Re: [exim] Exim 4.94.2 - security update released (DANE fix)

Pàgina inicial
Aquest missatge és part del següent fil:
Ml'arbre de fils complet ordenat per data
 
 
Delete this message
Reply to this message
Autor: Viktor Dukhovni
Data:  
A: Heiko Schlittermann
CC: exim-users
Assumptes vells: [exim] Exim 4.94.2 - security update released
Assumpte: Re: [exim] Exim 4.94.2 - security update released (DANE fix)

The DANE fix: 

-            ob->tls_sni = sx->first_addr->domain;    /* force SNI */
+                       ob->tls_sni = sx->conn_args.host->name; /* force SNI */


replaces the recipient domain with the MX hostname.

When the MX host is a CNAME, is that necessarily the same as
the TLSA base domain?

How does Exim handle MX hosts that are CNAMEs? Are fully
expanded (secure at every step, with fallback to the original
name) CNAMEs used for TLSA lookups (per RFC7672?)? 

-- 
    Viktor.



Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [exim] Exim 4.94.2 - security update releasedRe: [exim] Sqlite Lookup absolute filename (was Exim 4.94.2 - security update released)->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)