bytes
+ arrive, there might be bytes left in the SSL buffer -> possible hang.
+
+1999/03/30 == Released 0.1.1 ==
+
+1999/03/30
+ - Added disclaimer about export restrictions.
+ - Fixed a bug in util/match_ops.c:
+ When using dictionary lookup the compare was case sensitive by accident.
+ Effect: Fingerprint matching did not work with databases, only for plain
+ file.
+ Bug report submitted to postfix author.
+
+1999/03/29 == Released first version 0.1.0 ==