12004/09/12 == Released 0.8.19 == 2 32004/09/01 4 - Finished updating the code by adjusting to postfix-2.2-20040829 5 and started using it at my own site. 6 72004/08/01 8 - Started adjusting the patch to postfix-2.2-20040729. 9 102004/06/21 == Re-released 0.8.18 == 11 122004/06/21 13 - Postfix 2.1.3 has been released. Shortlived 2.1.2 did bring an 14 incompatibel change (patch conflict) which has been resolved. 15 - Fixed some typos in the tlsmgr.8 manual page (Chris Pepper 16 <pepper@reppep.com>). 17 182004/04/27 == Re-released 0.8.18 == 19 202004/04/27 21 - Postfix 2.1.0 has been released. Some minor patch conflicts with respect 22 to the actual code and build environment. 23 - Due to the restructuring of the documentation the old sample-*.cf 24 files are no longer available. 25 Took documentation already adopted by Wietse for the 2.1-RC2-IPV6+TLS 26 snapshot. 27 282004/02/09 == Re-released 0.8.18 == 29 302004/02/09 31 - Postfix 2.0.18-20040205 is available, patchkit applies without 32 problems. 33 342004/02/02 == Release 0.8.18 == 35 362004/02/02 37 - Incorporated Luca Berra's information into the patchkit and ran tests 38 with my own versions. 39 402004/02/01 41 - Reports about server side SMTP failure with Carsten's patch can be 42 found on postfix-users. 43 'Luca Berra' <bluca@comedia.it> informs, that he discoverd another 44 failure of the GNU patch program with a misplaced patch hunk in 45 smtpd.c 46 472004/01/30 48 - Edited in additional #ifdef USE_TLS conditionals. If the TLS patch 49 is applied but not activated (USE_TLS is not defined), a warning is 50 printed as soon as TLS shall be used. 51 522004/01/23 53 - Postfix 2.0.18-20040122 is now available. Several patch conflicts occur. 54 Even more: one hunk of the patch (which is provided in unified diff) 55 fails in smtp.c and causes a segmentation violation. 56 Carsten Hoeger <choeger@suse.de> provides an adapted patch kit. 57 582004/01/02 == Released 0.8.17 == 59 602004/01/02 61 - Postfix-2.0.16-20031231 is released. No patch conflicts. 62 - Changed autoresponder for TLS tests to "The Postfix Book" echo 63 responder (provided by Patrick Koetter and Ralf Hildebrandt). 64 652003/12/30 66 - Postfix-2.0.16-20031226 is released. No patch conflicts. 67 682003/12/26 69 - Postfix-2.0.16-20031224 is released. Resolved patch conflicts. 70 712003/12/16 72 - Postfix-2.0.16-20031215 is released. Resolved patch conflicts. 73 - src/global/pfixtls.c: changed occurance of "ssize_t" to "size_t" 74 as some quite old operating systems do no have ssize_t 75 (Reported by Klaus Jaehne <kj@uue.org> for SunOS 4.1.4). 76 - src/global/pfixtls.c: both the client and the server engine did 77 print out messages even when tls_loglevel was set to 0 (reported 78 by Florian Effenberger <florian@effenberger.org>): evaluate loglevel 79 before printing any message. 80 812003/11/17 == Re-released 0.8.16 == 82 832003/11/17 84 - Postfix 2.0.16-20031113 is released. Some minor patch conflicts. 85 862003/10/27 == Re-released 0.8.16 == 87 882003/10/24 89 - Postfix 2.0.16-20031022 is released. Some minor patch conflicts. 90 912003/09/23 == Re-released 0.8.16 == 92 932003/09/23 94 - Postfix 2.0.16 and 2.0.16-20030921 are now available. 95 Resolved some minor patch conflicts. 96 972003/09/10 == Released 0.8.16 == 98 992003/09/09 100 - Postfix 2.0.15 has been released including another workaround for 101 select() on Solaris problems. It contains additional code to catch 102 EAGAIN on read() in the timed_read() routine (and the respective 103 precautions in timed_write() 104 - Note: this fix is not yet part of Postfix 2.0.14-20030812. 105 - Added corresponding code to pfixtls_timed_read()/_write(). 106 - Changed SSL wrappermode behaviour: use smtpd_sasl_tls_security_options 107 instead of smtpd_sasl_security_options as is to be expected because TLS 108 is active. (Bug reported by Bob Snyder <rsnyder@toontown.erial.nj.us>.) 109 1102003/08/29 == Re-released 0.8.15 == 111 1122003/08/29 113 - Adapted patchkit to Postfix 2.0.14. No patch conflicts. 114 1152003/07/17 == Re-released 0.8.15a (-20030715 only) == 116 1172003/07/16 118 - Experimental version Postfix 2.0.14-20030715 is released, including 119 the SASL changes. Resolved some minor patch conflicts. 120 1212003/07/11 == Released 0.8.15a (-20030706 only) == 122 1232003/07/11 124 - Received error report about about TLS failing with the new smtpd_proxy 125 feature including instructions on how to reproduce. 126 (Did receive an earlier report on 2003/07/09, that however indicated other 127 setup problems, so that the actual problem was not visible.) 128 - Analysis: when introducing the new smtpd_proxy feature, different mechnisms 129 where introduced to either write to the cleanup daemon (as before) or to 130 the smtpd_proxy connection. Functions and streams are now expressed in 131 out_fprintf() function pointers etc. being assigned accordingly. 132 When updating to 0.8.15/2.0.13-20030706 this change was missed and the 133 routine adding the TLS information to the Received: headers did use the 134 older rec_fprintf() functions etc. This did work fine for the traditional 135 connection to the cleanup service, but naturally failed for smtpd_proxy 136 (with a segmentation violation). 137 Solution: access out_stream via the according pointers. 138 - The 2.0.13 stable version is not affected. 139 1402003/07/08 == Released 0.8.15 == 141 1422003/07/07 143 - Postfix 2.0.13 and 2.0.13-20030706 are released. 144 Patchkit for 2.0.13 applies cleanly. 145 Patchkit for 2.0.13-20030607 requires several adaptations (patch conflicts, 146 no functional changes). 147 - Slightly modified SASL interface code (smpt[d]_sasl_glue layer) to 148 allow setting the security policy during session setup instead of 149 process start. This allows to actually choose SASL mechanisms available 150 depending on the availability of TLS encryption and authentication. 151 New parameters: smtpd_sasl_tls_security_options, 152 smtp_sasl_tls_security_options, smtp_sasl_tls_verified_security_options 153 - Submitted change to SASL interface to Wietse, who accepted the change 154 as part of the Snapshot line. 155 1562003/06/19 == Released 0.8.14 == 157 1582003/06/19 159 - Add support for SubjectAlternativeName "dNSName" entries in certificate 160 checking (applies for client mode only). 161 If the client connects to the server, it does check the list of dNSName 162 entries against the expected hostname (therefore allowing the server to 163 have multiple identities). As described in RFC2818 (HTTP over TLS), 164 CommonName (CN) entries are only checked, if no dNSName entries are found 165 at all. 166 Initial patch proposed by Deti Fliegl <fliegl@cs.tum.edu>, reworked to 167 follow the RFC2818 rules and some cleanup. 168 1692003/06/18 170 - Checked out similar settings, found another missing entry: 171 var_smtp_scert_vd was missing src/smtp/smtp.c. 172 - Renamed HAS_SSL to USE_TLS for compilation (have to use -DUSE_SSL 173 in the future). Currently pfixtls.h will take care of setting 174 USE_TLS, when HAS_SSL has been defined. 175 1762003/06/17 177 - Received bug reports about Postfix/TLS failing (connection closing) 178 after having finished the "STARTTLS"/"220 Ready to start TLS" 179 dialogue. (Actually the first report came in via private mail on 180 2003/06/12, but the information was too diffuse to track down). 181 Tracking down became possible after it became clear, that only Solaris 182 systems are affected. 183 Analysis: 184 * As of 2003/06/09 postfix uses non-blocking socket I/O for the SMTP 185 connection on Solaris platforms. This requires using "select()" style 186 waiting before read() or write() access (which are not prepared EAGAIN 187 or EWOULDBLOCK in the Postfix case and therefore indicate error). 188 * As the var_smtpd_starttls_tmout variable is not correctly initialized 189 (value is 0), the select() style function is not called, therefore 190 read() fails with EAGAIN and the connection is closed due to a 191 presumed error condition. 192 * The initialization of the variable should be done in the time_table[] 193 list during main(). 194 The entry however was lost during the patch adaptation from 0.7.13e 195 to 0.7.14-snap20020107 on 2002/01/07. 196 Impact: 197 * On Solaris systems, STARTTLS fails during handshake (server only). 198 * On other systems, the TLS negotiation phase is not protected by the 199 smtpd_starttls_tmout (default 300s) value and may hang until the 200 watchdog kills smtpd, if the client does not continue the handshake. 201 Restored var_smtpd_starttls_tmout variable initialization. 202 2032003/06/12 == Re-released 0.8.13 == 204 2052003/06/11 206 - Adapted to snapshot 2.0.12-20030611. No patch conflicts. 207 2082003/06/11 209 - Adapted to snapshot 2.0.11-20030609. One minor patch conflict. 210 2112003/05/23 == Re-released 0.8.13 == 212 2132003/05/23 214 - First release against snapshot 2.0.10-20030523. 215 2162003/04/26 == Re-released 0.8.13 == 217 2182003/04/26 219 - Updated patchkit to apply to Postfix 2.0.9. 220 - Updated patchkit-name to reflect the release of OpenSSL 0.9.7b. 221 2222003/03/06 == Re-released 0.8.13 == 223 2242003/03/06 225 - Postfix 2.0.6 has been released. No patch conflicts. 226 2272003/03/02 == Re-released 0.8.13 == 228 2292003/03/02 230 - Postfix 2.0.4 has been released. "patch" should work with some warnings 231 about moved line numbers. 232 - OpenSSL 0.9.7a has been released. No visible changes with respect to 233 Postfix/TLS. 234 2352003/01/26 == Re-released 0.8.13 == 236 2372003/01/26 238 - Postfix 2.0.3 has been released. One minor patch-conflict. 239 2402003/01/13 == Released 0.8.13 == 241 2422003/01/13 243 - Postfix 2.0.1 has been released. Some minor patch conflicts resolved. 244 - Added HOWTO documents contributed by Justin Davies <justin@palmcoder.net> 245 to the contribution area. 246 - Added RFC3207 (SMTP Service Extension for Secure SMTP over Transport Layer 247 Security) to the documentation. RFC3207 is the successor of RFC2487. 248 - Updated TODO list to reflect release ideas up to the release of 249 Postfix/TLS 0.9.0. (Or will it finally be 1.0.0? :-) 250 2512002/12/30 252 - OpenSSL 0.9.7 has been released. Postfix/TLS works best with the new 253 0.9.7 release. 254 2552002/12/24 == Re-released 0.8.12 == 256 2572002/12/24 258 - Postfix 2.0.0.1 has been released. Resolved one minor patch conflict. 259 2602002/12/20 == Re-released 0.8.12 == 261 2622002/12/20 263 - Postfix snapshot 1.1.12-20021214 has been released. Resolved minor 264 patch conflicts. 265 2662002/12/15 == Re-released 0.8.12 == 267 2682002/12/15 269 - Postfix snapshot 1.1.12-20021214 has been released. Two minor patch 270 conflicts. 271 2722002/12/06 == Released 0.8.12 == 273 2742002/12/06 275 - OpenSSL 0.9.6h has been released. Update documentation and filenames 276 to reflect this new release. 277 - Minor bug fix: when calling "sendmail -bs", smtpd is not run with 278 superuser permissions, therefore the loading of the private key fails. 279 STARTTLS is not used anyway, so the key is not needed anyway, but the 280 failure to load creates a misleading warning. 281 Do not initialize TLS engine at all when not started with superuser 282 permissions. 283 2842002/12/03 285 - Postfix snapshot 1.1.12-20021203 has been released. Resolved one patch 286 conflict. 287 2882002/11/01 == Re-released 0.8.11a == 289 2902002/11/01 291 - Postfix snapshot 1.1.11-20021031 has been released. No patch conflicts. 292 2932002/10/30 == Re-released 0.8.11a == 294 2952002/10/30 296 - Postfix snapshot 1.1.11-20021029 has been released. No patch conflicts. 297 2982002/09/30 == Re-released 0.8.11a == 299 3002002/09/30 301 - Postfix snapshot 1.1.11-20020928 has been released. No patch conflices. 302 3032002/09/24 304 - Postfix snapshot 1.1.11-20020923 has been released. Adapt patchkit. 305 3062002/09/19 == Re-released 0.8.11a == 307 3082002/09/18 309 - Postfix snapshot 1.1.11-20020917 has been released. Adapt patchkit. 310 3112002/08/23 == Re-released 0.8.11a == 312 3132002/08/23 314 - Postfix snapshot 1.1.11-20020822 has been released. Adapt patchkit. 315 3162002/08/20 317 - Postfix snapshot 1.1.11-20020819 has been released with several 318 enhancements and changes. Adapt patchkit (minor issues). 319 3202002/08/12 321 - OpenSSL has experienced several (security critical) updates. 322 3232002/07/26 == Re-released 0.8.11a == 324 3252002/07/26 326 - On popular demand, a new diff for the snapshot version of Postfix 327 is created: postfix-1.1.11-20020719. 328 3292002/06/18 == Re-released 0.8.11a == 330 3312002/06/18 332 - On popular demand, a new diff for the snapshot versions of Postfix 333 is created: postfix-1.1.11-20020613. 334 3352002/06/03 == Released 0.8.11a == 336 3372002/06/03 338 - When compiling with SSL but without SASL, compilation fails due to 339 the modification of state->sasl_mechanism_list that is not part of the 340 "state" structure when SASL is not compiled in. 341 This bug was introduced in version 0.8.11. 342 Bug reported and patch supplied by Bernd Matthes 343 <bernd.matthes@gemplus.com>. 344 3452002/05/29 == Released 0.8.11 == 346 3472002/05/29 348 - Postfix 1.1.11 is released. 349 3502002/05/25 351 - Fix processing of options after STARTTLS handshaking: AUTH= was not 352 handled, as the "=" was not recognized as for the extension list for 353 the case without TLS. (The TLS case was a copy of an older version 354 of the code not yet containing the "=" and the change in the main 355 code slipped through without noting the difference, hence the option 356 as not added to the TLS part. 357 Found by "Christoph Vogel" <Christoph.Vogel@Corbach.de>. 358 3592002/05/24 360 - Bug reported by "Christoph Vogel" <Christoph.Vogel@Corbach.de>: 361 Client side AUTH does not work, if STARTTLS is used: if a server 362 announces AUTH and STARTTLS, AUTH is being used if TLS is disabled. 363 Once TLS is enabled, AUTH is still offered by the server, but the 364 client does not use it any longer. 365 Reason: when AUTH is offered, not only the SMTP_REATURE_AUTH flag 366 is set in state->features, but also the available mechanisms are 367 remembered in state->sasl_mechanism_list. As AUTH may be offered 368 twice by some hosts (in the correct "AUTH mech" form and the older 369 and deprecated "AUTH=mech" form), a check against processing the 370 line twice is included in smtp_sasl_helo_auth(). This check now 371 prevented the correct processing in the second evaluation of the 372 ESMTP extensions offered after the STARTTLS activation. 373 Solution: reset state->sasl_mechanism_list before processing the 374 extension list just like state->features. 375 3762002/05/15 == Released 0.8.10 == 377 3782002/05/15 379 - Postfix 1.1.10 has been released. No changes. 380 3812002/05/14 == Released 0.8.9 == 382 3832002/05/14 384 - Postfix 1.1.9 has been released. Patchkit requires a small adjustment 385 (supplied by Tuomo Soini <tis@foobar.fi>). 386 3872002/05/10 == Released 0.8.8 == 388 3892002/05/10 390 - OpenSSL 0.9.6d has been released. Release the unchanged patchkit 391 with a new version number and under a new filename to indicate 392 that it should be built against 0.9.6d (it has the session caching 393 failure of 0.9.6c fixed). Update documentation accordingly. 394 3952002/05/05 396 - Postfix 1.1.8 has been released, the patchkit applies cleanly. 397 3982002/04/03 == Re-released 0.8.7 == 399 4002002/04/03 401 - Postfix 1.1.7 has been released, the patchkit applies cleanly. 402 Re-released the patchkit. 403 4042002/03/29 == Released 0.8.7 == 405 4062002/03/29 407 - Postfix/TLS did not honor the per-recipient-switching-off in SMTP 408 client mode via tls_per_site (per-host-switching off was honored). 409 Patch by Will Day <wd@hpgx.net>. 410 4112002/03/27 == Released 0.8.6 == 412 4132002/03/27 414 - Postfix 1.1.6 has been released. Adapted patchkit to resolve minor 415 patch conflict. (Template provided by Simon Matter 416 <simon.matter@ch.sauter-bc.com>) 417 4182002/03/13 == Released 0.8.5 == 419 4202002/03/13 421 - Postfix 1.1.5 has been released. The patchkit would apply cleanly, but 422 obviously the "lock_fd" change that applies to dict_dbm.c (Wietse) 423 also has to be applied to dict_sdbm.c. Tuomo Soini <tis@foobar.fi> 424 kindly provided this change. 425 4262002/02/25 == Released 0.8.4 == 427 4282002/02/25 429 - Postfix 1.1.4 became visible. One patch conflict in a Makefile 430 (Carsten Hoeger <choeger@suse.de>). 431 4322002/02/21 433 - Dates in this CHANGES document were showing 2001 even though 2002 already 434 began :-). Fixed. (Marvin Solomon <solomon@conceptshopping.com>) 435 4362002/02/07 437 - Bug in the documentation (setup.html): the main.cf variables for the 438 SMTP server process have to be named smtpd_* instead of smtp_*. 439 Found by Andreas Piesk <a.piesk@gmx.net>. 440 4412002/02/03 == Released 0.8.3 == 442 4432002/02/03 444 - Patch from Andreas Piesk <a.piesk@gmx.net>: remove some compiler warnings 445 by using explicit type casts in hexdump print statements. 446 - Re-released otherwise unchanged patchkit against Postfix-1.1.3. 447 4482002/01/30 == Released 0.8.2 == 449 4502002/01/30 451 - Re-released unchanged patchkit against Postfix-1.1.2. 452 4532002/01/24 == Released 0.8.1 == 454 4552002/01/24 456 - Postfix-1.1.1 has been released. The patchkit needed some small adjustment. 457 - Both Tuomo Soini <tis@foobar.fi> and Carsten Hoeger <choeger@suse.de> 458 helped out with this small adjustment. As a side effect of Carsten's 459 complete pfixtls.diff, which I compared after applying Tuomo's adjustment, 460 I found that pfixtls.c contained several wrong "'" characters: on the 461 german keyboard there is an accent looking like the apostroph but producing 462 a different binary code. Obviously on Carsten's machine the code was 463 changed which became obvious during the comparison. 464 (Conclusion: I wrote the comments affected on my SuSE-Linux PC at home with 465 german keyboard. In my university-office I do have HP-UX workstations 466 with US keyboards.) 467 4682002/01/22 == Released 0.8.0 == 469 4702002/01/22 471 - Received a comment from Wietse on the mailing list, that it is better 472 to resolve the "standalone" issue by using the already available 473 SMTPD_STAND_ALONE() macro in smtpd. Undid 0.7.16 change and made 474 new change in smtpd.c. 475 - Updated links in the References section of the documentation. 476 4772002/01/21 == Released 0.7.16 == 478 4792002/01/21 480 - When calling "sendmail -bs" and STARTTLS is enabled, smtpd tries to 481 read the private key and fails due to insufficient permissions (smtpd 482 is run with the privileges of the user). This case is caught since 483 version 0.6.18 of the Postfix/TLS patchkit: STARTTLS is still being 484 offered but a "465 temporary failure" message is issued. Some mailers 485 (read this: PINE) will then refuse to continue. (And an irritating 486 error message indicating the failure to read the key will be logged.) 487 Experienced by "Lucky Green" <shamrock@cypherpunks.to> . 488 - Solution: Disable STARTTLS when running "sendmail -bs" by adding 489 "-o smtpd_use_tls=no -o smtpd_enforce_tls=no" to smtpd's arguments 490 upon startup. Using STARTTLS does not make sense in simulated 491 SMTP mode. 492 4932002/01/18 == Released 0.7.15 == 494 4952002/01/18 496 - Postfix 1.1.0 has been released. The patchkit for the former snapshot 497 version applied cleanly and now becomes the patchkit for the stable 498 version. 499 5002002/01/16 == Released 0.7.14a == 501 5022002/01/16 503 - Snapshot-20020115 is released. Adapted patchkit. 504 - Add Postfix/TLS entries into the new conf/postfix-files 505 (Tuomo Soini <tis@s.foobar.fi>, Carsten Hoeger <choeger@suse.de>). 506 5072002/01/14 508 - OpenSSL: a user reported that session caching stopped working for him 509 with OpenSSL 0.9.6c. I found that this is also true for my own 510 Postfix/TLS installation. 511 Solution: server side session caching is broken in OpenSSL 0.9.6c when 512 using non-blocking semantics (Postfix/TLS is affected as it uses 513 BIO-pairs); sessions are simply not added to the cache. This bug 514 is not security relevant. A fix has been applied to the OpenSSL source 515 tree for the next release. 516 5172002/01/08 == Released 0.7.14 == 518 5192002/01/07 520 - New snapshots released as release candidates. Adapted the patchkit 521 to snapshot-20020107. Moved our production servers from 20010228-pl08 522 to snapshot-20020107 with the adapted patchkit. 523 - Fix documentation: tlsmgr can be run chrooted since a long time. 524 5252001/12/21 526 - OpenSSL 0.9.6c is released. Postfix/TLS is fully compatible. 527 5282001/12/19 == Released 0.7.13e == 529 5302001/12/19 531 - Adapted patchkit to snapshot-20011217. 532 5332001/12/12 == Released 0.7.13d == 534 5352001/12/12 536 - Adapted patchkit to snapshot-20011210. Adaption provided by 537 Tuomo Soini <tis@foobar.fi>. 538 5392001/11/28 == Released 0.7.13c == 540 5412001/11/28 542 - Adapted patchkit to snapshot-20011127. 543 5442001/11/26 == Released 0.7.13b == 545 5462001/11/26 547 - Adapted patchkit to snapshot-20011125. 548 5492001/11/22 == Released 0.7.13a == 550 5512001/11/22 552 - Adapted patchkit to snapshot-20011121. 553 5542001/11/15 == Released 0.7.13 == 555 5562001/11/15 557 - Adapted patchkit to postfix-20010228-pl08 and snapshot-20011115. 558 5592001/11/06 == Re-released 0.7.12 == 560 5612001/11/06 562 - Snapshot-20011105 released. No patch conflicts, but in order to have 563 the pfixtls-* filename and home page entry reflect the new version, 564 I'll re-release 0.7.12. 565 5662001/11/05 == Released 0.7.12 == 567 5682001/11/05 569 - Release of Postfix-20010228-pl06 and snapshot-20011104. The snapshot 570 version had some minor patch conflicts to be resolved. 571 5722001/10/14 == Released 0.7.11 == 573 5742001/10/14 575 - Bug fix (client mode): when the peername is checked against the CommonName 576 in the certificate, the comparison does not correclty ignore the case 577 (the peername as returned by DNS query or set in the transport map 578 is not transformed to lower case). This bug was introduced in 0.7.5. 579 5802001/10/09 == Released 0.7.10 == 581 5822001/10/09 583 - Snapshot-20011008 is released. Some minor adaptions are required to 584 sort out patch conflicts. 585 5862001/09/28 587 - Received patch from Uwe Ohse <use@ohse.de>: There is a bug in sdbm's 588 handling of the .dir file, that also applies to Postfix/TLS. 589 The problem only appears for large databases. 590 - The example entries in conf/master.cf for the submission and smtps services 591 use "chroot=y" flags, while the Postfix default is "chroot=n". This could 592 lead to hardly explainable problems when users did not note this fact 593 during setup. 594 Fixed example entries to also use "chroot=n" default. 595 5962001/09/18 597 - Wietse releases Postfix-20010228-pl05. The patch applies cleanly with 598 "patch -p1 ...", so it is not necessary to release a new patchkit. 599 6002001/09/04 == Released 0.7.9 == 601 6022001/09/04 603 - Due to unititialized variable in smtpd_state.c, AUTH may not be offered 604 without TLS even though smtpd_tls_auth_only was not enabled. 605 (Patch from Nick Simicich <njs@scifi.squawk.com>.) 606 6072001/08/29 608 - In the snapshot-20010808 version of 0.7.9, the "tlsmgr" line in the sample 609 conf/master.cf is missing (reported by Will Day <wd@hpgx.net>). Fixed. 610 6112001/08/27 == Released 0.7.8 == 612 6132001/08/27 614 - Received bugreport about issuer_CN imprints consisting of long strings 615 of nonsense. This only appeard with certificates issued from a certain 616 CA (RSA Data Security Inc., Secure Server Certification Authority). 617 (Will Day <wd@hpgx.net>) 618 - The problem: the issuer data of this certificate is: 619 Issuer 620 C=US 621 O=RSA Data Security, Inc. 622 OU=Secure Server Certification Authority 623 It does not contain a CN (CommonName) field. OpenSSL's 624 X509_NAME_get_text_by_NID() function does not catch this condition 625 (no error flag set), but it also does not set the name in the memory 626 location specified. 627 - Solution: 628 1. Preset the memory for the string to '\0', so that a string of length 629 0 is obtained on the failure described above. 630 2. When no CN data is available, use the O (Organization) field 631 instead. The data are used for logging only (it is the issuer, not 632 the subject name), so this change does not affect functionality. 633 6342001/08/22 == Released 0.7.7 == 635 6362001/08/22 637 - Found one more bug: erronously called SSL_get_ex_new_index() instead 638 of SSL_SESSION_get_ex_new_index() (note the _SESSION missing). This 639 could be responsible for the failure at the locations found during 640 debugging. Works fine on HP-UX (did also before), must cross check 641 at home... 642 6432001/08/21 644 - Received report, that smtp (client) fails with signal 11 (platform: 645 linux redhat). Cannot reproduce any problem on HP-UX (did run 1 646 week in production before release). But malloc() and stack strategies 647 are different between platforms. 648 - Can reproduce the failure on my Linux PC at home :-(. 649 - Found one bug in new_session_cb(): on successfull external caching, 650 success is reported by a return value of 1. This however must be another 651 bug, as it has nothing to do with the locations of the failure, when 652 analyzing the core dumps/running under debugger. 653 Still getting SIGSEGV... 654 6552001/08/20 == Released 0.7.6 == 656 6572001/08/20 658 - Following "popular demand" implemented new feature and configuration option 659 "smtpd_tls_auth_only": Only allow authentication using the AUTH protocol, 660 when the TLS encryption layer is active. Default is "no" in order to 661 keep compatiblity to postfix without TLS patch. 662 This option does not distinguish between different AUTH mechanisms. 663 6642001/08/16 == Released 0.7.5 == 665 6662001/08/15 667 - The new session cache handling is working now at my site for quite some 668 time. 669 - Client side: modified peername matching code, such that wildcard 670 certificates can be used. Matching is done as in HTTP/TLS: only the 671 leftmost part of the hostname may be replaced by a '*'. 672 6732001/08/09 674 - Further debugged the CRYPTO_set_ex_data() functionality. 675 - Unified "external cache write" and "external cache remove" callbacks 676 for client and server side. The "external cache read" functions are not 677 that easy to combine, as the lookup keys are quite different and do not 678 match the fixed interface to the callback function. 679 - Change shutdown behaviour according to SSL_shutdown(). When SSL_shutdown() 680 returns, the shutdown handshake may not be complete, if we were the first 681 party to send the shutdown alert. We must call SSL_shutdown() again, 682 to wait for the peer's alert. 683 6842001/08/08 685 - Postfix snapshot 20010808 is being released. 686 6872001/08/08 688 - Rewrite server side to remove externally cached sessions via callback. 689 - Rewrite client side to remove externally cached sessions via callback. 690 This turns out to be more difficult as expected, as the client side 691 session cache is sorted by hostnames, but the callbacks are called 692 with the SSL_SESSION objects. The information must be stored into the 693 SSL_SESSION objects by using the CRYPTO_set_ex_data() functionality, 694 the documentation of which, ahem, ... 695 - Reloading sessions stays separate, as the functionality is different. 696 6972001/08/07 698 - Started reworking the session cache code. 699 * On the server side the retrieval from the external cache and the writing 700 to the cache are handled by callback functions. The removal is handled 701 directly. 702 * On the client side, all session cache operations are performed explicitly. 703 * The explicit handling is on the client side is bad, as it requires a 704 quite complicated logic to detect session reuse and the appropriate 705 handling. 706 * The explicit handling of session removal on both sides is bad, as 707 the OpenSSL library will remove sessions (on session failure) according 708 to the TLS specifications automatically, so we want to take advantage 709 of this feature and have the externally cached sessions removed as 710 required via callback. 711 - First step: on the client side, also use the new_session_cb(), so that 712 new sessions are automatically saved to the external cache on creation. 713 7142001/08/01 715 - Postfix-20010228-pl04 is being released. 716 7172001/07/11 == Released 0.7.4 == 718 7192001/07/10 720 - Postfix snapshot 20010709 was released. Resolved some minor patch 721 conflicts. 722 7232001/07/10 724 - OpenSSL 0.9.6b has been released including a security fix for the 725 libraries internal pseudo random number generator. 726 * Note: to exploit the weakness, an attacker must be able to retrieve 727 single random bytes. As in Postfix/TLS random bytes are only used 728 indirectly during the SSL handshake, an attacker could never access 729 the PRNG in the way required to exploit the weakness. 730 * Postfix/TLS is therefore not vulnerable (as are most (all?) applications 731 utilizing the SSL layer). 732 * The OpenSSL team however recommends to upgrade or install the bugfix 733 included in the announcement in any case. 734 * Details can be found at http://www.openssl.org/ 735 7362001/05/31 == Released 0.7.3a == 737 7382001/05/30 739 - Report from <Andre.Konopka@Presse-Data.de>: TLS logging does not work. 740 Reason: parameters are not evaluated in mail_params.c, as the corresponding 741 lines for other_int_defaults[] were missing from the patch. This 742 only affected the 0.7.3-snapshot version, the version for "stable" 743 is correct. 744 I will release 0.7.3a with this fix only for the snapshot version to keep 745 version numbering consistent with the "stable" version. 746 7472001/05/28 == Released 0.7.3 == 748 7492001/05/28 750 - Upgraded to snapshot-20010425: resolved some minor patch conflicts. 751 No functional changes. 752 7532001/05/16 754 - Received french documentation (doc_french/) contributed by 755 Etienne Roulland <Etienne.Roulland@univ-poitiers.fr>. 756 7572001/05/03 == Released 0.7.2 == 758 7592001/05/03 760 - Postfix-Snapshot 20010502 is released. Bernhard Rosenkraenzer 761 <bero@redhat.de> supplies an adapted patch for Postfix/TLS, as the 762 normal patch has several rejections because of code changes; 763 functionality has not changed. 764 7652001/05/01 766 - Patchlevel 02 of Postfix 20010228 is being released. The Postfix/TLS 767 patchkit applies cleanly when using the "-p1" switch to patch. 768 7692001/04/09 == Released 0.7.1 == 770 7712001/04/06 772 - OpenSSL 0.9.6a is released. It contains several bugfixes and will become 773 the recommended version to be used with Postfix/TLS. 774 I will run some more test and then re-release Postfix/TLS (without 775 additional changes to the source) as 0.7.1 to make people aware of the 776 new versions of Postfix and OpenSSL. 777 7782001/04/05 779 - Hint from Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>: 780 the "Known Bugs" section in doc/test.html actually contains bugs 781 of clients and/or interoperatbility problems. Better name it 782 "Known interoperability problems" and rename the entries 783 "Postfix/TLS server" and "Postfix/TLS client" to improve clarity. 784 7852001/03/29 786 - Patchlevel 01 of Postfix 20010228 is being released. The Postfix/TLS 787 patchkit applies cleanly when using the "-p1" switch to patch. 788 OpenSSL 0.9.6a will be out within the next handful of days, so I will 789 delay the release of a new patchlevel until then. 790 7912001/03/01 == Released 0.7.0 == 792 - IMPORTANT: If you are upgrading from a much older version, you will find 793 that some configuration options have changed over time (fingerprints are 794 now handled with ':'. check_relay_ccerts is now permit_tls_clientcerts. 795 Session caching has been reworked.) 796 It is recommended to re-read the sample-tls.cf file or the html version 797 in the documentation. 798 7992001/03/01 800 - Wietse has announced the _release_ version (non-beta) or postfix: 801 20010228! 802 - Applied the Patchkit to the _release_ version (not the snapshot version). 803 Resolved one minor patch conflict. 804 - So, it's time to call this Postfix/TLS 0.7.0. 805 8062001/02/26 == Released 0.6.38 == 807 8082001/02/26 809 - Snapshot-20010225 has been released. Resolved one minor patch conflict. 810 8112001/02/23 == Released 0.6.37 == 812 8132001/02/23 814 - Snapshot-20010222 has been announced as RELEASE CANDIDAT. Resolved one 815 minor patch conflict. 816 - Removed "check_relay_ccerts" restriction which has been replaced 817 by "permit_tls_clientcerts" in 0.6.24. (Was left in until now for 818 transition.) 819 - Do not try to save session data > 8kB, since this cannot be handled 820 by SDBM. (This is more or less academical, since I have never met a 821 session even half that large.) 822 8232001/02/19 == Released 0.6.36 == 824 8252001/02/05 826 - Snapshot-20010204 has been released. Resolved one minor patch conflict. 827 8282001/02/03 == Released 0.6.35 == 829 8302001/02/03 831 - Snapshot-20010202 has been released. Resolved one minor patch conflict. 832 8332001/01/29 == Released 0.6.34 == 834 8352001/01/29 836 - Snapshot-20010128 has been released. Resolved some minor patch conflicts. 837 8382001/01/11 == Released 0.6.33 == 839 8402001/01/10 841 - Discussion in Thread "When to get peer certificate?" continues and it 842 comes out, that cross references between datastructures are well maintained 843 inside OpenSSL. A fact not well known due to lack of documentation 844 (seems I am facing some more work on the OpenSSL manpages :-). 845 - Moved around data needed for the certificate verification: a lot of 846 "static" entries globally needed inside pfixtls.c could now be moved 847 into the connection specific TLScontext. 848 8492001/01/07 == Released 0.6.32 == 850 8512001/01/07 852 - Since now the checks at handshake stage (in pfixtls.c) are more strict, 853 some of the checks in smptd.c and smtp_proto.c could be removed. 854 At a later point I can probably move even more checks into pfixtls.c... 855 8562001/01/05 857 - Had a discussion with Ari Pirinen <aripirin@europe.com> on openssl-users 858 (Thread: When to get peer certificate?) about the earliest possible 859 place to check the CommonName of the peer against the expected name. 860 (This is what smtp does when enforcing the peername of the server it 861 is connecting to.) 862 The final result was, that the check can already been done inside the 863 verifiy_callback() routine even before the handshake is completed. 864 The positive side effect is, that since the session is never completly 865 established, it is also not cached on either client or server. 866 - Since this is a good idea, I have extended the verify_callback in 867 src/global/pfixtls.c to check the CommonName of the peer (if applicable) 868 and have the handshake shut down immediatly on failure. I have also 869 changed the behaviour so that whenever a positive certificate verification 870 is required, the handshake is shut down immediatly. 871 (The versions up to now did delay these checks until the session was 872 established and then shut down the connection. I had established this 873 practice while working on BIO-pairs and running into a bug in 874 OpenSSL 0.9.5 (fixed now) and with the verify depth.) 875 8762000/12/23 == Released 0.6.31 == 877 8782000/12/23 879 - Bug: When only enabling smtpd_tls_wrappermode and not additionally setting 880 smtpd_use_tls or smtpd_enforce_tls, the TLS engine was not fired up on 881 startup of smtpd 882 Fixed: also start TLS engine when only smtpd_tls_wrappermode is enabled. 883 (Experienced by "Fiamingo, Frank" <FiamingF@strsoh.org>) 884 8852000/12/18 == Released 0.6.30 == 886 8872000/12/18 888 - New snapshot 20001217 has been released. Due to the change of "timeout" 889 parameters now being its own class and table, the old patchkit does not 890 apply cleanly! 891 - Checked out Postfix/TLS parameters being timeout values and put them into 892 the new style time parameter table. This allows to specify time values 893 like 3600s or 1h. Updated sample configuration to reflect this new style. 894 - "Fiamingo, Frank" <FiamingF@strsoh.org> pointed out to me, that there are 895 three parameters in src/global/mail_params.h (namely DEF_TLS_RAND_EXCH_NAME, 896 DEF_SMTPD_TLS_CERT_FILE, DEF_SMTPD_TLS_CA_FILE) that are hardcoded as 897 "/etc/postfix/something". 898 This does not match the usual style of postfix, where no paths are 899 hardcoded this way. I have removed the defaults for CERT_FILE and CA_FILE. 900 The RAND_EXCH is needed for good PRNG seeding on systems without 901 /dev/urandom, I however don't know yet, how to rearrange this requirement. 902 I could use the Postfix internal mechanisms to enforce a parameter, but 903 this would annoy people having compiled in TLS but not activated. 904 9052000/12/13 == Released 0.6.29 == 906 9072000/12/13 908 - Snapshot-20001212 has been released. 909 - Undid bugfixes for 20001210 which now are included in the new snapshot. 910 9112000/12/12 == Released 0.6.28 == 912 9132000/12/12 914 - Added bugfix provided by Wietse on postfix-users@postfix.org for 915 "postconf -m" behaviour. 916 9172000/12/11 918 - New snapshot-20001210 released. Some patch conflicts occur. Additionally 919 * adjusted calls to myflock() to changed interface, 920 * fixed bug in smtpd_sasl_glue(), where a change to the name_mask() 921 call was not applied in the original snapshot. 922 9232000/12/05 == Released 0.6.27 == 924 9252000/12/04 926 - Print informational message "SSL session removed" only when 927 var_smtp[d]_loglevel >= 2. (Proposed by Craig Sanders <cas@taz.net.au>.) 928 - Extend logging of "setting up TLS connection from/to" and corresponding 929 success/failure messages so that they include the hostname/ip address. 930 This way it is much easier to automatically analyze errors by simply 931 grepping for e.g. "SSL_accept error" and immediately get the peer 932 causing the problem without further logfile processing. 933 (Proposed by Craig Sanders <cas@taz.net.au>.) 934 - When experiencing a TLS failure due to TLS-enforced failure in client mode 935 (no certificate or hostname/certificate mismatch etc), immediately shut 936 down the TLS mode with "failure" indication, so that the SSL session is 937 removed immediately. This way a new session is always enforced in the 938 case the peer has fixed the problem; no need to wait for the timeout. 939 9402000/11/29 == Released 0.6.26 == 941 9422000/11/29 943 - Found security relevant bug in the OpenSSL library: the verify_result 944 stating whether or not the certificate verification succeeded is not 945 stored in the session data to be cached and reused. 946 - This bug was found during the development of Postfix/TLS around one 947 year ago, the bug in the library was however only fixed for the server 948 side. At that time I also tested the server side behaviour but ommitted 949 to check the client side, too. 950 - Versions before Postfix/TLS 0.4.4 experienced this problem for both 951 server and client side. Before 0.6.0 a workaround was active for both 952 sides, which has been removed at 0.6.0 in the believe that the bug 953 was gone (I only tested the server side, which was fixed). 954 - Fixed that bug in OpenSSL also for the client side (I can do this myelf 955 now that I have been invited to join the OpenSSL developers team :-). 956 The fix is availabe as of today and will be part of the 0.9.7 release 957 of OpenSSL (or 0.9.6a, if this release will be published). 958 - Included a workaround inside Postfix/TLS for OpenSSL library versions 959 before 0.9.6a or 0.9.7, respectively. 960 961********************** Begin Description 962 963 - By not caching the verify_result for the client side, the following 964 behaviour could appear: 965 * The problem can only appear when smtp_tls_session_cache_database 966 is activated. 967 * smtp_use_tls = yes 968 X On the first connection, the certificate fails verification, failure 969 is logged: 970 smtp[*]: Unverified: subject_CN=serv01.aet.tu-cottbus.de, issuer_CN=BTU-CA 971 For any following connections until the session times out (default 1 hour), 972 the peer certificate seems to pass verification: 973 smtp[*]: Verified: subject_CN=serv01.aet.tu-cottbus.de, issuer_CN=BTU-CA 974 X Security Impact: 975 Unverified certificates are logged as if verification had succeeded. 976 * smtp_enforce_tls = yes 977 X After the verification failure, the session is never correctly established 978 and hence not reused. 979 X Security impact: 980 None, as the session is never reused. 981 * smtp_enforce_tls = yes after smtp_tls_enforce_tls = yes for a server. 982 X If the session has been recorded with use_tls and then for this server 983 enforce_tls is set, the wrong verify_result could be used within the 984 session cache timeout (default = 1 hour). 985 X Security impact: 986 If TLS shall be enforced for a recipient, there is a window of approx. 987 one hour from setting the "enforce_tls" switch until a verification 988 failure is noted. For this to happen, a TLS session to that server must 989 have been used with use_tls set and the not-verifiable certificate must 990 have been recorded in that session. 991 - Evaluation: 992 Even though this _is_ a security problem, I consider risk to be *low*, 993 given the conditions under which the problem might occur. 994 995********************** End Description 996 9972000/11/27 == Released 0.6.25 == 998 9992000/11/26 1000 - Added "permit_tls_all_clientcerts" for smtpd_recipient_restrictions. 1001 When this option is enabled, any valid client certificate allows relaying. 1002 This can be practical, if e.g. a company has a special CA to create 1003 these certificates and only this CA is "trusted". It however does not 1004 allow finer control, so if e.g. an employee leaves, he could still 1005 relay. Postfix/TLS does not (yet) allow CRL (certificate revocation lists). 1006 (Added on popular demand.) 1007 - Make the client behaviour more configurabe: when enforcing TLS connections, 1008 the peer's name is checked against the CommonName in its certificate. 1009 New configuration variable "smtp_tls_enforce_peername" (default=yes) 1010 can now be used to accept peername!=CommonName. The server's certificate 1011 must still pass the verifcation process against a trusted CA! 1012 In tls_per_site, the according key is MUST_NOPEERMATCH. 1013 (Added on demand.) 1014 10152000/11/24 1016 - If the server requires a client certificate and no certificate is presented 1017 or the certificate fails verification, the connection is shut down but 1018 no information is logged. 1019 -> add according msg_info() in smtpd/smtpd.c:startls_cmd(). 1020 - If TLS is not enforced, it does not make sense for a server to require a 1021 client certificate. If no STARTTLS is issued, the SMTP would continue 1022 anyway, so why shut down when TLS is activated without verifyable client 1023 certificate? 1024 -> ignore smtpd_tls_req_ccert=yes, if TLS is not enforced and only treat 1025 like smtpd_tls_ask_ccert = yes with an according information logged. 1026 10272000/11/22 == Released 0.6.24 == 1028 10292000/11/22 1030 - Installed on my own servers and changed configuration to use the new 1031 "permit_tls_clientcerts" option name. Patchkit will be released after 1032 some hours of successfull operation. 1033 10342000/11/21 1035 - New snapshot-20001121 is being released. The patch applies without any 1036 conflict when applied with "patch -p1", so no need to rush out an updated 1037 patchkit. 1038 - Rename the smtpd_recipient_restrictions option from "check_relay_ccerts" 1039 to "permit_tls_clientcerts" to better match the naming scheme. 1040 Leave in the old option for now to not break existing configurations. 1041 The final incompatible removing is scheduled of release 0.7.0 of the 1042 patchkit which will be matching the next "stable" release of postfix. 1043 - There is no manual page for tlsmgr.8 (pointed out by Terje Elde 1044 <terje@thinksec.com>). 1045 Fix the comments at the beginning of tlsmgr.c and create tlsmgr.8. 1046 - In the session cache code an additional 20 bytes were allocated when 1047 converting SSL_SESSION data to binary using i2d_SSL_SESSION(). 1048 In adding these 20 bytes to the size listed by i2d_SSL_SESSION() I followed 1049 the example in the OpenSSL source (PEM_ASN1_write()). These 20 bytes are 1050 only added since when writing the PEM, a 20 byte checksum is added, so 1051 we don't need it in our case -> removed. 1052 (Researched after Carlos Vicente <cvicente@mat.upc.es> asked what these 1053 20 bytes are good for :-) 1054 10552000/10/30 == Re-Released 0.6.23 == 1056 10572000/10/30 1058 - Postfix snapshot-20001030 with an important bug fix is made available. 1059 The patchkit applies without any problem (patch -p1). 1060 Hence, I re-release the 0.66.23 release for the new snapshot. 1061 10622000/10/30 == Released 0.6.23 == 1063 10642000/10/30 1065 - New Postfix snapshot 20001029 available with some important bug fix. 1066 Adjusted patchkit (only minor conflicts). 1067 10682000/10/27 1069 - The CN_sanitize function (src/smtpd/smtpd.c) that shall make sure that 1070 no illegal sign is included into the Received: header does not work 1071 on systems were "char" is unsigned by default. 1072 (Linux on s390, found by Carsten Hoeger <choeger@suse.de>) 1073 -> Worked out a more precise (even though not looking elegant) solution 1074 that checks out all acceptable characters. 1075 - Sent new smptd.c to Carsten Hoeger for testing, will wait with new 1076 Postfix/TLS release. 1077 10782000/10/06 == Released 0.6.22 == 1079 10802000/10/06 1081 - snapshot-20001005 has been released, featuring fast ETRN. Only some minor 1082 patch conflicts needed to be resolved. 1083 10842000/09/28 == Released 0.6.21 == 1085 10862000/09/28 1087 - snapshot-20000924 seems to be somewhat longer lasting. I have been asked 1088 for a new Postfix/TLS release against snapshot-20000924, hence I will 1089 create one. 1090 - Running OpenSSL 0.9.6 for a week now to my full satisfaction. I will bump 1091 bump up the Postfix/TLS version counting to include "0.9.6", even though 1092 it will still run fine with 0.9.5a. 1093 10942000/09/25/ 1095 - snapshot-20000924 is available; only small adjustments. 1096 - Wietse seems to release new snaphots on a daily basis, it doesn't make 1097 sense to follow with a new Postfix/TLS release every day. 1098 10992000/09/23 == Released 0.6.20 == 1100 11012000/09/23 1102 - Recompile OpenSSL-0.9.6-beta3 with the change and reinstall old pfixtls.c: 1103 works again. Hence, all versions of Postfix/TLS working against 0.9.5a 1104 will also work again 0.9.6-final, which shall be released on 2000/09/24! 1105 - Wietse releases snapshot-20000923, patchkit adapted. 1106 - Went through the "install.html" document to add a remark about 1107 OpenSSL-0.9.6. This document is of historic quality but did not fit 1108 actual versions of Postfix/TLS, we are far beyond OpenSSL 0.9.2: Updated. 1109 11102000/09/22 1111 - Wietse releases snapshot-20000922. The source directory hierarchie has 1112 changed, so the patch needs to be adjusted at several places. 1113 - Run tests against OpenSSL 0.9.6-beta3: problems occur! 1114 * Certificates are no longer verified, since an informationa flag about the 1115 CA certificate search process is written into the error storage and 1116 thus misinterpreted as verification failure. 1117 * Changed Postfix/TLS source to maintain its own error storage based on 1118 the verify_callback, send out according warning to Postfix/TLS mailing 1119 list. 1120 * Unfortunately, this will break all older versions of Postfix/TLS. 1121 Sent out analysis to OpenSSL-bugs@openssl.org. 1122 * Additional change is made to OpenSSL: the new behaviour is only activated 1123 when a special flag is set, so compatibility is restored! 1124 11252000/09/21 1126 - Wietse releases snapshot-20000921. Some minor patch conflicts resolved. 1127 11282000/09/14 == Released 0.6.19 == 1129 11302000/09/14 1131 - Received a bug report: Postfix/TLS will accept a mail even though 1132 smtpd_req_ccert=yes (require use of client certificate) and no 1133 client certificate is presented. 1134 Reason: when no client certificate is presented SSL_get_verify_result() 1135 will return X509_V_OK, since this is the default value. 1136 Solution: only set "peer_verified" internal information, if the 1137 verify_result is X509_V_OK _and_ a peer certificate is available. 1138 Remark: This default value does not make too much sense. I will file 1139 a bug report/patch before the next release of OpenSSL... 1140 11412000/09/03 == Released 0.6.18 == 1142 11432000/09/03 1144 - When calling "sendmail -bs", smtpd is started without root privileges, 1145 hence it cannot open the private key file and the session cache database. 1146 Since the database routines do not offer a graceful return (only fatal 1147 and abort), this leads to a failure when TLS and session caching is 1148 activated. 1149 This affects PINE users (noted by Craig Sanders <cas@taz.net.au>). 1150 Solution: Try to read the private key first; if that fails, we can 1151 gracefully recover and won't touch the session cache database at all. 1152 - When STARTTLS is configured for smtpd but does not work (e.g. because of 1153 unaccessible keys), smtpd answers with "465 TLS not available due to 1154 temporary reasons". After that the connection was closed, this is however 1155 not necessary, as the client may decide to continue without TLS activated. 1156 - Craig Sanders <cas@taz.net.au> contributes a script to automatically 1157 generate the keys and certificates for Postfix/TLS usage. Added 1158 "make-postfix-cert.sh" to the contributed/ directory. 1159 11602000/09/02 == Released 0.6.17 == 1161 11622000/09/02 1163 - Craig Sanders <cas@taz.net.au> reports that he has connection problems 1164 with a site; the message in the log is: 1165 SSL_connect error 0 1166 8847:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:956:SSL alert number 10: 1167 * This is the error caused by the faulty TLS implementation with 1168 CommunigatePro. The bug is fixed in later versions of CommunigatePro, 1169 The site shall be contacted, they should update. 1170 - More important, he reports a segmentation fault immediately after this 1171 problem. 1172 - Bug: when not using session caching and an error occurs during the TLS 1173 handshake, pfixtls_start_clienttls() tried to remove the erronous 1174 session from a non-existant session cache. 1175 Fix: check the existence of the session cache before trying to access it. 1176 Comment: at all other places in the code this condition was already 1177 caught. 1178 - Remark: actually session caching was configured, but the configuration 1179 variable was mistyped because... 1180 it was wrong in conf/sample-tls.cf and doc/conf.html. 1181 The correct values are "smtp[d]_tls_session_cache_database" instead of 1182 "smtp[d]_tls_use_session_cache_database". 1183 Unfortunately this is not flagged by Postfix... 1184 11852000/08/25 == Released 0.6.16 == 1186 11872000/08/25 1188 - Make sure, that the smtp[d] processes will try to access the "daemon" 1189 entropy sources, but will only print an info when not available. Using 1190 the PRNG-exchange file, they can happily run without. 1191 - Moved HAS_SSL checks, such that the package compiles also when configured 1192 without -DHAS_SSL. 1193 11942000/08/24 1195 - Changed the handling of the PRNG-exchange file. Until now it was written 1196 by tlsmgr and read by the smtp[d] daemons. This had the disadvantage, that 1197 until tlsmgr rewrote new bytes to the file, all starting daemons read the 1198 same seed (to which some more bits, but not too much were added). 1199 - Now the file is handled in read->stir into pool->write back mode, so that 1200 every daemon will add its own entropy bits. 1201 - The smtp[d] processes will do so when starting, when opening a TLS 1202 connection and when closing. 1203 - The tlsmgr will also read back the file and add it to its pool, so that 1204 no entropy is lost. 1205 - This change significantly increases the "self seeding" capability of 1206 the TLS service. 1207 12082000/08/09 1209 - Cleaned up the new PRNG-seeding. 1210 - When tlsmgr looses connection to an EGD-source (because it was restarted), 1211 tlsmgr performes an exit(0), so that a newly started tlsmgr can reconnect. 1212 [chroot/dropped privileges]. 1213 12142000/08/04 1215 - Introduced new entropy sources for single daemons: 1216 * tls_daemon_random_source 1217 Using this source (same style as for tlsmgr), each starting daemon can 1218 obtain additional entropy (32 bytes by default). The PRNG-exchange file 1219 is still read. 1220 - I am not sure about the policy for this feature. If such a source is 1221 given, should a failure be considered fatal? 1222 12232000/07/23 1224 - Started reworking the PRNG seeding: 1225 * tlsmgr now recognizes tls_random_source as 1226 dev:/dev/urandom /* Direct read from device file */ 1227 egd:/path/to/socket /* Connection via EGD-socket */ 1228 /path/of/plain-file 1229 * If a dev: or egd: is given, tlsmgr will connect and keep the connection 1230 open, so that it now can run in chroot-mode with dropped privileges. 1231 - Since EGD can be drained, but the connection is permanently open, only 1232 suck a small number of bytes (default 32) at a time, but do it more 1233 often. 1234 12352000/08/09 == Released 0.6.15 == 1236 12372000/08/09 1238 - Traced through OpenSSL to learn more about the verify_callback-feature. 1239 The callback is called several times. When it returns "1", the handshake 1240 will continue, when it calls "0", the handshake will immediately fail 1241 (and Postfix/TLS will also close the TCP connection). 1242 - Following the sample in the OpenSSL-apps, the verification chain depth 1243 was the only property triggering this effect, so this stood hidden until 1244 now. Obviously, users having longer chains did set the verifcation 1245 depth accordingly or they gave up, since this was never reported... 1246 - Changed the behaviour of verify_callback() to never return "0", such that 1247 we can deal with the verification result later in a more consistent manner. 1248 If we only enable and not enforce, we simply want to ignore problems with 1249 the certificate. 1250 - verify_callback() did not print out all information, since the wrong 1251 state variables (pfixtls_*active instead of pfixtls_*engine) were 1252 checked. The *active state variables are only set later. 1253 As the verify process now became rather narrative, the normal logging 1254 is only done in loglevel 2! 1255 - Arrrghhh. The conf/sample-tls.cf _and_ the html-docu (which is actually 1256 copied from conf/sample-tls.cf) has wrong names for the verification- 1257 depth parameters. *_vd instead of *_verifydepth and ccert<->scert. 1258 [Wondering, why this never popped up before...] 1259 - Changed the default-verifydepth to "5" which should suffice for most 1260 cases. Maybe the limit could also be completely removed, but we should 1261 at least receive a warning hint when something goes wild. 1262 Since OpenSSL>=0.9.5 is required for Postfix/TLS anyway, certificate chain 1263 verification can now be used, so the caution applied before is no longer 1264 necessary. 1265 12662000/08/08 1267 - Tracked down the double-free() call in smtp with Efence. SSL_free() 1268 does call SSL_SESSION_free() on the negotiated session. Hence, I must 1269 not call SSL_SESSION_free() on the session in question, it will be 1270 removed anyway. 1271 - Also tracked down the certificate chain feature. Reason is the 1272 verify_callback() in global/pfixtls.c. It flags a chain depth that 1273 is too long as fatal, hence the connection is immediately closed. 1274 12752000/08/04 1276 - Received information from Alain Thivillon <Alain.Thivillon@hsc.fr>: 1277 FreeBSD-CURRENT offers malloc() with additional checks enabled. 1278 After successfully delivering, smtp dumps core with free() called 1279 twice in TLS mode. 1280 - I noted, that there is a communication problem with his site an my new 1281 certificate issued by the universities computer center (which has a chain 1282 depth of 2). Step back to the old self certificate for the time being. 1283 12842000/07/27 == Released 0.6.14 == 1285 12862000/07/27 1287 - Introduced new configuration parameter "smtpd_tls_wrappermode" that 1288 enables the (deprecated) old style SSL-wrapping around SMTP. It could 1289 be run on a different port (once smtps=465) was recommended for this 1290 services. 1291 This method is used by old versions of Outlook (Express), the Mac versions 1292 and even actual versions, when not run on port 25. 1293 [Actually it was only a handful of lines, so it doesn't hurt too much, 1294 even though it does not follow any RFC.] 1295 - I recommend using this option only from master.cf. Example lines added 1296 to conf/master.cf and description added to Postfix/TLS-doc/conf.html. 1297 - When having SASL enabled and TLS-enforce mode in "smtpd", only offer 1298 AUTH, when TLS has been activated. Otherwise the client might simply 1299 send the unencrypted credentials before it receives 1300 530 Must issue a STARTTLS command first 1301 and an eavesdropper already has what he was looking for. 1302 13032000/07/19 == Released 0.6.13 == 1304 13052000/07/19 1306 - Changed the library-initializaton call to new naming scheme 1307 (SSLeay_add_ssl_algorithms() to OpenSSL_add_ssl_algorithms() :-). 1308 - Updated documentation to reflect the use of chain certificates with 1309 CAfile and smtp[d]_tls_cert_file (see 2000/07/06). 1310 - Documentation: the interoperability problem with CommunigatePro has been 1311 solved: CommunigatePro violated the TLS-RFC and has been fixed. 1312 - Typo: It is "to stir" not "to stirl" :-) 1313 13142000/07/06 1315 - Received certificate for our site from our computer center. It's a chain 1316 certificate. Now load the cert with SSL_CTX_use_certificate_chain_file(), 1317 in order to better load the chain CA certificates. 1318 13192000/07/04 1320 - Reported Wietse about a possible problem in the SASL code, a relay check 1321 may also be performed if sasl was not enabled and might lead to unwanted 1322 relay. 1323 As the fix is in my own codebase, I will leave it Postfix/TLS until a 1324 new snapshot (or final release) is available. 1325 13262000/06/02 == Released 0.6.12 == 1327 13282000/06/02 1329 - Adapted to Snapshot-20000531 (minor patch conflict). 1330 - Cleaned up some old header file dependencies in global/pfixtls.c and 1331 global/Makefile.in that are no longer needed due to the interface changes 1332 (timed_read()/write()) in 0.6.7. 1333 13342000/05/29 == Released 0.6.11 == 1335 13362000/05/29 1337 - Following Bodo Moeller's analysis, the error is due to a mismatch between 1338 the CA certificate accessible in the smtp[d]_tls_CAfile and the one used 1339 in the actual certificate (smtp[d]_tls_cert_file). 1340 Daniel Miller fixed his setup and the problem is gone. 1341 - Introduced a workaround into Postfix/TLS: if the padding error is found, 1342 it is removed from the error-queue by Postfix/TLS, in order to protect 1343 more sites from experiencing this problem. 1344 - Added a warning to conf/sample-tls.cf 1345 - Updated to the latest snapshot-20000528. 1346 13472000/05/27 1348 - After some fiddling around working through the binary certificate data to 1349 see where it is modified at 0.6.10, I actually note, that both 0.6.9 and 1350 0.6.10 choke on the data. Now going back up through the functions very 1351 fast reveals the problem: 1352 * The certificate supplied triggers the "RSA-padding" error in any case. 1353 Since the certificate authencity is not enforced on OpenSSL-library level 1354 but inside postfix later, the error is not enforced. 1355 The error messages generated stay however in the error queue. 1356 - For blocking sockets, the SSL_accept()/connect() calls return 1357 "success", so the error-queue is never checked. 1358 - With BIO-pairs, the error queue is checked to find out, whether the 1359 function has just to be called again to continue the handshake, so 1360 the error messages are found and the connection is shut down due to 1361 the error condition. 1362 - Submitted bug report to Bodo Moeller. Bug fix is checked into the OpenSSL 1363 CVS archive: if the error is ignored during the handshake, clear the 1364 error-queue. 1365 * The next release of OpenSSL will behave consistently. 1366 - This leaves open the question, why the RSA-padding error is issued in the 1367 first place. Sent a query to the OpenSSL-* mailing lists. 1368 13692000/05/26 1370 - A second site experiencing this problem pops up. 1371 -> Issued a warning to the postfix_tls mailing list. 1372 13732000/05/24 1374 - Contacted Damien Miller <djm@mindrot.org>. He did not change his TLS setup 1375 in the last time. He is running Postfix/TLS-0.6.6. 1376 - Contacted Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>, the author 1377 of the BIO-pair part of OpenSSL for some debugging hints. Received several 1378 worthful remarks on what to look for. 1379 - Checked byte-for-byte the data fed into the OpenSSL-library. It does not 1380 differ between 0.6.9 and 0.6.10, so my handling seems to be actually 1381 correct. 1382 13832000/05/23 1384 - A communication error occurs when talking to mail.mindrot.org: 1385 SSL_accept error -1 1386 10264:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: 1387 10264:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:396: 1388 10264:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1 object call:a_verify.c:109: 1389 - The error occurs both in client and server mode. 0.6.9 does not show 1390 this problem. 1391 - Tried to connect with several other sites, all connections are fine, 1392 this includes sendmail and qmail peers; hence decided to not recall 0.6.10. 1393 13942000/05/23 == Released 0.6.10 == 1395 13962000/05/23 1397 - Sent a note to openssl-dev@openssl.org about the behaviour of SSL_free() 1398 and BIO_free(), hoping for some clarification whether my way of doing 1399 it is the recommended way. 1400 - Run the software in production mode on my own servers... 1401 - Finished writing the in-source documentation. 1402 - Updated sample-tls.cf and sample-smtp[d].cf to reflect the new timeout 1403 parameters. 1404 14052000/05/21 1406 - Removed error messages produced by the now non-blocking behaviour of the 1407 TLS layer [apps_ssl_info_callback()]. 1408 14092000/05/20 1410 - Took results home and tried to run it on my Linux-box: SEGV after 1411 successfully handling the SMTP session!! 1412 * It seems that the SSL_free() and BIO_free() functions interact. 1413 SSL_free() releases the underlying BIO and it will bomb out when 1414 it is then explicitely BIO_free()'ed again and vice versa. 1415 * It did not bomb out on HP-UX, but such things happen. I however want to 1416 know, why the example program does not fail... 1417 * With respect to the bevaviour as is, SSL_free(TLScontext->con); 1418 BIO_free(TLScontext->network_bio) and not touching 1419 TLScontext->internal_bio works. 1420 - Introduced special timeout values for the TLS negotiation stage, as the 1421 timeout values may change with protocol state (suggested by Wietse). 1422 - Started writing a full description of the BIO-pair concept and its 1423 special treatment into the pfixtls.c sourcecode. 1424 14252000/05/19 1426 - Systematicly implemented a generalized layer handling: 1427 * do_tls_operation() is the generic handler for all SSL_*() input/output 1428 functions. It deals with the non-blocking behaviour of this functions, 1429 requiring appropriate retrys. 1430 * network_biopair_interop() handles the interaction between the socket/fd 1431 and the buffering BIO-pair. 1432 14332000/05/18 1434 - Based on the example in openssl-0.9.5a/ssl/ssltest.c realized the first 1435 usage of BIO-pairs. (Can do server handshaking.) 1436 - Learned, that the BIO-pair has its own buffering that needs its own 1437 flushing. It is not enough to relay on the SSL_ERROR_WANT_READ/WRITE 1438 state information. 1439 14402000/05/17 == Released 0.6.9 == 1441 - Important: the seperator in the relay-fingerprints is now ':'!!! 1442 Don't forget to change your relay_clientcerts databases. 1443 14442000/05/16 1445 - Changed pfixtls.c to only use the interface described in util/vstream.c 1446 for handling the VSTREAM. 1447 * Added vstream_context() macro to the VSTREAM-interface. 1448 - Introduce TLScontext to identify the connection instead of the file 1449 descriptor. Move all static data (SSL structure and information gathered 1450 about the connection) into the context. 1451 The TLScontext is allocated on TLS-start for a connection and saved with 1452 the VSTREAM, so several streams can be used at the same time. 1453 - Removed "pfixtls_setfd()" as it is no longer needed. 1454 - Changed the relay_clientcerts list from string_list_* to maps_* interface 1455 to allow usage of ":" in the list. 1456 THIS IS AN INCOMPATIBLE CHANGE!!!! 1457 - Updated documentation accordingly. 1458 14592000/05/12 == Re-released 0.6.8 == 1460 14612000/05/12 1462 - Wietse announces snapshot-20000511 with an important bugfix. 1463 - Since upgrading from 20000507 to 20000511 is highly recommended, 1464 Postfix/TLS 0.6.8 is re-released for this snapshot (the patch applied 1465 cleanly, just the name of the toplevel directory has changed). 1466 14672000/05/11 == Released 0.6.8 == 1468 14692000/05/11 1470 - Unlike expected I found some time to install the latest cyrus-sasl-1.5.21 1471 and test some parts the integration. It does, well, work as advertised 1472 (and the advertisement in SASL_README is not too optimistic). 1473 - When checking all of the rejected patch-snippets for 0.6.6->0.6.7 1474 I missed the parameter "smtpd_enforce_tls" (noted since I wanted to 1475 enforce TLS encryption while playing around with plaintext passwords) 1476 in the static CONFIG_BOOL_TABLE bool_table[] = {..} in smtpd/smtpd.c 1477 -> I will immediately release a corrected version 0.6.8. 1478 14792000/05/11 == Released 0.6.7 == 1480 14812000/05/11 1482 - The latest sendmail.8.11.0.Beta1 includes STARTTLS support; it is available 1483 in source code and also uses OpenSSL. 1484 14852000/05/10 1486 - After having it running at home (Linux) I also install it at work for 1487 the field test. 1488 - No time to install the SASL kit, so this part stays untested as of now. 1489 14902000/05/09 1491 - Downloaded snaphot and apply the patchkit. 1492 - Straightened out the rejected parts of the patch. 1493 - Due to the new layering with timed_read() and timed_write() functions 1494 the integration of the TLS layer needed special adjustment. 1495 * When TLS is active, the timed_read() and timed_write() functions are 1496 replaced by the corresponding pfixtls_timed_read() and 1497 pfixtls_timed_write() functions. When the TLS functionality is stopped, 1498 the old functions are restored. 1499 * The names of the pfixtls_timed_*() functions are looking into the future, 1500 because they are working as before, the timeout functionality is not 1501 in, yet. 1502 15032000/05/08 1504 - Wietse announces snapshot-20000507 with a lot of changes. Especially 1505 important: the I/O handling of the smtp-stream has been changed to 1506 a more layered technique that allows easier integration of the TLS layer. 1507 15082000/04/27 == Released 0.6.6 == 1509 15102000/04/27 1511 - Fixed inconsistency between documentation and actual behaviour: peer 1512 certificate information was not logged at level 1 (found by 1513 Damien Miller <djm@mindrot.org>). 1514 * While at it: the logged information did not say whether the certificate 1515 data logged passed verification or not: fixed. (The information logged 1516 in the Received: header already contained that information.) 1517 - Backported dict_dbm.c from snapshot-20000309 with the updated 1518 dict_delete() behaviour (key not found is not considered fatal). 1519 Maintained dict_sdbm.c accordingly. 1520 15212000/04/18 == Released 0.6.5 == 1522 - Important: 1523 * New session cache mechanism SDBM. Please adapt your main.cf and delete 1524 any old ".db" session cache files manually. 1525 15262000/04/18 1527 - I am using the SDBM session cache for a week right now and did not have 1528 any trouble, so I think its worth pushing it out. 1529 - I am not completely happy with the dict_del() behaviour of considering 1530 a not-found key fatal. It might happen when the smtp[d] processes would 1531 be allowed to delete themselves. They are not as of now, so I accept it 1532 for now but will reconsider it. 1533 - Updated documentation accordingly. 1534 15352000/04/17 1536 - Received corrections for the HTML-docs from Ralf Hildebrandt 1537 <R.Hildebrandt@tu-bs.de>. 1538 15392000/04/11 1540 - Transfered SDBM from home (Linux-testbed :-) to work [found and fixed some 1541 small items when compiling on HP-UX]. Started running it under 1542 "real life" conditions. 1543 15442000/04/07 1545 - Implemented "SDBM" Simple Database Management routines as also utilized in 1546 ModSSL. Of course, it requires reopening of the databases, so the 1547 routines are changed, that the _file_descriptors_ are left open, but 1548 the _in_memory_ database stuff (especially the cached data) is closed 1549 and reopened on access. This is what is really needed. The pagesize 1550 is increased from standard DBM compatibility to hold the session 1551 information. 1552 Additionally, this software is in the public domain, so no additional 1553 license problems arise. 1554 - The access goes through the dict_* interface, hence the locking is 1555 performed by myflock(). 1556 15572000/04/01 == Released 0.6.4 == 1558 15592000/04/01 1560 - Updated to the new patchlevel of Postfix (19991231-pl06), some parts of 1561 the patch were rejected due to changes in smtpd. 1562 - Changed patch name with respect of today's release of OpenSSL-0.9.5a. 1563 The code remained unchanged. 1564 15652000/03/25-31 1566 - The cached informations are not deleted by "tlsmgr" even though stored 1567 and retrieved by the smtp[d] processess. Strange. 1568 - Spend some large amount of time digging through the Berkeley DB 1569 documentation and code. 1570 * It claims that Berkeley DB is multi-process capable. Caveat: it takes 1571 the very complicated "transaction model", that I did not use until now. 1572 Hence the session cache does not work as is. 1573 * Even with transaction model, Berkeley DB requires re-opening of the 1574 databases to get rid of cached information. F*ck. 1575 - Finally, I give up on Berkeley DB for session caching. It will never 1576 work for us. Even if it would, it requires a large amount of helper files 1577 and it seems, that the transaction environment is somewhat fragile when it 1578 comes to some problem. I won't rely on it. 1579 15802000/03/28 == Released 0.6.3 == 1581 15822000/03/28 1583 - As has been pointed out to me, the TLS information in the Received: 1584 header is not conform to RFC822. 1585 - The TLS protocol and peer CN information is now included in '()', so 1586 that it is a comment. 1587 15882000/03/21 == Released 0.6.2 == 1589 15902000/03/21 1591 - I have been running DB based session caching with the changes for some 1592 more time now without problems. Am I really confident? No, not really. 1593 I remember the trouble I had with Berkeley DB and sendmail on HP-UX. 1594 I don't think I really trust it. 1595 - Realized single "smtp_tls_per_site" lookup. I cannot use the more or 1596 less comfortable "domain_list" lookups as before, since these do not 1597 return the value, just found or not :-(. 1598 Hence the lookup is realized with maps and exact lookup. I never tried 1599 regexp. But if I understand the docs correctly, it should be possible to 1600 use it here to realize wildcard lookups, if it would not have been 1601 disabled :-(. 1602 - Summary: 1603 * Session Cache will be cleaned at "postfix reload" or "postfix start" 1604 * New table "smtp_tls_per_site" 1605 * Gone: "smtp_tls_[use/enforce]_[recipients/sites]" 1606 1607 16082000/03/16 1609 - Changed pfixtls.c, so that it will only open Session Cache databases, 1610 that are already available. tlsmgr is responsible for creation. 1611 - Change tlsmgr.c, such that session cache databases will be removed before 1612 opening, so that fresh databases are used whenever postfix is restarted. 1613 This means, that session information is not kept over a postfix stop/start 1614 or reload sequence, but it also means, that issuing a postfix reload will 1615 clean the session cache. 1616 I don't use simple dict_open with O_TRUNC, because this would not help 1617 against database files, that are locked by hanging smtp[d] processes. 1618 If you think it will also solve the "hang" problem described for 1619 2000/03/15: in a certain sense it can, since tlsmgr will be killed by 1620 the watchdog and new, fresh cache files are installed, but that is not 1621 more than an ugly hack. It must be solved in a clean manner. 1622 16232000/03/15 1624 - Experienced some strange problem with Berkeley DB based session cache. 1625 The DB routines hang while trying to delete an entry. I did save the 1626 corresponding "hash:" file and could reproduce it (and walk through 1627 the endless loop with a debugger), but I didn't find the reason why. 1628 Since during "db->del" the database is exclusively locked all other 1629 processes hang however, so this is really bad!!!!!!!! 1630 16312000/03/12 == Released 0.6.1 == 1632 16332000/03/12 1634 - Created tls_info_t structure to hold all information about the active 1635 TLS connection. Remove all global variables except those for the 1636 running client/server engines (those might be replaced with global 1637 variables in smtpd/smtp, though). 1638 - Added field "dNSName" to the structure (still unused). This will be 1639 used with X503v3 extensions. 1640 - Cleaned up TODO, since some items are now done... 1641 16422000/03/11 1643 - Added missing #include <sys/time.h> to tlsmgr.c. (Worked without on HP-UX, 1644 showed up on Linux.) 1645 - Bug: removal of server side sessions from the cache in case of trouble 1646 failed, because uppercase hex was used instead of lowercase for the key. 1647 This does not affect removal of expired sessions by tlsmgr. 1648 - Stepped up to postfix-19991231-pl05. 1649 16502000/03/09 == Released 0.6.0 == 1651 - Important: 1652 * This release features an additional daemon, the "tlsmgr", please update 1653 your master.cf accordingly. 1654 * This release does not use the /var/spool/postfix/TLS* directories 1655 anymore. Remove them and re-install the original postfix-script. 1656 * Check the new/changed configuration parameters tls_random* and 1657 smtp[d]_tls_session_cache*. 1658 * This release will only work with OpenSSL >= 0.9.5!!!!! 1659 16602000/03/09 1661 - Testcompilation of Postfix/TLS without -DSSL and the OpenSSL includes and 1662 libraries passed. 1663 - Worked through tlsmgr.c to remove unneeded header files. 1664 - Wrote documentation for tlsmgr.c. 1665 - Updated documentation on top of pfixtls.c. 1666 - Put (char *) casts into the myfree() calls, where necessary, to make the 1667 HP compiler happy. 1668 - Updated html PRNG documentation in Postfix/TLS. 1669 16702000/03/08 1671 - Finished first version of "tlsmgr". Does run through session cache 1672 databases and detects and deletes (*) old sessions. 1673 * Had to realize SYNC_UPDATES for the dict_db_delete() function and patch 1674 the flag handling within the function. Changes sent to Wietse. 1675 - Restored qmgr to its original state. 1676 - Extended pfixtls.c to need an additional "needs_095_or_later()" function 1677 when compiled with an older version of postfix. 1678 - The session cache is now enabled, when a database filename is given. 1679 smtp[d]_tls_use_session_cache configuration parameters removed, 1680 updated documenation accordingly. 1681 - Moved the PRNG handling to tlsmgr, applying the new model. tlsmgr will 1682 query external sources at startup and will then feed a PRNG exchange 1683 file with random data in intervals of configurable (but random driven) 1684 length. 1685 If running outside chroot, tlsmgr can query the entropy source (e.g. 1686 EGD or /dev/urandom) again and so increase entropy with time. If the 1687 entropy sources don't limit access, the tlsmgr can run with "postfix" 1688 privileges. Mine does. 1689 -> master.cf became a new entry. 1690 - tlsmgr is realized as a trigger server and has the "fifo" entry. Actually, 1691 it does not take any input. One could utilize it to feed back some entropy 1692 from running smtp[d] processes, but I think this would overload the 1693 issue. 1694 - I will release a 0.6.0 pre-version as is. tlsmgr still lacks the detailed 1695 information in the header and the interface description in pfixtls.c 1696 probably is also not longer up do date. 1697 16982000/03/07 1699 - Since defective session data can cause SEGFAULTs, it is now armored 1700 by a leading structure that does contain a session cache version and 1701 the postfix library version before the timestamp. If a session does 1702 not match exactly the version numbers, it is immediately discarded 1703 and deleted to avoid harm. 1704 - Removed the seperate storage of the peer's certificate verify_result, 1705 so starting from this moment, Postfix/TLS will only work safely with 1706 OpenSSL >= 0.9.5!!! 1707 - Ported server side session cache routines to the client side; works. 1708 - Analyzed structure of "qmgr" to understand consequences for the planned 1709 "tlsmgr" daemon. Transferred the sceleton. 1710 - Received word from sendmail, a (at least preliminary) TLS enabled test 1711 address is "bounce@esmtp.org". 1712 17132000/03/06 1714 - Wietse supplied a change to the dict/dict_db mechanism to allow for 1715 synchronous updates. 1716 Session cache updates for the server side seem to work now, removal of 1717 old sessions (when called from the client) integrated. 1718 17192000/03/05 1720 - Got the database style session cache to run for the server side (at least 1721 partial). The removal of old sessions is not yet realized. 1722 [There are several man pages for OpenSSL as of 0.9.5, but the i2d etc 1723 interfaces are not belong them, so I had to study the source code instead.] 1724 * What is not working by now is the synchronization of the memory database 1725 to disk. It only is synchronized automatically upon close. It would be 1726 necessary to sync after each update or delete, but this is not implemented 1727 in Wietse's dict library. I will post an according proposal. 1728 17292000/03/04 1730 - Wietse posts a patch to select "EHLO" negotiation even if ESMTP is 1731 not recognized from the 220 greeting. Activating this flag will however 1732 break compatibility with mailers, that simply close the connection 1733 upon EHLO. I don't know how the large the number of these broken mailers 1734 is, but activating "smtp_always_send_ehlo" is a tradeoff. 1735 - Integrated Wietse's patch into Postfix/TLS. 1736 17372000/03/03 1738 - Received update from Matti Aarnio (Zmailer) is now for some time able 1739 to do server _and_ client side TLS. Updated documenation accordingly. 1740 When testing, Postfix client to Zmailer server failed, because 1741 Zmailer announces with "ESMTP+IDENT" and Postfix does not recognize 1742 the ESMTP token (must be seperate), so only HELO is used and STARTTLS 1743 is not offered by the Zmailer server. Informed Matti accordingly, 1744 will wait until the problem is resolved before actually publishing 1745 the update. 1746 - Enhanced the documentation by listing automatic reply services at which 1747 interoperability can be tested. 1748 17492000/03/02 1750 - Went through the Postfix source to check out the database routines. 1751 It should be possible to move session caching from directory/file- 1752 based to database. Since DBM only allows blocks (key+contents) of 1753 1024 bytes and a session is larger, only Berkeley DB can be used. 1754 Put some first bits into Postfix/TLS. 1755 17562000/02/29 == Released 0.5.5 == 1757 17582000/02/29 1759 - OpenSSL 0.9.5 has been released. Since I want to promote 0.9.5, as it 1760 contains several bugfixes and enhancements, I release a new version 1761 of Postfix/TLS. My personal highlights: 1762 * The bug with Win32 Netscape not commencing after certificate storage 1763 unlocking should be fixed. (I will leave the not in however, as long 1764 as I have not positively checked it myself. Reproducibility...) 1765 * The bug, that the certificate verifiation result is not stored in the 1766 session cache (discovered for Postfix/TLS 0.4.4) is fixed. I will leave 1767 the Postfix/TLS workaround in as long as it will run with older versions 1768 of OpenSSL. 1769 * The OpenSSL commandline tools like "openssl gendh" now support EGD, so 1770 that the examples for generating the DH parameters now will really work 1771 with high quality random data :-) 1772 * The support of 56bit ciphers has lost its importance since 128bit 1773 versions of Netscape etc are now easily available... 1774 - This version does not feature source code changes but updated documenation 1775 when compared with 0.5.4: 1776 * List examples on how to generate good entropy for the PRNG seed in 1777 /etc/postfix/random_file. 1778 - Update the TODO document with respect to the discussion about session 1779 caching and other security items. This document is a very short summary, 1780 for the full discussion check the mail archive at 1781 http://www.aet.tu-cottbus.de/mailman/listinfo/postfix_tls/ 1782 17832000/02/26-28 1784 - Wietse considers including Postfix/TLS into the main release. A discussion 1785 about security relevant features, especially the session cache inside 1786 the chroot jail takes place. 1787 The discussion will definetely lead to some changes; I have however not 1788 decided on the first step, yet :-) 1789 17902000/02/21 == RELEASED 0.5.4 == 1791 - Important: Another directoy is created in /var/spool/postfix, so don't 1792 forget to install the new versions of conf/postfix-script-*sgid. 1793 17942000/02/21 1795 - Finished the seed-exchange architecture by saving the random seed at exit 1796 of smtp and smtpd. 1797 - Wrote documentation for the PRNG handling to the documentation. 1798 - Tested on HP-UX (with a current OpenSSL-pre-0.9.5 snapshot and 0.9.4) 1799 and on SuSE-Linux (with 0.9.4). 1800 * THIS VERSION WILL STILL RUN WITH OPENSSL-0.9.4, but it will also run 1801 with OpenSSL-0.9.5. Older versions of Postfix/TLS will not, because the 1802 PRNG is not seeded! 1803 18042000/02/19 1805 - Start to implement my own model of collecting entropy. All smtp and smtpd 1806 processes will record some items (mainly the time of actions) to add 1807 some entropy into the PRNG. The state is saved and used to re-seed by the 1808 smtp and smtpd processes, so that entropy adds up into the pool. 1809 The seeding by external file is additionally kept in order to be able 1810 to inject additional entropy. 1811 18122000/02/18 1813 - Included routines to add random seed from a configurable file 1814 "rand_file_name". I don't want to retrieve the entropy from a real 1815 random system source, because the amount of entropy that can be collected 1816 is limited. We might hence stall. Let's think about this problem. 1817 - The SSL_CTX_load_verify_locations() has been fixed in the latest 1818 OpenSSL snapshot. 1819 18202000/02/17 1821 - Tracked down the SSL_CTX_load_verify_locations() problem in the OpenSSL 1822 library. If more than one CA-certificate is loaded, a bogus return value 0 1823 is created, because the count of certs is checked to be "1" instead of 1824 allowing ">=1". Reported to openssl-dev. 1825 18262000/02/16 1827 - Downloaded the latest openssl-SNAPSHOT-20000215 and installed it on 1828 my development machine, then recompiled Postfix/TLS and try to run it. 1829 * Failure: SSL_CTX_load_verify_locations() fails on reading the CAfile with 1830 return value 0, but no actual error is displayed. 1831 If the return value is not checked, the CA-certificates work, so that 1832 they are loaded and the error indicator seems to be bogus. 1833 Reported to openssl-dev mailing list. 1834 * Failure: OpenSSL has become picky about correct seeding of the PRNG 1835 Pseudo Random Number Generator. Installed some "testseed" that is 1836 actually not random, but then Postfix/TLS starts to work again. We 1837 will need some good random seed setup, probably reading from either 1838 /dev/random (if available) or from EGD. 1839 Found out during the experiments, that EGD is not that simple to use 1840 as described in some of my Postfix/TLS docs. Must be upgraded. 1841 Asked in the openssl-dev mailing list about the recommended amount 1842 of random data needed for seeding the PRNG. Ulf Moeller recommends 1843 a minimum of 128bit. 1844 18452000/02/14 == Released 0.5.3 == 1846 18472000/02/14 1848 - OpenSSL 0.9.5 is to be released within the next hours/days. Since I intend 1849 to use some of its new features soon, I will re-release 0.5.2 as the last 1850 version that will run with 0.9.4 but for the latest postfix patchlevel. 1851 - No functional changes. 1852 - Updated patch for postfix-19991231-pl04. 1853 18542000/01/28 == Released 0.5.2 == 1855 18562000/01/28 1857 - Stepped up the next postfix patchlevel postfix-19991231-pl03. 1858 No functional changes. 1859 18602000/01/03 == Released 0.5.1 == 1861 18622000/01/03 1863 - Bug fixed: Don't specify a default value for "smtpd_tls_dcert_file", 1864 assuming that typically a DSA certificate is not used. 1865 Otherwise smtpd will try to read it on startup and the TLS engine won't 1866 start since it is not found. 1867 I didn't note this bug before today, because I could not install this 1868 release in a larger scale on my own servers due to a network failure 1869 of our campus backbone lastring from Dec 31 until today. 1870 - Stepped up to the just released postfix-19991231-pl01. 1871 18722000/01/01 == Released 0.5.0 == 1873 18742000/01/01 1875 - Upgraded to the new postfix release 19991231. 1876 18771999/12/30 1878 - Enabled support for DSA certificate and key for the server side. One 1879 can have both at the same time, the selected cipher decides which one 1880 is used. OpenSSL clients (like Postfix/TLS) will prefer the RSA cipher 1881 suites, if not especially changed in the cipher selection list. 1882 Netscape will only use the RSA cert. 1883 - The client side can only have one certificate. There is a way out by using 1884 a callback function, that will receive the list of acceptable CAs and 1885 then do some clever selection: SSL_CTX_set_client_cert_cb(). 1886 I will however have to figure out, how it has to be prepared, it seems, 1887 that there is no example available. 1888 - I have been able to successfully generate a DSA CA and certificates for 1889 some Postfix hosts and to do authentication and relaying as expected. 1890 So now I have to document how it is done in a practical manner... 1891 - Moved up prerelease 0.5.0pre02 to the download site. 1892 18931999/12/28 1894 - Moved up to SNAPSHOT-19991227. 1895 - Don't forget to check the return value when calling 1896 SSL_CTX_set_cipherlist(). 1897 - Add code to load DH-parameters from disk. 1898 - Add configuration information for the new functionality: DH paramter 1899 support, possibility to influence the cipherlist. 1900 - Moved up prerelease 0.5.0pre01 to the download site. 1901 19021999/12/25 1903 - Found some minutes to relax from the christmas business. 1904 - Applied the 0.4.7 patch to SNAPSHOT-19991223 and included the new changes 1905 of 1999/12/19. 1906 Once the new stable release of postfix is out, this minimum state will be 1907 the new Postfix/TLS patch: the new functionality will not influence 1908 stability, so it can stay in even if still unfinished. 1909 19101999/12/23 1911 - Wietse announces SNAPSHOT-19991223: if no severe bugs are found, it will 1912 be promoted as next stable release soon. Good to have kept everything 1913 from yesterday. 1914 19151999/12/22 1916 - Got a query from a Postfix/TLS user: the patch does not apply cleanly to 1917 SNAPSHOT-19991216 and he somehow messed up to integrate the rejected 1918 parts (it later turned out he just forgot on reject). 1919 Applied the patch myself and generated a diff, sent it to the user 1920 and of course kept a copy for myself, since I will have to apply it 1921 myself eventually once the next "stable" release of postfix is out. 1922 19231999/12/19 1924 - Began modifications for 0.5.x: 1925 * Added configuration variables for specifying the cipherlist to be used 1926 smtpd_tls_cipherlist and smtp_tls_cipherlist. For the format, there 1927 is some (however sparse) documentation in the openssl package. 1928 * Call SSL_CTX_set_cipherlist() with these data. 1929 * Added default temporary DH parameters to pfixtls.c (only server side is 1930 necessary) and configuration variables to specify user generated 1931 parameters; they are however not used, yet. 1932 The default parameters were generated using the presumably good 1933 /dev/random source. 1934 19351999/12/13 == Released 0.4.7 == 1936 19371999/12/13 1938 - Addendum to the last change: do also remove sessions, that could _not_ 1939 be reused. 1940 - Updated configuration information: 1941 * As of OpenSSL 0.9.4, certificate chain verification is not sufficient, 1942 since the certificate purpose is not checked, so I recommend to add 1943 all intermediate CAs the the list of CAs and stay with a verification 1944 depth of 1. 1945 Work is in progress for 0.9.5. 1946 - Stepped up to the just released new patchlevel postfix-19990906-pl09. 1947 19481999/12/10 == Released 0.4.6 == 1949 19501999/12/10 1951 - Realized changes implied below: Removed SSL_CTX_add_session() in the 1952 client startup; remove session on stop with SSL_SESSION_free(). 1953 - In the morning there is a mail on the list, that Postfix might be 1954 crashed with a single "\" on the "CC:" line. Hence, we should expect 1955 a new patchlevel soon. Release the actual change anyway. 1956 19571999/12/09 1958 - Read in the "openssl-users" mailing list, that SSL_CTX_add_session() 1959 is only intended for servers. On the client side, SSL_set_session() 1960 is sufficient. 1961 Additionally, the session should be explicitely freed, since 1962 SSL_set_session() will increment the usage count for the session. 1963 Explained by Bodo Moeller. 1964 19651999/12/xx 1966 - Had a discussion (by email) with Bodo Moeller about DH/DSS. It seems 1967 I understand better now (after the discussion) how it works :-). 1968 Implementing it should not be too difficult but might take some more 1969 hours. Mentally scheduled it for Version "0.5.0" whenever this might 1970 be (rough guess: christmas vacation). 1971 Decided to hence not discuss this topic in the docs, since it might 1972 change in the near future anyway. 1973 19741999/11/23 1975 - Discussion with rch@writeme.com (Richard) about implementing DH ciphers 1976 and DSA keys and certificates on the Postfix/TLS list: It does not work 1977 as of now. 1978 19791999/11/15 == Released 0.4.5 == 1980 19811999/11/15 1982 - Applied patch to postfix-19990906-pl07 without problems. Well, let's 1983 release new version of Postfix/TLS, so that we look up to date. 1984 - Add the "DO NOT EDIT THIS FILE" to conf/sample-tls.cf. 1985 19861999/11/08 1987 - Applied patch to the fresh release of postfix-19990906-pl06 without 1988 problems. Nothing else, so no new release of Postfix/TLS. 1989 19901999/11/07 == Released 0.4.4 == 1991 19921999/11/07 1993 - Played around some more with the X509_verify_cert() function: when saving 1994 a session, neither the verify_result is saved nor the certificate chain 1995 necessary to re-verify. So there were two possibilities left: do a full 1996 renegotiation negating the benefit of session caching or 1997 - save the verify_result into to the session cache file and set the value 1998 when rereading from disk. This way the positive result of session caching 1999 is kept. 2000 - Make sure, the verify_result value is propagated as pfixtls_peer_verified 2001 and used where needed. 2002 - After experiencing some failures at TLS connection setup, the SSL_sessions 2003 are now freed again when closing. It seems, something is left over in the 2004 session structures, even though SSL_clear() is called. 2005 20061999/11/06 2007 - When not asking for a client certificate, the "Received:" header will show 2008 the protocol and cipher, but silently omit the client CN (because they 2009 where not supplied). Noted by Craig Sanders <craig@taz.net.au>. 2010 The same holds, if a certificate is asked for, but none supplied. 2011 Now, in any case an appropriate information is added in the "Received:" 2012 header. 2013 - Added a hint to remove sessions from the cache during testing, since 2014 old information may still be in the cache. Also proposed by Craig 2015 Sanders <craig@taz.net.au>. 2016 - While at it: client CN and issuer CN are printed, but the verification 2017 state is not, so that the trust value of this data is not known. 2018 * Added (verify OK/not verified) to the Received: header. 2019 * Obtained information using the SSL_get_verify_result(SSL *con) call. 2020 * Learned, that the state is not saved in the session information, so 2021 that a recalled old session will always return "OK" even if the 2022 certificate failed the verification! Call it a bug in OpenSSL. 2023 Still investigating on a good way to work around this problem. 2024 - Fixed a bug in the syslog entries: The client CN is logged, but the 2025 issuer CN is not, because of a missing "%s" in the format string. 2026 20271999/11/03 == Released 0.4.3 == 2028 20291999/11/03 2030 - Added some hints about security to the html documentation. 2031 - Tested the changes made two weeks ago at home in the large university 2032 setup. I was to a conference in between and didn't want to release 2033 the new version without having done some more tests. 2034 20351999/10/17 2036 - Added another half a ton of comments (this time for the client side), 2037 yielding one ton alltogether... 2038 20391999/10/16 2040 - Rearranged some of the TLS-engine initialization to improve readability. 2041 - Do not "free" the SSL connection, when it is not really necessary. Do only 2042 reset information about the TLS connection, when there was one. This is 2043 the better way instead of the quick fix applied for 0.4.2. 2044 - Added half a ton of comments to the TLS code (server side) to document 2045 what is done when and why, since there is no real documentation about 2046 the OpenSSL library. 2047 20481999/10/11 == Released 0.4.2 == 2049 20501999/10/11 2051 - Fixed a severe bug introduced in 0.4.0: smtpd and smtp tried to flush 2052 old session from the session cache even when TLS was not enabled. Since 2053 no SSL-context was allocated, smtp would segfault on connection close. 2054 20551999/10/10 == Released 0.4.1 == 2056 20571999/10/10 2058 - Added a long description of the session cache handling to the top of 2059 global/pfixtls.c. 2060 - There is a race condition when cleaning up the session cache in qmgr, that 2061 might lead to lost sessions in client mode. The worst consequence is an 2062 additional session negotiation, so we can live with it as of now. 2063 Bug described in qmgr/qmgr_tls.c. 2064 - Implemented immediate removal of session cache files with expired sessions 2065 when these are called. No need to first load and then discard them. 2066 - Implemented the requirement from RFC2246 to remove sessions, when 2067 connection failures occure (well actually, when TLS layer failures 2068 occur, but I cannot seperate this from another) for the server side. 2069 the client side is under work. 2070 20711999/10/09 2072 - Set an absolut maximum length of 32 for the IDs used for session caching. 2073 This matches the default in OpenSSL, but I don�t want to see surprises 2074 when somebody sometimes will run into a longer session id. 2075 20761999/10/05 == Released 0.4.0 == 2077 - The new disk based session cache is a major step, so the minor release 2078 number is pushed to 0.4. 2079 - By now I think all necessary bells and whistles are in the code. What 2080 is left is a big code cleanup and some more testing before calling this 2081 patchkit "1.0.0". 2082 - Initiated Mailing List at 2083 http://www.aet.tu-cottbus.de/mailman/listinfo/postfix_tls 2084 20851999/10/05 2086 - Some code cleanup. 2087 - Added new options to the documentation and the hint to update 2088 "postfix-script", because otherwise qmgr might fail! 2089 20901999/10/03 2091 - Realized disc based session caching also for the Postfix/TLS client. 2092 Must go to real world testing now between hosts. 2093 And, of course, tune up the documentation, because users will have to 2094 install a new postfix-script, too. 2095 20961999/10/02 2097 - The old sessions must be removed once they have timed out, so a process 2098 is needed that will scan through the list of old sessions and remove 2099 once they have expired. 2100 Lucky me: this is what qmgr usually does with deferred messages, so 2101 qmgr is extended only a little bit and will now also clean up the 2102 old sessions from the cache directory. 2103 And hey: it is good to see how easily this thing can be extended and 2104 functions can easily be reused. Postfix is an excellent peace of 2105 software engineering and there is no line of C++ or other "object 2106 oriented modern junk" in it. It should be recommended as an example 2107 to computer sience students. 2108 21091999/09/28 2110 - I cannot use the mod_ssl way for session caching and I don�t want to 2111 spend an extra "gcache" daemon as ApacheSSL does. So I follow Wietse�s 2112 idea realized for his mail queues and create hash level based subdirectory 2113 structures. The good thing: I can cannibalize the mail_queue code. 2114 The bad thing: there is a path length of 100 chars fix coded in Wietse�s 2115 routines. It does hold for 32byte session ideas. 2116 Status: can save sessions to disk and recall them (server side). 2117 21181999/09/26 2119 - Created new call backs for external session caching for the server side. 2120 In a first step, they can print out the session ids for the newly created 2121 session and when recalling a session. 2122 As the OpenSSL documentation on this is pretty sparse, Ben Laurie�s 2123 ApacheSSL code is very helpful, Ralph Engelschall�s Mod_SSL code for 2124 session caching is far more complicated. 2125 21261999/09/23 == Released 0.3.10 == 2127 21281999/09/23 2129 - Debugging for 0.3.8/0.3.9 would have been so much easier, if the error 2130 messages put onto the error message stack from the OpenSSL library would 2131 have been printed out. The error was clearly stated from the library, I 2132 just didn't print it. Added pfixtls_print_errors() calls where missing 2133 after calls to the OpenSSL library. 2134 Sometimes I feel so old... 2135 - Used opportunity to upgrade to the latest postfix patchlevel 05: 2136 postfix-19990906-pl05. 2137 21381999/09/19 == Released 0.3.9 == 2139 21401999/09/19 2141 - Added a "smtp_no_tls_sites" table to allow people to enable TLS negotiation 2142 globally and only omit it on a per site basis. 2143 21441999/09/18 2145 - Finally found the bug described for 0.3.8: In the server setup, the 2146 SSL_CTX_set_session_id_context() call was missing. To find this, I 2147 had to trace through the OpenSSL library and when I finally found it 2148 in ssl/ssl_sess.c, there was an appropriate comment about this. I however 2149 have to find out why I didn�t receive the appropriate error message... 2150 - This bug was hidden during the first developing stages, as the shutdown 2151 sequence was not working correct, so the session was not cached. 2152 21531999/09/17 == Released 0.3.8 == 2154 21551999/09/17 2156 - Something is strange with the session caching in smtpd server mode 2157 with Netscape 4.61 client. The first connection is fine, the next 2158 one hangs after the server fails with errors while reading the 2159 SSLv3 client hello C. (Found by Michael Stroeder <x_mst@propack-data.de>) 2160 Reproducable with OpenSSL 0.9.3a, 0.9.4 and SNAPSHOT 19990915, so 2161 the problem seems to be persistent. I will try to figure out the 2162 problem myself before reporting it to the developers. If I don't find 2163 it, maybe they do :-) 2164 Workaround: the cached session is removed after connection is closed. 2165 This will impose some time penalty on the negotiation. As the caching 2166 is local in the smtp processes and they time out anyway, the penalty 2167 should not be significant. 2168 The problem does not occure with Postfix/TLS clients. 2169 21701999/09/13 == Released 0.3.7 == 2171 21721999/09/13 2173 - Ran tests, seems no further conflicts between Wietse's changes and my 2174 extensions. 2175 21761999/09/09 2177 - Applied the patchkit 0.3.6 to postfix-19990906-pl02 and worked out 2178 the rejected part of the patch. From this point of view the patch 2179 is included. Now everything has to be retested. 2180 21811999/09/09 == Released 0.3.6 == 2182 21831999/09/09 2184 - Added a missing �#ifdef HAS_SSL #endif� in smtp_connect.c. 2185 Noted by Jeff Johnson <jeff@websitefactory.net>. 2186 - HINT: 2187 On 1999/09/06 a new "stable" version of postfix was released. 2188 Future Postfix/TLS enhancements will be against this new version 19990906. 2189 21901999/08/25 == Released 0.3.5 == 2191 21921999/08/25 2193 - Added Wietse's patch for postfix-19990601 to prevent crashing smtpd when 2194 VRFY is called without setting the sender with "MAIL FROM:" first. 2195 21961999/08/13 2197 - Small changes to global/pfixtls.[ch]: Since we also support client STARTLS, 2198 we check the peers certificate, which may also be a "server" certificate 2199 (not just client). Hence I renamed "*ccert*" to "*peer*". 2200 - global/pfixtls.c: add some "const" to "char *" for OpenSSL library calls, 2201 to make gcc happy. 2202 - Extended comments in pfixtls.[ch] to better match Wietse's style. 2203 22041999/08/12 == Released 0.3.4 == 2205 22061999/08/12 2207 - Enabled workarounds for known bugs in SSL-engines. 2208 - Tested with OpenSSL 0.9.4. 2209 - Windows95/NT: Problem with Netscape hanging on first connection when 2210 the client certificate database has to be unlocked cannot be reproduced 2211 anymore. 2212 I am happy, but I am also not sure what caused the problem to go away 2213 and I cannot figure out the security settings manually from the files... 2214 22151999/08/11 2216 - Corrected loglevel handling: At some points smtpd_tls_loglevel was used 2217 instead of smtp_tls_loglevel (only noted at loglevels >= 2). 2218 22191999/08/09 == Released 0.3.3 == 2220 22211999/08/09 2222 - Removed SSL_CTX_set_quiet_shutdown() as it does prevent the shutdown 2223 from actually being performed. In order to remove the annoying 2224 "SSL3 alert write:warning:close notify" it is now explicitly handled 2225 in apps_ssl_info_callback(). 2226 Bug found by Bodo Moeller <bodo@openssl.org>. 2227 22281999/08/06 == Released 0.3.2 == 2229 22301999/08/06 2231 - Add option "smtp_tls_note_starttls_offer" to collect information about 2232 hosts, that offered the STARTTLS feature without using it. 2233 - Shut up smtpd. Only print information about relaying based on certs 2234 when msg_verbose is true. 2235 22361999/07/20 2237 - Added missing "const" in pfixtls.h (found by Juergen Scheiderer 2238 <jnschei@suse.de>). HP-UX ANSI-C didn't complain. 2239 22401999/07/08 == Released 0.3.1 == 2241 22421999/07/08 2243 - New config variable "smtpd_tls_received_header". When "true", the protocol 2244 and cipher data as well as subject and issuer CN of the client certificate 2245 are included into the "Received:" header. 2246 22471999/07/07 2248 - "starting TLS engine" message will only be printed when loglevel >=2 2249 to reduce unnecessary noise in the log files. 2250 - Added code to fetch the protocol (e.g. TLSv1) and the cipher used (by name 2251 and bits). Information is printed to the logfile. 2252 22531999/07/01 == Released 0.3.0 == 2254 22551999/07/01 2256 - (Client mode) Bug fix: Don't try to use STARTTLS if it is not offered. The 2257 server we are connected to might not understand it and respond with a 2258 "500 command not understood", causing the email to bounce back, even 2259 when the lack of STARTTLS is just a temporary problem. 2260 - Updated documentation for the new per recipient/site TLS decisions. 2261 22621999/06/30 2263 - Client mode: Added variables and routines to decide "per recipient" or 2264 "per host/site" whether to use/enforce TLS or not. 2265 22661999/06/18 == Released 0.2.8 == 2267 22681999/06/18 2269 - In client mode the "use_tls" and "enforce_tls" internal variables were 2270 not initialized correctly, such that the client could try to use the 2271 STARTTLS negotiation even if not wanted. This error was introduced 2272 in 0.2.7. 2273 Noted by "Cerebus" <cerebus@sackheads.org>. 2274 22751999/06/08 == Released 0.2.7 == 2276 22771999/06/08 2278 - Studied discussions in the IETF-apps-TLS mailing list: MS Exchange 2279 seems to offer STARTTLS even if not configured. Added this info to the 2280 documentation. 2281 - Updated Documentation regarding the changes made. 2282 22831999/06/03 2284 - The subject-CommonName (CN) of the server certificate is extracted when 2285 connecting to a TLS server. 2286 - In "smtp_*_tls" mode, this subject-CommonName is matched against the 2287 hostname of the server. In "enforce" mode, the connection is droppend 2288 when the certified server name and the real hostname differ. 2289 - Added missing dependencies in smtp/Makefile.in (missing pfixtls.h since 2290 0.2.0). 2291 22921999/06/02 == Released 0.2.6 == 2293 22941999/06/02 2295 - Adapted patchkit to postfix-19990601. 2296 22971999/06/01 == Released 0.2.5 == 2298 22991999/06/01 2300 - Updated OpenSSL API to 0.9.3a -> position of include files has changed 2301 from <xxx.h> to <openssl/xxx.h>. No functional changes. 2302 - pkcs12 utility is now part of OpenSSL -> changed documentation 2303 accordingly. 2304 23051999/05/20 == Released 0.2.4 == 2306 23071999/05/20 2308 - Updated postfix base 19990317 from pl04 to pl05. 2309 23101999/05/14 == Released 0.2.3 == 2311 23121999/05/14 2313 - Fixed a bug in pfixtls_stop_*(): there was a ";" to much directly 2314 after "if (con);". This check is only done as a safety measure: 2315 When SSL is not started you should not stop it. This case could however 2316 only happen when the code in smtp[d] would be wrong, so it should never 2317 be necessary. (Bug found by Uwe Ohse <uwe@ohse.de>) 2318 23191999/05/11 == Released 0.2.2 == 2320 23211999/05/11 2322 - Matti Aarnio: Reworked pfixtls_dump() to use fewer strcpy and strcat calls. 2323 - Added information about Matti Aarnio (author/maintainer of ZMailer) 2324 working on RFC2487 for ZMailer. 2325 23261999/05/04 == Released 0.2.1 == 2327 23281999/05/04 2329 - Stuffed up the documenation to reflect the actual status. No change 2330 in functionality. 2331 23321999/04/30 == Released 0.2.0 == 2333 23341999/04/30 2335 - Adjusted the changes in smtp*.c to Wietse's indentation style. 2336 - Sorry, the documentation about the client side has by now to be 2337 taken from sample-tls.conf. The documenation has to be rearranged 2338 in a larger scale. 2339 23401999/04/29 2341 - Finished client support for STARTTLS in smtp; some testing done. 2342 - Fixed a race condition in smtpd: When in PIPELINE mode, the connection 2343 was switched back from SSL to normal mode before the buffers were 2344 flashed. 2345 - Adjusted the code in pfixtls.[ch] and additions in smtpd*.c to 2346 Wietse's indentation style. 2347 23481999/04/28 2349 - Incorporated skeleton of STARTTLS support into smtp. 2350 - Introduced variables to control client STARTTLS to configuration. 2351 23521999/04/15 == Released 0.1.5 == 2353 23541999/04/15 2355 - Adjusted pfixtls.diff to postfix-19990317-pl04. 2356 23571999/04/14 2358 - Ported from OpenSSL the BIO_callback functions to dump out the negotiation 2359 and transmission for debugging purposes. The functions are triggered 2360 by the the new loglevels 3 and 4. 2361 - Call SSL_free() to get rid of the SSL connection structure not used 2362 anymore. 2363 23641999/04/13 == Released 0.1.4 == 2365 23661999/04/13 2367 - Based on a hint in the openssl-users list added an SSL_set_accept_state() 2368 before the actual SSL_accept(). I don't really understand why, but the 2369 documentation of SSL is a bit short anyway. 2370 23711999/04/11 2372 - Some more comments on certificates in the documentation. 2373 23741999/04/10 2375 - Moved initialization of the pfixtls_server_engine to the pre_jail_init() 2376 section of smtpd, so that it is called with root privileges to read the 2377 key and cert information. The secret key of the server can now be protected 2378 by "chown root secretkey.pem; chmod 400 secretkey.pem". 2379 Additionally, this makes it possible to run smtpd in chroot jail, even 2380 though I didn't test that, yet. All information is read at smtpd startup 2381 time except the CAcerts in tls_CApath, which are checked at runtime. 2382 I have to look into that. 2383 - Updated documentation accordingly. 2384 - Rewrote the documentation with regard to the certificate setup and 2385 explaining the different types of certificates. 2386 23871999/04/09 2388 - Introduced pfixtls_print_errors() which imitates BIO_print_errors() 2389 (the typical way to print error information in OpenSSL) but writes 2390 to syslog instead of a file handle. 2391 Hence we can get more informative error information. 2392 23931999/04/08 == Released 0.1.3 == 2394 23951999/04/08 2396 - Stuffed up the documentation by reworking the references. 2397 - Added contributed script for automatic addition of fingerprints. 2398 - Added ACKNOWLEDGEMENTS file 2399 24001999/04/06 == Released 0.1.2 == 2401 24021999/04/06 2403 - Portability: removed call of "snprintf()", as it is not available on 2404 some (older) UNIX versions (in this case Solaris 2.5). 2405 - Removed calls to "select()" when in TLS mode: Even though no new bytes 2406 arrive, there might be bytes left in the SSL buffer -> possible hang. 2407 24081999/03/30 == Released 0.1.1 == 2409 24101999/03/30 2411 - Added disclaimer about export restrictions. 2412 - Fixed a bug in util/match_ops.c: 2413 When using dictionary lookup the compare was case sensitive by accident. 2414 Effect: Fingerprint matching did not work with databases, only for plain 2415 file. 2416 Bug report submitted to postfix author. 2417 24181999/03/29 == Released first version 0.1.0 == 2419