[exim-dev] [Bug 1523] DANE support under GnuTLS

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Madmin at <-
 
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 1523] New: DANE support under GnuTLS
Subject: [exim-dev] [Bug 1523] DANE support under GnuTLS
https://bugs.exim.org/show_bug.cgi?id=1523

Jeremy Harris <jgh146exb@???> changed: 

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
   Target Milestone|Exim 4.85                   |Exim 4.91
           Assignee|pdp@???                |jgh146exb@???


--- Comment #4 from Jeremy Harris <jgh146exb@???> ---
Followon commits:

28646fa9c7 DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode
3674140cdd DANE/GnuTLS: filter TLSA records for usability
94c1328507 DANE/GnuTLS: split verification of mixed sets of TLSA records by
usage

Known deficiencies:
- Viktor says the chain-handling is over-strict
- Not all cases of unusable-cert result in retry against further TLSA records
- No support for RFC7671 digest agility

Still Experimental, but consider moving to default build by next release.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2092] Should support dual-key configuration with lists of keys/certs[exim-dev] [Bug 2213] New: directory name (path name) length limited to 254 characters->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)