Hi,
when using ssl_verify_server_cert in mysql connection string, is
the cert verified also against SAN (DNS and IP)?
Because this doesn't seem to work. I get a certification
verification error in handshake when connecting via IP.
But the cert is goo
> On 18 April 2019 11:34 TG Servers via dovecot wrote:
>
>
> Hi,
>
> when using ssl_verify_server_cert in mysql connection string, is the cert
> verified also against SAN (DNS and IP)?
> Because this doesn't seem to work. I get a certification verification error
> in handshake when conne
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig
Binary packages in https://repo.dovecot.org/
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
Dear subscribers,
we're sharing our latest advisory with you and would like to thank
everyone who contributed in finding and solving those vulnerabilities.
Feel free to join our bug bounty programs (open-xchange, dovecot,
powerdns) at HackerOne.
You can find binary packages at https://repo.doveco
Ok then it seems again a MariaDB issue, they don't
check against IP in the SAN it seems, this has nothing to do with
ssl_ca setting it seems
host= port= dbname=
user= ssl_verify_server_cert=yes ssl_cipher=TLSv1.2
ssl_ca=/etc/ssl/certs/ca-bundle.crt pa
Lets try again, put wrong changelog to the mail. Sorry about this.
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig
Binary packages in https://repo.dovecot.org/
* CVE-2019-10691: Trying to login with 8bit username containing
Have you considered any alternatives?
I'm thinking of IPSec to create a secured network encapsulation channel(s)
"above" the TCP connection(s).
This would provide encryption with control over cipher(s), and cert validation
on both sides (if you used cert auth, not PSK).
-- K
On Thu, Apr 18,
Kostya,
they have already a bug open on this as I saw now
https://jira.mariadb.org/browse/MDEV-18131
and I also filed a bug on the TLS cipher string issue from
yesterday.
Depending on when this will be resolved I will have to consider
alternative
Aside from these two things they have really, I
mean really a lot, issues in open state regarding ssl...
Which maybe speaks for a more generous alternativ anyways
On 18/04/2019 12:25, TG Servers wrote:
Kostya,
they have already
Hi,
We are having some issues with the auth connection
Version: 2.3.5.1, with MySQL and Postfix
The server is working fine, and randomly after some days, Dovecot fails
to auth:
Apr 18 14:25:16 mail dovecot[25013]: auth: Warning: Event 0x126eba20
leaked (parent=0x126eb820): auth-request.c:89
Aki Tuomi via dovecot skrev den 2019-04-18 11:35:
* CVE-2019-10691: Trying to login with 8bit username containing
invalid UTF8 input causes auth process to crash if auth policy is
enabled. This could be used rather easily to cause a DoS. Similar
crash also happens during ma
> On 18 April 2019 14:40 Benny Pedersen via dovecot wrote:
>
>
> Aki Tuomi via dovecot skrev den 2019-04-18 11:35:
>
> > * CVE-2019-10691: Trying to login with 8bit username containing
> > invalid UTF8 input causes auth process to crash if auth policy is
> > enabled. This cou
On 4/12/19 12:48 AM, Stephan Bosch wrote:
On 29/03/2019 10:23, Michal Hlavinka via dovecot wrote:
On 3/28/19 6:41 PM, Aki Tuomi via dovecot wrote:
On 28 March 2019 19:40 Michal Hlavinka via dovecot
wrote:
Hi,
when trying to build dovecot 2.3.5.1 pigeonhole testsuite crashes in
Whic
Sadly, I guess not...
I'm not sure what to make of this, seeing as both Wietse and Timo said
it was almost a trivial thing to fix.
On Fri Apr 12 2019 12:17:22 GMT-0400 (Eastern Standard Time), Tanstaafl
via dovecot wrote:
> I'm resurrecting this again because I'm getting pretty close to possibly
14 matches
Mail list logo
