| Age | Commit message (Collapse) | Author |
|---|
|
vattr in userspace is suboptimal as some related helpers are not
available, e.g. VATTR_NULL() and IFTOVT(). The conversion is now done in
the kernel where it belongs. As a side effect the <sys/vnode.h> include
can be removed from libfuse.
tweaks and ok guenther
|
|
ok krw@ millert@
|
|
ok jca@ krw@
|
|
OK schwarze@
|
|
as readlink() will tell you that more cheaply.
ok millert@
|
|
Recommend POSIX getline(3) instead.
|
|
to determine the length instead of doing it manually. OK schwarze@
|
|
Based on a diff from Kinichiro Inoguchi.
ok beck@
|
|
even though ferror(3) is already set;
also from Andrey Chernov <ache at freebsd dot org>;
OK millert@
|
|
ok deraadt@
|
|
ok deraadt@
|
|
ok deraadt@
|
|
ok deraadt@
|
|
ok deraadt@
|
|
and failed (setting errno and ferror(3)) both at the same time.
That's a bad idea in general, and here in particular since
returning partial lines was neither reliable (sometimes, you
got NULL anyway) nor predictable (almost always, the line would
be truncated long before the actual read error).
Instead, on read failure, fail properly and always return NULL.
Issue found in a discussion with Andrey Chernov <ache at freebsd dot org>
who finally agreed to move FreeBSD into the same direction.
The fix is joint work with and OK by millert@.
|
|
from Andrey Chernov <ache at freebsd dot org>;
OK millert@
|
|
In particular, rename tls_free_conninfo() to tls_conninfo_free() and make
it a real free function. Rename tls_get_conninfo() to
tls_conninfo_populate() and have it allocate the struct tls_conninfo (after
freeing any existing one).
ok beck@
|
|
ok beck@
|
|
|
|
|
|
provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and
allow the server to determine what servername the client requested (via
tls_conn_servername()).
ok beck@
|
|
that is required for certificate switching with libssl and the certificate
itself so that we can match against the subject and SANs. Hook up the
servername callback and switch to the appropriate SSL_CTX if we find a
matching certificate.
ok beck@
|
|
OK jca@ martijn@ millert@
|
|
|
|
|
|
Reported by & similar diff by guenther@ some time ago, ok eric@
|
|
returning EINTR. OK jung@ deraadt@
|
|
that it can be reused to allocate the additional SSL_CTXs needed for SNI.
ok reyk@
|
|
information related functions under their own heading and dedup the text
relating to when these functions can be called.
With input from and ok jmc@
|
|
|
|
Over time we can repair software which performs this non-standard behaviour,
and fix bugs along the way. Let's first find out how bad the situation is
by deploying this in snapshots.
This type of logging is possible because OpenBSD syslog_r(3) -> sendsyslog(2)
is side-effect free enough to be used in the bowels of libc.
ok tedu
|
|
|
|
|
|
sort and remove unused fingerprint.
|
|
|
|
instead of assuming that they should use the one associated with the TLS
context. This allows these functions to be used with the additional
SSL contexts that are needed to support server-side SNI.
Also rename tls_configure_keypair() to tls_configure_ssl_keypair(), so that
these functions have a common prefix.
ok reyk@
|
|
functions out the way of the main body;
ok guenther
|
|
Merge the manual pages and call them deprecated there.
ok and manpage tweak jmc@, ok natano@
|
|
remove some references to differences between versions 6 and 7.
ok jmc, millert, tedu
|
|
|
|
(this was in the original commit, but got reverted in the recommit).
|
|
tls_config_set_*_file() function is called. This allows us to immediately
propagate useful error messages, play more nicely with privsep/pledge and
have a single code path. Instead of always loading the default CA when
tls_config_new() is called, defer and only load the default CA when
tls_configure() is invoked, if a CA has not already been specified.
ok beck@ bluhm@
|
|
|
|
ok beck@ doug@
|
|
are no longer needed by ld.so. Move them to the m88k-specific list, as
it hasn't made the jump.
ok deraadt@
|
|
workarounds. Some of them will soon stand in the way of armv7.
Off to the attic you go.
|
|
ERRORS and into a new second paragraph. Adapted from NetBSD.
OK deraadt@ jmc@
|
|
|
|
instead of the [__got_start, __got_end) range.
Also, instead of mprotecting the [__plt_start, __plt_end) range,
just scan for sections which are both writable and executable and
mprotect them to read-only. (This part was stolen from kettenis@)
ok kettenis@
|
|
ok deraadt@
|
