[exim-dev] Preliminary dane_require_tls_ciphers support

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-dev
Subject: [exim-dev] Preliminary dane_require_tls_ciphers support
I've written support for a new SMTP Transport option
dane_require_tls_ciphers which is like tls_require_ciphers but is used
in _preference_ to tls_require_ciphers when DANE enabled.

This seemed much saner than requiring lots of conditional logic,
especially since we already ignore most of the TLS options once DANE is
in play anyway.

I wrote code for OpenSSL and GnuTLS and tested compilation with OpenSSL.

I wrote docs. I did not write tests, I'm way out of practice on the
Exim test suite.

Pushed to dane_require_tls_ciphers in the main git repo.

Jeremy, does this look mergeable/sane? Did we get as far as pre-merge
testing at any point, rather than post-merge testing?

What sort of coverage do we need from tests? It's honestly going to be
faster if someone else writes them (I wrote this code for stress relief
but am going to be Rather Busy over the next few days and unlikely to
get back to this). But if wanted, I can be less lazy and write them.
At some point.

-Phil