| Age | Commit message (Collapse) | Author |
|---|
|
prefixes from multiple sessions into the same table. Before a prefix
was removed from the table on the first withdraw (even though there
was an alternative around).
Requested by, tested and OK dlg@
|
|
From Martin Vahlensieck.
|
|
|
|
Found by naddy@
|
|
OK naddy@
|
|
This test no longer depends on specific overflow behaviour.
OK millert@
|
|
instead of printf(3) to output printable characters.
Pointed by Martin Vahlensieck.
ok gnezdo@
|
|
internally. This is a step in direction of more async aware io in rpki-client.
Now everything uses a buffer which is then written.
OK tb@
|
|
ok mpi@
|
|
|
|
work in slaacd.
Suggested / requested by tb who showed me previous work by reyk which
unfortunately predated my work in slaacd and followed a different
pattern to that done in slaacd.
Testing & OK tb
|
|
Pointed out by jmatthew and requested by florian.
|
|
This warning was present since an incorrect cast was removed in r1.11.
Add the cast to the correct place, i.e., cast to the wider type.
ok florian martijn
|
|
ldapd infers certificate and key paths from the configured certificate
string. It appends ".crt" and ".key", respectively, and in the case of
a relative path it also prepends "/etc/ldap/certs/". A logic error
results in prepending "/etc/ldap/certs/" also for absolute paths. Avoid
this by making the whole thing readable at the cost of a bit of verbosity.
Problem reported by Maksim Rodin on misc@, thanks!
Initial fix from me, committing an improved version on behalf of martijn.
ok jmatthew, tb
|
|
Problem noted by & OK tb
|
|
OK deraadt@
|
|
OK sthen
|
|
|
|
from Edgar Pettijohn
ok kn
|
|
slightly relax the ORCPT check by not enforcing that a
domain is required, allowing e.g.: ORCPT=rfc822;root
originally reported via github issue #1084 by Leo Gaspard
with input from gilles
ok kn
|
|
This allows you to add a SAN DNS name to a cert, and request a forced renewal
to get the new name added immediately
ok florian@
|
|
|
|
issue raised by martin vahlensieck
discussed with and ok sthen
|
|
their own lines.
Diffs from Martin Vahlensiech via tech@. Thanks!
|
|
|
|
first pass will read packing-lists fully, use that to cache along dependency
information, so we don't have to read packing-list again during second pass.
we do not cache full plists for the file checks, because
1/ that is significantly larger
2/ that pass is disk io bound anyway
|
|
definitions to the list of RequiredBy.
requires passing the pkgname around for the special case where tag and
define-tag are in the same location, so use that info for better diagnostics
Note that this loses the optimization where we only need read DependsOnly
this can be addressed later by storing stub packing-lists with only relevant
info during the first pass, so that we don't have to read them again
|
|
|
|
Quite a few users and developers (including me) were confused by how
virtual CPU strides would work.
Initial diff together with stsp, final feedback from kettenis
|
|
file doesn't exist; ok florian jmc
|
|
|
|
There is currently dead code in mft_parse() that handles stale
manifests by setting the stale flag and removing all files they
reference. This code was made unreachable in a refactor that
fixed a logic error that made mft_parse() succeed despite its
error handling. check_validity() returns three possible values.
Report failures and stale mfts back immediately via rc. Success
needs to reset rc to -1, so subsequent errors are reported as
such.
This is mostly cosmetic and only changes the rpki-client output
in that the comment at the top of the config now actually shows
stale manifests. This makes regress pass again.
ok claudio job
|
|
|
|
The check_validity() function used the X509_cmp_time() functions with
GeneralizedTime. This doesn't work with current dates since LibreSSL
enforces conformance with RFC 5280 in X509_cmp_time(), which requires
that dates before 2050 are represented with UTCTime. The functions
would return an error, but missing error checking led to failing to
detect expired or not yet valid manifests. Fix this by converting the
dates into struct tm and using ASN1_time_tm_cmp() instead.
With input from claudio, jsing
ok benno claudio jsing
|
|
with -fno-common does not fail.
OK bcook@
|
|
type directly to log init. One less common in bgpd.
OK benno@
|
|
bgpd_process and changing the behaviour that way add a new filterset
type ACTION_SET_NEXTHOP_REF which is used when the nexthop reference
of the union is used. Adjust the RDE to convert ACTION_SET_NEXTHOP to
ACTION_SET_NEXTHOP_REF when receiving the filtersets.
OK benno@
|
|
Change control_dispatch_msg() to return the change of control connection
count since the return value was not used before.
Add control_fill_pfds() to replace the TAILQ_FOREACH loop in session.c.
This allows to move the ctl_conns symbol to control.c (from session.h
where it caused issues when compiled with -fno-common).
OK benno@
|
|
|
|
This was unhooked from the build in a code sync in 1996 and didn't make
it into the upstream revision history.
Prompted by a diff from Neeraj Pal that showed that this file wasn't
compiled.
ok jca kn
|
|
Some devs are not convinced.
|
|
OK jmc@ deraadt@
|
|
Notified to me by jmc@
Diff by Matthias Pressfreund <mpfr @ fn de>, thanks
|
|
|
|
ok remi@
|
|
this fixes the use of "depend on" in my situation, which is an
Ethernet (broadcast) interface where I'm actually peering with
multiple routers so i don't have "type p2p" set. with this the ospf
peers now know how to route around my firewalls when their carp
interfaces are in the backup state.
discussed with claudio@ and jmatthew@
ok remi@
|
|
(audio.4 tweaked from that submitted)
|
|
they might be able to find said metrics.
OK denis@ jmc@
|
|
OK denis@
|
|
OK deraadt@
|
