| Age | Commit message (Collapse) | Author |
|---|
|
pointed and OK bluhm@
|
|
ok jsing
|
|
The only caller is X509_policy_check() which goes straight to error.
with beck
ok jsing
|
|
Add sk_is_sorted() checks to the callers of sk_X509_POLICY_NODE_delete_if()
and add a comment that this is necessary.
with beck
ok jsing
|
|
Move the check that level->nodes is sorted to the call site and make sure
that the logic is preserved and erroring does the right thing.
with beck
ok jsing
|
|
Instead of asserting that i == num_certs - 2, simply make that an error
check.
with beck
ok jsing
|
|
This assert is in debugging code that ensures that there are no duplicate
nodes on this level. This is an expensive and unnecessary check. Duplicates
already cause failures as ensured by regress.
with beck
ok jsing
|
|
Turn the check into an error which will make all callers error.
with beck
ok jsing
|
|
|
|
instead of discussing some of them at two different places.
Also follow a more logical order: initialization first, then reading
and writing, then retrieving the digest and reinitialization.
Leave context handling and chain duplication at the end because
both are rarely needed.
While here, also tweak the wording of the shuffled text
and add some precision in a few places.
|
|
|
|
when receiving a valid Neighbor Advertisement.
OK florian@ kn@
|
|
retrieve rules from kernel. The current implementation requires
like O((n^2)/2) operation to read the complete rule set, because
each DIOCGETRULE operation must iterate over previous n
rules to find (n + 1)-th rule to read.
To address the issue diff introduces a pf_trans structure to keep
pointer to next rule to read, thus reading process does not need
to iterate from beginning of rule set to reach the next rule.
All transactions opened by process get closed either when process
is done (reads all rules) or when /dev/pf device is closed.
the diff also comes with lots of improvements from dlg@ and kn@
OK dlg@, kn@
|
|
in either direction.
This more closely matches the IPv4 ARP behaviour.
From sashan@
discussed with kn@ deraadt@
|
|
These new tests won't bubble up a non-zero error exit code because
other libcrypto bits still need to land first.
|
|
Add explicit default labels in switch() statements with error handling.
Right now these are not reachable. Should also clear some gcc warnings.
OK tb@
|
|
Right now these are not reachable. Should also clear some gcc warnings.
OK tb@
|
|
producer and consumer must come in pair and the latter was missing.
Also move the code a bit to make clear which check is needed for
what.
OK mvs@
|
|
invocations, making the geometry information written to the
disklabel a bit more logically related to the disktab information
from whence it came. Also makes FSDISKTYPE usage consistent.
Flip the disklabel(8) invocations to the "echo '/ *'"
idiom to make it obvious that the desire is to create a single
'a' partition containing all free space.
No intentional functional change. MBRs, disklabels and newfs
outputs appear identical.
reads good to kn@
|
|
OK deraadt@
|
|
Flags are passed to the remote system but --size-only is only set
if local system is sender since this is the behaviour of rsync.
Initial diff from Martin Cracauer but mostly reimplemented and extended
by myself.
OK kn@
|
|
Both ticket and number of queues stem from the pf_queues_active list which
is effectively static to pf_ioctl.c and fully protected by the pf lock.
OK sashan
|
|
mode. Without this change the compiler doesn't realize that the memory
behind the array that contains the return values might have changed and
optimizes the access away. With this change it properly access the array
to retrieve the returned values.
ok drahn@
|
|
called with M_WAITOK.
OK kevlo@
|
|
for a while it has used only spaces when no-tab-mode is enabled and respected
the current buffer tab width.
|
|
This hoists variable declarations to the top and compiles with -Wshadow.
ok beck
|
|
|
|
These were adapted from BoringSSL's regress tests for x509
policy. They are currently marked as expected to fail as
we have not enabled LIBRESSL_HAS_POLICY_DAG by default yet, and
the old tree based policy code from OpenSSL is special.
These tests pass when we build with LIBRESSL_HAS_POLICY_DAG.
|
|
|
|
ok knfmt
|
|
|
|
|
|
confusing users with FFS attributes that only experts should
fiddle with. Actual use has withered away with functionality
rendered moot or moved elsewhere.
'-e' remains for the truly obscure corner cases.
Simply excise the code for now to see if hidden users/uses are
exposed. Further simplifications are possible if no such
users/uses surface.
ok with sthen@ millert@ kn@ otto@
|
|
corrected we pass
|
|
We currently still fail two of these, looks like one more bug in
extracting the depth for require policy from the certificate..
|
|
|
|
confirm-before. From Elias Assaf in GitHub issue 3548; prompted by an
earlier change from Yutaro Yoshii in GitHub issue 3496.
|
|
are better than exiting).
|
|
kettenis's amlrng driver.
suggestions and OK patrick@
|
|
|
|
|
|
Tested with Comfast CF-WU710N v4.
"go ahead" deraadt@
OK stsp@
|
|
Directly including sys/syslog.h would fail due to size_t
being unknown.
OK millert, miod
|
|
Isolate virtio network and block device emulation in dedicated
processes, forked and exec'd from the vm process. This allows for
tightening pledge promises to just "stdio".
Communication between the vcpu's and these devices now occurs via
imsg channels, which adds the benefit of not always blocking the
vcpu thread while emulating the device.
With this commit, it's possible that vmd is the first open source
hypervisor that *defaults* to a multi-process device emulation
model without requiring any additional configuration from the
operator.
Testing help from phessler@ and Mischa Peters.
ok mlarkin@
|
|
|
|
|
|
remove Tn macro usage;
feedback/ok miod
|
|
a short while after suspend.
ok deraadt@ kn@
|
|
|
|
iostat(8)
|
