| Age | Commit message (Collapse) | Author |
|---|
|
and add the ability to parse a port in the specified ocsp url.
Since this will now pass them, enable regress tests previously
committed for ocspcheck.
mostly by me with some cleanup by tb after an obvious yak was found
to shave in the OCSP routines in libcrypto
ok tb@
|
|
may modify the string buffer.
ok florian@
|
|
OK sthen
|
|
|
|
|
|
|
|
|
|
The URI are sorted which results in preferrence of https URI.
To make rpki-client's handling easier enforce that all URI use the same
filename.
OK benno@
|
|
path to that resource. This will be needed for future RRDP support.
Additionally support more then one TAL URI and select the rsync URI
in that list. Finally queue_add_from_cert() got modified to include
both the rsync URI and the RRDP notify URI (which is still unused).
OK benno@
|
|
There is a soft fail mechanism to handle missing certs for seamless
interaction with acme-client. Move this to the config parser. This is
simpler than server.c r1.117 and avoids a crash due to listening on
port 443 without having set up the TLS context first. More precisely,
the crash happens if a server with missing certificate is visited via
https in a configuration where there is a second server with valid
certificate and key.
From Joshua Sing (joshua at hypera dot dev)
ok benno
|
|
Validate the URL's protocol identifier to avoid passing bogus arguments to
ftp(1) which otherwise might drop into the "ftp> " prompt instead of causing
sysupgrade(8) to exit non-zero.
Code taken from syspatch(8) as advised by ajacoutot.
Feedback jca
Feedback OK naddy
|
|
While here, rename sg_err()/ug_err() to just err() and sync code between
syspatch(8) and sysupgrade(8).
Feedback OK naddy
|
|
|
|
|
|
to the ospf6d counterpart.
OK remi@
|
|
|
|
orig_intra_area_prefix_lsas() is called. If not, the ospf6d will not
announce the new intra area db for a newly learned link from another
ospf router of the broadcast domain.
OK denis@
|
|
allocated with EVP_ENCODE_CTX_new(). Do this once on the first call
and keep the context around for all subsequent calls.
OK tb@ and benno@
|
|
in the main loop. This removes a few portability issues.
OK benno@
|
|
an argument. Will help with further changes.
OK benno@
|
|
Use errx(), remove the extra \n and use the correct argument (-s not -t).
|
|
|
|
to the -lcrypto base64 decoder using EVP_Decode* this is more portable.
With and OK tb@, OK benno@ (on a less polished version)
|
|
|
|
This is better than using hw.perfpolicy="high" for a number of reasons:
- matches the manpage
- apm(8) reporting becomes accurate
- more symmetry with -L ("low")
- lets the user tweak hw.setperf with sysctl(8) later
ok tedu@
|
|
Broken in r1.122 when the vnode list at the mount point was converted to
a TAILQ to make softdeps happy. There was a for loop that looked a lot
like a LIST_FOREACH that was converted to a TAILQ_FOREACH. Unfortunately,
the loop is a bit more intricate. Revert to the original loop logic, but
now with TAILQ.
"looks correct" millert, "looks good" deraadt
|
|
apmd(8) doesn't need to maintain state about the current hw.perfpolicy.
Dropping this weak caching fixes several issues:
- setting hw.perfpolicy can fail, don't report a bogus hw.perfpolicy if
that happens (reported by Miod)
- don't assume that hw.perfpolicy is set to "manual" at apmd(8) startup
- don't assume that hw.perfpolicy can't change behind apmd(8)'s back
"Seems fine" tedu@
|
|
requested by deraadt@
|
|
requested by deraadt@
|
|
This is based around NETWORK-SERVICES-MIB from RFC2788 and MTA-MIB from
RFC2789, but does not export the full spec. Hopefully this will expand in
the future.
People who want to use this against net-snmp (currently the only option
known to me at the time of writing) may want to add -I -mta_sendmail to the
flags, so net-snmp doesn't throw garbage into the mib-2.28 subtree.
|
|
This is based around VM-MIB from RFC7666,but does not export the full
spec. People more knowledgeable of vmd are encouraged to expand on this.
|
|
Nowadays "auto" mode is used instead. ok deraadt@
|
|
Pointed out by AIsha Tammy (openbsd <dot> bugs <at> aisha <dot> cc)
Original diff by Edgar Pettijohn (edgar <at> pettijohn-web <dot> com)
OK tb@
|
|
ok jca@
|
|
attribute that can be used to extend existing LDAP users with the
additional bsdAccount objectclass. The former is useful for
ypldap+ldapd setups without login_ldap and the latter makes it
easier to use sshd's AuthorizedKeysCommand.
Originally from reyk,
revived by Aisha Tammy,
with input from many, especially Robert Klein.
|
|
|
|
|
|
ok mpi@
|
|
further. This is in line with what other networking daemons do.
ok mestre@
|
|
Authentication-Results header.
OK giovanni@
|
|
OK bluhm@
|
|
sure benno@
|
|
(for an amusing long time), so that the partnership with cron "~ -ns" could
not make progress ingesting new ROAs. Add a "-s timeout" feature (default 1H,
0 to disable) after which rpki-client gives up the ghost, allowing cron to
perform a fresh try. Log loudly when this occurs.
ok job claudio beck
|
|
|
|
This is no issue, since a pointer is always >= 4 bytes, but incorrect is
incorrect.
Found by tb's static analyzer.
OK beck@
|
|
Found the static analyzer from tb@
OK beck@
|
|
if a client aborted the connection silently. As syslogd does not
write anything into incoming connections, it will not recognize
failure. Setting TCP keep alive on the listen socket does prevent
that for accecpted sockets. Note that outgoing connections do not
need it as syslogd will write data into them.
noticed by dhill@; OK millert@ beck@ deraadt@
|
|
|
|
feedback from otto@
ok mpi@ kn@ semarie@
|
|
It is possible to have a user name of the form foo@bar in the URL.
When splitting user name from host name, split at the last '@', not
the first one. From Josh Rickmar
|
