![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / smtpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.14, Tue May 25 19:39:22 2021 UTC (3 years ago) by eric
Branch: MAIN
CVS Tags: HEAD
Changes since 1.13: +1 -1 lines
FILE REMOVED
remove obsolete files
Revision 1.13 / (download) - annotate - [select for diffs], Wed Dec 30 16:02:08 2015 UTC (8 years, 5 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.12: +4 -7 lines
Diff to previous 1.12 (colored)
SSL_CTX_free() and SSL_free() check for null so dont do it in smtpd ok jung@ tedu@ deraadt@
Revision 1.12 / (download) - annotate - [select for diffs], Sun Dec 13 09:52:44 2015 UTC (8 years, 5 months ago) by gilles
Branch: MAIN
Changes since 1.11: +2 -6 lines
Diff to previous 1.11 (colored)
refactor a bit to move the SNI handling away from smtp_session into smtp ok sunil@, jung@
Revision 1.11 / (download) - annotate - [select for diffs], Sat Dec 12 17:16:56 2015 UTC (8 years, 5 months ago) by gilles
Branch: MAIN
Changes since 1.10: +3 -3 lines
Diff to previous 1.10 (colored)
allow overriding the default cipher-suite ok jung@, sunil@, millert@
Revision 1.10 / (download) - annotate - [select for diffs], Wed Oct 21 16:44:28 2015 UTC (8 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.9: +4 -3 lines
Diff to previous 1.9 (colored)
Only enable SSL_VERIFY_PEER when the verify option is set on a listener. Always enabling SSL_VERIFY_PEER unnecessarily increases the number of messages/bytes in the TLS handshake and increases our attack surface, since we request and then process client certificates. ok gilles@
Revision 1.8.2.1 / (download) - annotate - [select for diffs], Sun Apr 19 20:30:33 2015 UTC (9 years, 1 month ago) by gilles
Branch: OPENBSD_5_7
Changes since 1.8: +3 -5 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
Incorrect logic in smtpd(8) can lead to unexpected client disconnect, invalid certificate in SNI negotiation or server crash. spotted by Edwin Torok
Revision 1.7.4.1 / (download) - annotate - [select for diffs], Sun Apr 19 20:30:06 2015 UTC (9 years, 1 month ago) by gilles
Branch: OPENBSD_5_6
Changes since 1.7: +3 -5 lines
Diff to previous 1.7 (colored) next main 1.8 (colored)
Incorrect logic in smtpd(8) can lead to unexpected client disconnect, invalid certificate in SNI negotiation or server crash. spotted by Edwin Torok
Revision 1.4.2.1 / (download) - annotate - [select for diffs], Sun Apr 19 20:29:43 2015 UTC (9 years, 1 month ago) by gilles
Branch: OPENBSD_5_5
Changes since 1.4: +3 -5 lines
Diff to previous 1.4 (colored) next main 1.5 (colored)
Incorrect logic in smtpd(8) can lead to unexpected client disconnect, invalid certificate in SNI negotiation or server crash. spotted by Edwin Torok
Revision 1.9 / (download) - annotate - [select for diffs], Sun Apr 19 20:29:12 2015 UTC (9 years, 1 month ago) by gilles
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.8: +3 -5 lines
Diff to previous 1.8 (colored)
Incorrect logic in smtpd(8) can lead to unexpected client disconnect, invalid certificate in SNI negotiation or server crash. spotted by Edwin Torok
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:21 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE
Branch point for: OPENBSD_5_7
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.7 / (download) - annotate - [select for diffs], Tue Apr 29 19:13:14 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE
Branch point for: OPENBSD_5_6
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)
Implement RSA privilege separation for OpenSMTPD, based on my previous implementation for relayd(8). The smtpd(8) pony processes (mta client, smtp server) don't keep the private keys in memory but send their private key operations as imsgs to the "lookup"/mta process. It's worth mentioning that this prevents acidental private key leakage as it could have been caused by "Heartbleed". ok gilles@
Revision 1.6 / (download) - annotate - [select for diffs], Tue Apr 29 12:18:27 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
Remove unused arguments from ssl_smtp_init() ok gilles@
Revision 1.5 / (download) - annotate - [select for diffs], Tue Apr 29 10:08:55 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.4: +2 -17 lines
Diff to previous 1.4 (colored)
It is only required to load the keys and certs into the same SSL context once. Simplify the code path by moving the loading from three different places into ssl_ctx_create(): ok gilles@
Revision 1.4 / (download) - annotate - [select for diffs], Tue Feb 4 13:44:41 2014 UTC (10 years, 3 months ago) by eric
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE
Branch point for: OPENBSD_5_5
Changes since 1.3: +8 -3 lines
Diff to previous 1.3 (colored)
pki code cleanup - rename "struct ssl" and "cert" to "struct pki" and "cert" to "pki_name" - inherit pki conf on fork instead of passing it through imsg at startup - implement SNI on smtp listeners
Revision 1.3 / (download) - annotate - [select for diffs], Mon Oct 28 17:02:08 2013 UTC (10 years, 7 months ago) by eric
Branch: MAIN
Changes since 1.2: +7 -4 lines
Diff to previous 1.2 (colored)
Report the ssl certificate verification status in the mail header. Log ssl certificate validation errors. Fix several ssl-related leaks.
Revision 1.2 / (download) - annotate - [select for diffs], Fri May 24 17:03:14 2013 UTC (11 years ago) by eric
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.1: +1 -2 lines
Diff to previous 1.1 (colored)
sync with OpenSMTPD 5.3.2 ok gilles@
Revision 1.1 / (download) - annotate - [select for diffs], Sat Jan 26 09:37:24 2013 UTC (11 years, 4 months ago) by gilles
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Sync with our smtpd repo: * first bricks of ldap and sqlite support (not finished but both working) * new table API to replace map API, all lookups are done through tables * improved handling of temporary errors throughout the daemon * improved scheduler and mta logic: connection reuse, optimizes batches * improved queue: more tolerant to admin errors, new layout, less disk-IO * improved memory usage under high load * SSL certs/keys isolated to lookup process to avoid facing network * VIRTUAL support improved, fully virtual setups possible now * runtime tracing of processes through smtpctl trace * ssl_privsep.c sync-ed with relayd * ssl.c no longer contains smtpd specific interfaces * smtpd-specific ssl bits moved to ssl_smtpd.c * update mail address in copyright FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. smtpd.conf(5) simplified, it will require adaptations ok eric@