| Age | Commit message (Collapse) | Author |
|---|
|
ok benno@
|
|
from matt schwartz
ok claudio
|
|
to 1024 session per process (esp. with keep-alive). Now the fd limit is
the new maximum and relayd will make sure to not accept too many sessions.
The tcp backlog config maximum is now 512, adjust manpage accordingly.
OK benno@ deraadt@
|
|
set to HOST_DOWN.
Noticed and fixed by Rivo Nurges <Rivo DOT Nurges AT smit DOT ee>
ok and reminder florian@
|
|
hidden somewhere. Also return after a poll timeout, there is no reason to
wait longer than a second for the answer of the ca process.
OK jsing@
|
|
Check for this in the ca process and return a valid answer to the
relay process. This fixes rsae_send_imsg poll timeouts blocking relay
processes as seen by Mischa Peters and myself.
OK benno@
|
|
ok claudio@, feedback bluhm@
|
|
Fixes a crash when poll is run without any checks.
Found and fixed by Hiltjo Posthuma (hiltjo -AT- codemadness -DOT- org).
ok claudio@
|
|
|
|
From Kapetanakis Giannis, thanks.
ok claudio@
|
|
|
|
Currently this is only used by relay_close() but will be needed in near
future.
OK benno@
|
|
For this we need to add an additional pointer to the ctl_relay_event.
Diff from Petri Mikkila (pmikkila at gmail)
OK benno@
|
|
fatal() instead of fatalx()
|
|
|
|
This removes 'no ecdh' and renames 'ecdh curve auto' to ecdhe default.
The code uses now tls_config_set_ecdhecurves(3) so it is possible to
specify multiple curves now. If people specified curves in their config
they need to adjust their config now.
OK beck@
|
|
OK claudio@
|
|
Solves the startup issues seen by bluhm@. pread idea from guenther@.
While there save the errno in the error case.
OK bluhm@
|
|
|
|
the ca file (having all the trusted certs in them) can be so big that loading
via imsg fails.
OK beck@
|
|
initial bufferevent_write_buffer() to write out the queued up HTTP request.
OK benno@
|
|
Content-Lenght Header. Of course some servers still so it and send
Content-Lenght: 0. Adjust accordingly.
ok claudio@
|
|
Be more careful and remove the events before resetting them to the new
backends. This is also what some of the bufferevent functions are doing.
OK benno@
|
|
a NULL pointer argument (like free()). Also switch a !size to size == 0.
OK benno@
|
|
OK benno@
|
|
ok bluhm@, >8k makes sense claudio@
|
|
sporadically. If the \r and \n were read in separate chunks, relayd
got out of sync with the protocol as they were interpreted as two
lines. Use evbuffer_readln() with EVBUFFER_EOL_CRLF instead of
evbuffer_readline().
OK benno@
|
|
style string by including NUL in imsg and set the pointer in the struct
passed over imsg to NULL in the receiving process to be sure nothing
tries to use it.
Avoids a crash when specifying an empty style string reported by
Karl-Andre' Skevik. ok bluhm@
|
|
Otherwise data not written could get lost. Also try to drain the
buffers when socket splicing should be enabled. The latter was
lost when the expicit bufferevent_enable() was added in relay_write().
bug report, analysis, initial fix, testing Rivo Nurges; OK beck@
|
|
Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT
gmail, thanks!
chris@ pointed out that more than httpd(8) is effected.
OK gilles@
|
|
code. This fixes interception mode (since there we rewrite the CERT which
would alter the hash of the cert but the keys still remain the same).
OK bluhm@ and jsing@
|
|
the inspect case (same is done in the regular server mode).
OK bluhm@ and jsing@
|
|
OK claudio@
|
|
Check whether TLS server object is available before using it. With
these fixes the ssl inspect regress test just fails and does not
crash relayd.
OK claudio@
|
|
ok benno@ on an earlier version, input from Kapetanakis Giannis
|
|
Problem noted and fix from Kapetanakis Giannis, thanks!
Input & OK jca.
|
|
|
|
From Kapetanakis Giannis, thanks.
ok florian@
|
|
needs revisiting. From Rivo Nurges, thanks.
ok florian@
|
|
instead of CLEANFILES += y.tab.h
okay millert@
|
|
if pkey_add() fails.
|
|
From Hiltjo Posthuma hiltjo -AT codemadness -DOT- org, thanks!
ok florian, claudio
|
|
engine but at least we can use a sane API for new features.
Going in now so it is possible to work with this in tree.
General agreement at d2k17.
|
|
OK reyk@, deraadt@ (previous version)
|
|
ok sthen
|
|
OK deraadt millert
|
|
$REMOTE_ADDR.
Noticed and diff provided by Hiltjo Posthuma (hiltjo at codemadness dot org)
|
|
warn with the same severity. Switch log_warn() to LOG_ERR and keep
fatal() at LOG_CRIT.
OK reyk@ florian@
|
|
Fix by Rivo Nurges, fixes a problem with Atlassian JIRA
OK benno@
|
|
to the new syntax 2 years ago. Found by Michael W. Lucas, thanks!
ok tb@
|
