[exim-dev] [Bug 1523] DANE support under GnuTLS

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 1523] New: DANE support under GnuTLS
Subject: [exim-dev] [Bug 1523] DANE support under GnuTLS
https://bugs.exim.org/show_bug.cgi?id=1523

Jeremy Harris <jgh146exb@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
   Target Milestone|Exim 4.85                   |Exim 4.91
           Assignee|pdp@???                |jgh146exb@???


--- Comment #4 from Jeremy Harris <jgh146exb@???> ---
Followon commits:

28646fa9c7 DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode
3674140cdd DANE/GnuTLS: filter TLSA records for usability
94c1328507 DANE/GnuTLS: split verification of mixed sets of TLSA records by
usage

Known deficiencies:
- Viktor says the chain-handling is over-strict
- Not all cases of unusable-cert result in retry against further TLSA records
- No support for RFC7671 digest agility

Still Experimental, but consider moving to default build by next release.

--
You are receiving this mail because:
You are on the CC list for the bug.