similar to: ssl_cert_username_field and subjectAltName?

Hello, I'm looking into adding support for extracting the username from client certificate's rfc822Name (from the subjectAltName extension). The question I have is what would be the best approach to do this? Current implementation has a kind of clean code since it just goes through the subject name, extracting the values with X509_NAME_get_text_by_NID (while NID is obtained with

The openssl library in Debian unstable (targeting Buster) supports TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0. If the admin decides to also support TLS1.[01] users he can then enable the lower protocol version in case the users can't update their system. Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> --- src/config/all-settings.c

https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some configurations Dovecot ??? ? mistakenly trusts the username provided via authentication instead ??? ? of failing.

https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some configurations Dovecot ??? ? mistakenly trusts the username provided via authentication instead ??? ? of failing.

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> Hi, </div> <div> <br> </div> <div> as per our EOL statement 2.2.36 receives security and critical updates. That said, we decided to flush few annoying bugs with .1 release. </div> <div> <br>

for some reason Aki's posts are not making it to my GMail account from this list. Any idea why? On Tue, Feb 5, 2019 at 10:04 AM Eric Broch <ebroch at whitehorsetc.com> wrote: > Thank you! > On 2/5/2019 8:43 AM, Aki Tuomi wrote: > > Hi, > > as per our EOL statement 2.2.36 receives security and critical updates. > That said, we decided to flush few annoying bugs

On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss at iki.fi> wrote: >> DEF(SET_STR, ssl_protocols), >> DEF(SET_STR, ssl_cert_username_field), >> DEF(SET_STR, ssl_crypto_device), >> + DEF(SET_STR, ssl_lowest_version), > >Does it really require a new setting? Couldn't it use the existing >ssl_protocols setting? You need to set a minimal version.

Hello. When trying to sort a folder by thread (with pine4.61), I get a sig11. The mailstore is Maildir, indexes stored in /var/indexes/%u. The syslog on the server shows this: Nov 29 11:37:55 olan dovecot: IMAP(kowalski): Corrupted index cache file /var/indexes/kowalski/.INBOX/dovecot.index.cache: record points outside file Nov 29 11:37:56 olan dovecot: child 14344 (imap) killed with signal 11

Hi, This is my first post to the list, so greetings to you all! I am seeking your help with SSL/TLS client authentication. I currently have the following setup: * Server: - Debian Squeeze (fully patched) - OpenSSL 0.9.8o - Dovecot v2.1.10 (Debian backport package from Wheezy) - SSL listener on port 993 with the Dovecot selfsigned certificate that was created during

Hello. I am currently testing dovecot (0.99.10.8, Debian woody from backports), with the maildir storage. I have noticed that when I use the mailutil tool from uw-imap distribution to transfer my IMAP mailboxes from our current server (uw-imap, mbx format) to the dovecot one, the mails arrival time are apparently lost. I can see this in Pine, using the Arrival sort: the mailboxes on the

Hello. On a server running 2.4.25, I have the two following errors in the kernel logfile: Unexpected dirty buffer encountered at do_get_write_access:618 (08:11 blocknr 920707) Unexpected dirty buffer encountered at do_get_write_access:618 (08:11 blocknr 920707) Should I worry about them (disk failure, filesystem damage) ? Thanks. As an addition what does the pair '08:11' means ? Is

Due to DMARC issues some people have failed to receive the latest security information, so here it is repeated for both releases: 2.3.4.1 https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig <https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig> Binary packages in https://repo.dovecot.org/ * CVE-2019-3814: If

Due to DMARC issues some people have failed to receive the latest security information, so here it is repeated for both releases: 2.3.4.1 https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig <https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig> Binary packages in https://repo.dovecot.org/ * CVE-2019-3814: If

Hello, On a dovecot 2.0.14 proxy, I found that proxying managesieve works well when using 'starttls' option in pass_attrs, but does not work when using 'ssl' option. The backend server is also dovecot 2.0.14; when using the ssl option, it reports "no auth attempts" in the logs about managesieve-login, and meanwhile the MUA, Thunderbird with sieve plugin, reports

This is driven by the fact that OpenSSL 1.1 does not know about SSLv2 at all and dovecot's defaults simply make OpenSSL error out with "Unknown protocol 'SSLv2'"[1]. So we change the defaults to refer to SSLv2 iff OpenSSL seems to know something about it. While at it, it's also a good idea to disable SSLv3 by default as well. [1] https://bugs.debian.org/844347

On 8/20/2008, Nicolas KOWALSKI (nicolas.kowalski at gmail.com) wrote: > The alpine documentation states about 'Arrival' sorting: > > " The Arrival sort option arranges messages in the MESSAGE INDEX in > the order that they exist in the folder. This is usually the same as > the order in which they arrived. This option is comparable to not > sorting the messages at

Dear Members, I am working with 6-dimensional Student-t distribution with 4 degrees of freedom truncated to [20; 60]. I have generated 100 000 samples from truncated multivariate Student-t distribution using rtmvt function from package ?tmvtnorm?. I have also calculated mean vector using equation (3) from attached pdf. The problem is, that after summing all elements in one column of rtmvt result

Hello, On my home server (Debian etch, custom 2.6.28.2 kernel), I am using ext3 for both root and /home filesystems, with barriers enabled to prevent corruption caused by my PATA disk write cache. Looking for a better performance, I have also set the commit=nr option as described in linux-2.6.28.2/Documentation/filesystems/ext3.txt, so that I now have: niko at petole:~$ mount -t ext3

Hello, When a message is copied or newly-delivered to a folder, it does not have the "recent" flag set. Is there something in the configuration to activate it ? Thanks. # dovecot -n # 1.0.9: /usr/local/etc/dovecot.conf protocols: imap login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login mail_location:

Hello, On my windows xp machine, with cygwin, I run rsync to backup important files on another drive (samba share, mapped on h:). It works fine. I currently use the following command line: rsync -rtv --del --delete-excluded --progress --iconv=ISO-8859-1,UTF-8 --partial \ --exclude "/Videos/" \ --exclude "/Ma musique/" \ /cygdrive/d/Documents/ \