add CheckSigningTable config option for USE_ODBX #227
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 30 commits
May 10, 2015 23:05
by Iosif Fettich.
_FFR_CONDITIONAL.
as a value delimiter.
…y contain a slash (which must be quoted).
…uplicate signatures, constrain the size of the resulting "header.b" value. Problem noted by Joseph Coffland.
…elds that are wrapped before there's any content. Somehow the wrong fix was committed. Originally reported by Alessandro Vesely; re-reported by David Stevenson.
…re object requests where the domain name or selector includes non-printable characters. Suggested by Franck Martin.
…l signature request, probably with an "l=0" (at least for starters), rather than altering an existing signature request. Break the build until I fix it.
… it rather than altering an existing one (you need both).
…_ed25519 fix calculation of keybit_len in ed25519 case Tested on Ubuntu 20.04, CenOS current, Debian 10, Fedora 32
…f-ip-caveats opendkim.conf: Note more caveats for ip addresses Documentation update, looks good. Merging.
Definitions for this macro have been added throughout the codebase in commits 91e7407, 705948f, 227fa25, 842c173, and b730bdc, but one was still missing from libvbr. glibc contains a definition for legacy reasons, but other libcs might not. Particularly, the musl libc does not contain it, leading to build errors when enabling support for VBR. Add a definition for __P() to vbr.h to fix this.
The upstream Lua pkg-config file is named lua.pc, so unless some distribution renames it, OpenDKIM should be looking for "lua" and not "lua5.1" in its PKG_CHECK_MODULES call. In any case, we should definitely be checking for "lua", so this commit appends it to the list of modules we look for. The "lua5.1" module was left alone, because I don't know enough of the history to be sure that removing it is the right thing to do. When the call to PKG_CHECK_MODULES fails, OpenDKIM falls back to a manual search that looks in /usr/lib, and this can detect 32-bit libraries on a 64-bit system. Therefore it is preferable that the PKG_CHECK_MODULES call succeed. In the process of adding this fallback, I realized that some additional actions need to be performed in the success branch of the existing (and new) PKG_CHECK_MODULES call. The following three lines were added, AC_SEARCH_LIBS([dlopen], [dl]) AC_SUBST([LUA_MANNOTICE], "") AC_DEFINE([USE_LUA], 1, [support for Lua scripting]) to tell various parts of OpenDKIM that we do indeed have Lua support. Afterwards, it became clear that those three lines could be factored out of *every* lua check, so that has been done as well. Closes: trusteddomainproject#62 Gentoo-bug: https://bugs.gentoo.org/704556
…key-man-restrict opendkim-genkey(8): Fixed typo option "restricted" to "restrict"
…im-genzone-nodate make the output comparable, avoid variable timestamp data
…hema_update2 make the ldap class STRUCTURAL and DKIMDomain subsearchable
…s-header Add missing space in Authentication-Results header
Define __P() macro in libvbr
…kgconfig-check configure.ac: check for "lua" with pkg-config in addition to "lua5.1".
…im-genzone-logical-error-fix logical-error-fix
…s-syslog Suppress empty brackets in syslog startup message
Various minor fixes in sample opendkim.conf
…om-check miltertest: Fix undefined behaviour in mt.eom_check() with MT_SMTPREPLY
…-callback Plug memory leak in Unbound callback function
…perator-configure Fix unknown operator in configure.ac
miltertest: Fix broken mt.data() function
…kim-genkey-ed25519-support ed25519 support
were not being properly handled.
When CheckSigningTable is set to no, the keys in KeyTable are no longer verified when config is loaded. This helps with large databases. This commit only adds support for USE_ODBX.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When CheckSigningTable is set to no, the keys in KeyTable are no
longer verified when config is loaded. This helps with large
databases. This commit only adds support for USE_ODBX.