| Age | Commit message (Expand) | Author |
|---|
| 2022-11-27 | Once we are synced, we can validate the certificate in the standard way. | Otto Moerbeek |
| 2022-01-07 | If no date could be parsed, bail out early and fix an error return that | Otto Moerbeek |
| 2021-07-16 | Remove unneeded call to tls_init(3) | kn |
| 2021-03-18 | Remove duplicate prototype. | Alexander Bluhm |
| 2020-02-20 | Typo in log message | Otto Moerbeek |
| 2020-02-12 | If constraints are configured but do not work for whatever reason ntpd | Otto Moerbeek |
| 2019-07-16 | 1) Re-resolve and re-get constraints once the clock is synced. Constraints | Otto Moerbeek |
| 2019-06-28 | When system calls indicate an error they return -1, not some arbitrary | Theo de Raadt |
| 2019-06-16 | Be more aggressive retrying dns while in settime mode. The constraint | Otto Moerbeek |
| 2019-06-09 | Introducing autmatic settime mode: if some preconditions are met | Otto Moerbeek |
| 2019-05-30 | Use proper algorithm for median computation; use fabs() for computing | Otto Moerbeek |
| 2019-05-28 | A step in solving the bootstrap problem in a dnssec environement. | Otto Moerbeek |
| 2019-01-21 | Improve logging for TLS certificate validity checking. | Joel Sing |
| 2019-01-21 | Explicitly check timegm() return value. | Joel Sing |
| 2019-01-21 | Perform manual validity checking of the X.509 certificate for constraints. | Joel Sing |
| 2019-01-20 | Don't use *a - *b as compare idiom, it does not work as expected for | Otto Moerbeek |
| 2018-11-29 | update for libtls default cert changes. | Ted Unangst |
| 2018-11-06 | Use TLS_CA_CERT_FILE instead of a separate define. | Joel Sing |
| 2018-11-05 | Be stricter with TLS configuration for ntpd constraints. | Joel Sing |
| 2016-12-05 | Use the stack to hold the constraint child process variables instead of | Rafael Zalamena |
| 2016-10-18 | Check for EAGAIN on imsg_flush() return otherwise we might be failing | Rafael Zalamena |
| 2016-10-18 | Save the constraint process pid by getting the start_child() return value, | Rafael Zalamena |
| 2016-09-26 | Teach ntpd(8) constraint process to use exec*() instead of just forking, | Rafael Zalamena |
| 2016-09-14 | Add clarifications ("comments") to three places where it wasn't | Reyk Floeter |
| 2016-07-13 | Adjust existing tls_config_set_cipher() callers for TLS cipher group | Joel Sing |
| 2016-06-01 | ntpd is too aggressive about retrying constraint connections. This | Theo de Raadt |
| 2016-05-21 | Harden TLS for ntpd constraints - stop disabling server name verification, | Joel Sing |
| 2016-05-06 | Unconfuse things by renaming variables to match their contents. | Joel Sing |
| 2016-03-05 | According to RFC7231, section 7.1.1.1, the HTTP date header supports | Christian Weisgerber |
| 2016-01-27 | Don't attempt to kill() the constraint in the wrong process. The | Reyk Floeter |
| 2015-12-19 | Switch and sync to the log.c variant from httpd/relayd/iked/snmpd/vmd. | Reyk Floeter |
| 2015-12-05 | EAGAIN handling for imsg_read. OK henning@ benno@ | Claudio Jeker |
| 2015-11-24 | Cache values from getpwnam() done at initialization, which need to be | Theo de Raadt |
| 2015-11-19 | Simplify all instances of get_string() and get_data() using malloc() and | mmcc |
| 2015-11-17 | fix memory leak; from David CARLIER | Theo de Raadt |
| 2015-10-12 | Move execution of the constraints from the ntp to the parent process. | Reyk Floeter |
| 2015-10-09 | Once the constraint engine process is running, it only needs | Theo de Raadt |
| 2015-09-10 | fix type and return check for tls_read/write. | Bob Beck |
| 2015-09-10 | fix after libtls api changes | Bob Beck |
| 2015-09-09 | Fix memory leak in error path when max length exceeded. | Todd C. Miller |
| 2015-07-18 | Handle short writes and TLS_{READ,WRITE}_AGAIN around tls_write(). | Alexander Bluhm |
| 2015-07-18 | prevent the tls constraint state machine from getting hung on STATE_INVALID | Brent Cook |
| 2015-05-28 | detect crashes from constraint sub-processes, instead of ignoring them. | Theo de Raadt |
| 2015-05-21 | No need to call tzset() and log_init() in the forked constraint | Reyk Floeter |
| 2015-05-18 | Currently, after 4 failed constraint checks, we suspect the constraint | Reyk Floeter |
| 2015-05-17 | When resolving the "constraint" (singular), store all returned IP | Reyk Floeter |
| 2015-04-21 | fix a memory leak if tls_read() fails. ok henning@ | Jonathan Gray |
| 2015-03-14 | remove unused 'cause' string when checking child status | Brent Cook |
| 2015-02-22 | Rename tls_config_insecure_noverifyhost() to | Joel Sing |
| 2015-02-22 | Set the TLS ciphers to "compat" mode, restoring the previous behaviour. | Joel Sing |
