From a848231ae0f346dc7cc000973fbeb65b0894ee92 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 10 Apr 2024 21:59:03 +0200 Subject: Adding upstream version 3.8.5. Signed-off-by: Daniel Baumann --- TLS_ACKNOWLEDGEMENTS | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 TLS_ACKNOWLEDGEMENTS (limited to 'TLS_ACKNOWLEDGEMENTS') diff --git a/TLS_ACKNOWLEDGEMENTS b/TLS_ACKNOWLEDGEMENTS new file mode 100644 index 0000000..6cf4354 --- /dev/null +++ b/TLS_ACKNOWLEDGEMENTS @@ -0,0 +1,56 @@ +- Walcir Fontanini + * tested on Solaris 2.5 and reported missing "snprintf()" + -> was fixed in pfixtls-0.1.2 + * contributed the script to add fingerprints + contributed/fp.csh + +- Matti Aarnio (www.zmailer.org) + * updated pfixtls_dump to need fewer strcat and strcpy calls. + +- Cerebus + * Missing variable initialization in client mode enable STARTTLS + negotiation even when not wanted. + -> fixed in pfixtls-0.2.8 + +- Bodo Moeller + * The SSL connection was not shut down at the end of the session, because + SSL_CTX_set_quiet_shutdown() was set. This however did not mean "do a + quiet shutdown" but "do not shutdown SSL". + -> fixed in pfixtls-0.3.3 + +- Jeff Johnson + * noted that the patch code will not compile with SSL disabled anymore, + because a ´#ifdef HAS_SSL #endif´ encapsulation was missing in + smtp/smtp_connect.c. This must have been in since the very beginning + of client mode support (0.2.x). + -> fixed in 0.3.6 + +- Craig Sanders + * noted that the Received: header does not contain sufficient information + whether a client certificate was not requested or not presented. + He also reminded me that the session cache must be cleared when + experimenting with the setup and certificates, what is not explained + in the documenation. + -> fixed in 0.4.4 + +- Claus Assmann + * pointed out that the Received: header logging about the TLS state violated + RFC822. The TLS information must be in comment form "(info)". + -> fixed in 0.6.3 + +- Wietse Venema + * uncounted important suggestions to start the integration into the Postfix + mainstream code. + * code adjustments in the dict_*() database code to allow easier inclusion + and use for session caching, and this is only the beginning :-) + -> started reprogramming Postfix/TLS to fit both Wietse's and my + requirements as of 0.6.0 + +- Damien Miller + * Found mismatch between documentation and code with regard to logging. + -> fixed in 0.6.6 + +- Deti Fliegl + * Provided an initial patch to support SubjectAlternativeName/dNSName + checks. + -> added in 0.8.14 -- cgit v1.2.3