Apply patch extracted from sendmail-8-17.1.9 snapshot by dinoex@.
PR: 262935
Reviewed by: gshapiro
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37119
It is specifically mentioned in the manual page. Note it has no functional
change in reality because DH_set0_pqg() cannot fail when both p and g are
not NULL.
OpenSSL 1.1 API patch for sendmail had a bug which
prevented sm_RSA_generate_key() function from working.
This function is used to generate a temporary RSA key
for a shared memory region used for TLS processing.
Note that 12.0 and 12.1-RELEASE include this bug.
This affects only if SM_CONF_SHM compile-time
option (enabled by default) and SharedMemoryKey
run-time option (not enabled by default) in a .cf file are
specified. The latter corresponds to confSHARED_MEMORY_KEY in
a .mc file.
PR: 242861
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D23734
Fix a problem which prevented -OServerSSLOptions or -OClientSSLOptions
specified in the command-line option from working.
This patch has been accepted by the upstream.
Reviewed by and discussed with: gshapiro
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
The first fix committed last week changed the default to 1024 bits.
This commit fixes the case where the DHParameters option is set to a
file which doesn't exist, which is the case on newer versions of
FreeBSD which enable STARTTLS by default by auto-creating TLS
certificates.
MFC after: 2 days
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits. sendmail 8.15.2, when
released well use a default of 2048 bits.
MFC after: 1 day
compatibility with some sites
This change comes from 8.15 but is being backported to FreeBSD releases
not yet using 8.15.
MFC after: 3 days
Noted by: julian@
Note: As the first merge since the conversion to svn, it includes many
propset changes to get the proper svn:eol-style and svn:mime-type on the
files (as merged from the fixed up vendor/dist area).
MFC after: 3 days
