nginx.git/src/mail, branch release-1.13.4 nginx Style: changed checks of ngx_ssl_create_connection() to != NGX_OK. 2017-05-29T13:34:35+00:00 Maxim Dounin mdounin@mdounin.ru 2017-05-29T13:34:35+00:00 0514e14a8bbd8e5977712c892b53aa471a91fcb5 In http these checks were changed in a6d6d762c554, though mail module was missed at that time. Since then, the stream module was introduced based on mail, using "== NGX_ERROR" check. 
In http these checks were changed in a6d6d762c554, though mail module
was missed at that time.  Since then, the stream module was introduced
based on mail, using "== NGX_ERROR" check.
SSL: added support for TLSv1.3 in ssl_protocols directive. 2017-04-18T12:12:38+00:00 Sergey Kandaurov pluknet@nginx.com 2017-04-18T12:12:38+00:00 9a37eb3a62130473596e0e4c2e388d80bdb14956 Support for the TLSv1.3 protocol will be introduced in OpenSSL 1.1.1. 
Support for the TLSv1.3 protocol will be introduced in OpenSSL 1.1.1.
Mail: configurable socket buffer sizes. 2017-04-03T14:30:34+00:00 Vladimir Homutov vl@nginx.com 2017-04-03T14:30:34+00:00 a965e1d76642095f3f4e5f43d13a8b0379296e43 The "rcvbuf" and "sndbuf" parameters are now supported by the "listen" directive. 
The "rcvbuf" and "sndbuf" parameters are now supported by
the "listen" directive.
Mail: don't emit separator in capability lists for APOP. 2017-03-06T14:56:23+00:00 Sergey Kandaurov pluknet@nginx.com 2017-03-06T14:56:23+00:00 fbe9759e4b8d0a80863a4000a724111b0741a9ab Notably, this fixes CAPA and AUTH output. The bug had appeared in nginx 1.11.6 (73b451d304c0). 
Notably, this fixes CAPA and AUTH output.

The bug had appeared in nginx 1.11.6 (73b451d304c0).
Mail: make it possible to disable SASL EXTERNAL. 2017-01-12T16:22:03+00:00 Sergey Kandaurov pluknet@nginx.com 2017-01-12T16:22:03+00:00 b5a3cc3781e95068cd8d0d8c84a7d8296b6682e6 






Win32: fixed some warnings reported by Borland C.
2016-12-24T15:01:14+00:00

Maxim Dounin
mdounin@mdounin.ru

2016-12-24T15:01:14+00:00

c17009ee756bf16e702ed48ef667765c121e36d6

Most notably, warning W8012 (comparing signed and unsigned values) reported
in multiple places where an unsigned value of small type (e.g., u_short) is
promoted to an int and compared to an unsigned value.

Warning W8072 (suspicious pointer arithmetic) disabled, it is reported
when we increment base pointer in ngx_shm_alloc().





Most notably, warning W8012 (comparing signed and unsigned values) reported
in multiple places where an unsigned value of small type (e.g., u_short) is
promoted to an int and compared to an unsigned value.

Warning W8072 (suspicious pointer arithmetic) disabled, it is reported
when we increment base pointer in ngx_shm_alloc().







Mail: support SASL EXTERNAL (RFC 4422).
2016-10-08T07:05:00+00:00

Rob N ★
robn@fastmail.com

2016-10-08T07:05:00+00:00

66c23edf6308867572d5c4b8341e7a3fe7e97864

This is needed to allow TLS client certificate auth to work. With
ssl_verify_client configured, the auth daemon can choose to allow the
connection to proceed based on the certificate data.

This has been tested with Thunderbird for IMAP only. I've not yet found a
client that will do client certificate auth for POP3 or SMTP, and the method is
not really documented anywhere that I can find. That said, its simple enough
that the way I've done is probably right.





This is needed to allow TLS client certificate auth to work. With
ssl_verify_client configured, the auth daemon can choose to allow the
connection to proceed based on the certificate data.

This has been tested with Thunderbird for IMAP only. I've not yet found a
client that will do client certificate auth for POP3 or SMTP, and the method is
not really documented anywhere that I can find. That said, its simple enough
that the way I've done is probably right.







Mail: extensible auth methods in pop3 module.
2016-10-18T16:38:46+00:00

Maxim Dounin
mdounin@mdounin.ru

2016-10-18T16:38:46+00:00

a747089a1dd63f323111c82000debfd83a5e6719












Modules compatibility: removed dependencies on NGX_MAIL_SSL.
2016-10-10T15:44:17+00:00

Maxim Dounin
mdounin@mdounin.ru

2016-10-10T15:44:17+00:00

a6cb8210905f35977276cb3861184e4dad99cc2a

External structures are now identical regardless of mail SSL module
compiled in or not.





External structures are now identical regardless of mail SSL module
compiled in or not.







Modules compatibility: removed unneeded IPV6_V6ONLY checks.
2016-10-03T12:58:25+00:00

Maxim Dounin
mdounin@mdounin.ru

2016-10-03T12:58:25+00:00

0a961a09171fc1de3f3a70aa6b15e29d3882f7f0

The IPV6_V6ONLY macro is now checked only while parsing appropriate flag
and when using the macro.

The ipv6only field in listen structures is always initialized to 1,
even if not supported on a given platform.  This is expected to prevent
a module compiled without IPV6_V6ONLY from accidentally creating dual
sockets if loaded into main binary with proper IPV6_V6ONLY support.





The IPV6_V6ONLY macro is now checked only while parsing appropriate flag
and when using the macro.

The ipv6only field in listen structures is always initialized to 1,
even if not supported on a given platform.  This is expected to prevent
a module compiled without IPV6_V6ONLY from accidentally creating dual
sockets if loaded into main binary with proper IPV6_V6ONLY support.