| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-12-08 | Convert snprintf+write into dprintf. It is simply easier to read, and | Theo de Raadt | |
| provides retry on short-write file descriptors. ok florian, previous versions seen by millert | |||
| 2017-12-07 | Now that we have RB_NFIND, the canacar's trick with RB_INSERT+RB_NEXT | Vadim Zhukov | |
| is not needed anymore. okay jmatthew@ | |||
| 2017-12-07 | client_addr_init() never fails and its return value is never checked, | Vadim Zhukov | |
| so just make it void. okay jmatthew@ | |||
| 2017-12-07 | Fix a potential fd leak in client_aldap_open(). | Vadim Zhukov | |
| okay jmatthew@ | |||
| 2017-12-06 | Make vmd respect owner when starting non-disabled vms. | Aaron Bieber | |
| OK pd@, benno@ | |||
| 2017-12-02 | switching to _pbuild is tricky, you can't take it back. | Marc Espie | |
| in particular, disable future PORTS_PRIVSEP mechanisms under pkg_create, because we should already be running as _pbuild by this point. | |||
| 2017-12-01 | Avoid using an uninitialized variable. | Visa Hankala | |
| Found by gcc. OK jca@ | |||
| 2017-11-30 | When performing vmctl reload and a previously configured vm is running, | ccardenas | |
| exit with an EALREADY vs EPERM. ok mlarkin@ | |||
| 2017-11-29 | vmd(8): fix broken IRR bit setting for the slave PIC. Noticed by claudio | Mike Larkin | |
| when he tried to make a vm with 4 network interfaces. ok claudio | |||
| 2017-11-29 | fix double dot; | Jason McIntyre | |
| 2017-11-29 | add -i to SYNOPSIS/usage() and sundry tweaks; | Jason McIntyre | |
| ok beck | |||
| 2017-11-29 | Insert MPLS VPN routes with the RTF_GATEWAY flag cleared. mpe(4) is now | Claudio Jeker | |
| expecting this and will use the route gateway and the mpls label to forward packets. This plus the other diffs to if_mpe.c and route.c should fix L3 MPLS VPNs. Problem reported by henning@ | |||
| 2017-11-29 | Don't do OCSP stapling only if the staple file is 0 length. | Bob Beck | |
| This allows something external (like ocspcheck) to disable the stapling deliberatly if it can not retreive a valid staple by truncating the staple file to indicate "do not provide a staple", while the file not existin will still be treated as a configuration error ok claudio@ florian@, and prompted by @jsing | |||
| 2017-11-29 | add options to specify the control socket in relayd and relayctl. | Sebastian Benoit | |
| From Kapetanakis Giannis, thanks. ok claudio@ | |||
| 2017-11-29 | make vmm(4) less responsible for initial register state, preferring to let | Mike Larkin | |
| usermode daemons handle that. ok pd@ | |||
| 2017-11-28 | fix some spelling errors in a few comments | Mike Larkin | |
| 2017-11-28 | Add option -i to allow oscpcheck to be used to validate an on-disk staple | Bob Beck | |
| ok claudio@ benno@ | |||
| 2017-11-28 | One less lie in comments | Claudio Jeker | |
| 2017-11-28 | tweak previous; | Jason McIntyre | |
| 2017-11-28 | Introduce relay_reset_event() which closes and resets a relay connection. | Claudio Jeker | |
| Currently this is only used by relay_close() but will be needed in near future. OK benno@ | |||
| 2017-11-28 | In TLS inspection mode we also need to keep the server tls object around. | Claudio Jeker | |
| For this we need to add an additional pointer to the ctl_relay_event. Diff from Petri Mikkila (pmikkila at gmail) OK benno@ | |||
| 2017-11-28 | Disable oscp stapling on invalid staple, rather than failing to start. | Bob Beck | |
| ok claudio@ florian@ | |||
| 2017-11-28 | relay_load_fd() is no longer clobering errno in the error case so use | Claudio Jeker | |
| fatal() instead of fatalx() | |||
| 2017-11-28 | Add space between to and read like in other DPRINTFs. | Claudio Jeker | |
| 2017-11-27 | Change the ecdhe curve configuration to the same way httpd is doing it. | Claudio Jeker | |
| This removes 'no ecdh' and renames 'ecdh curve auto' to ecdhe default. The code uses now tls_config_set_ecdhecurves(3) so it is possible to specify multiple curves now. If people specified curves in their config they need to adjust their config now. OK beck@ | |||
| 2017-11-27 | Make ca_launch error messages unique. | Alexander Bluhm | |
| OK claudio@ | |||
| 2017-11-27 | lseek/read is racy when there is multiple consumers. Use pread instead. | Claudio Jeker | |
| Solves the startup issues seen by bluhm@. pread idea from guenther@. While there save the errno in the error case. OK bluhm@ | |||
| 2017-11-27 | Add a DPRINTF() in relay_error() that helped me out way too many times. | Claudio Jeker | |
| 2017-11-27 | Use file descriptor passing to load certificates into the relays. Especially | Claudio Jeker | |
| the ca file (having all the trusted certs in them) can be so big that loading via imsg fails. OK beck@ | |||
| 2017-11-27 | Do not rip out the output buffer of the bufferevent. Instead just use an | Claudio Jeker | |
| initial bufferevent_write_buffer() to write out the queued up HTTP request. OK benno@ | |||
| 2017-11-27 | lenght->length, mostly in comments | Stuart Henderson | |
| 2017-11-27 | rfc 7230 mandates that a "204 No Content" http status must not come with a | Sebastian Benoit | |
| Content-Lenght Header. Of course some servers still so it and send Content-Lenght: 0. Adjust accordingly. ok claudio@ | |||
| 2017-11-27 | Show correct command execution status by checking against update | Sunil Nimmagadda | |
| operation return value. Issue reported by 'Zelest' (Jesper Wallin). Suggestions and ok eric@ gilles@. | |||
| 2017-11-27 | relay_tls_connected() is playing with the inner bowels of bufferevents. | Claudio Jeker | |
| Be more careful and remove the events before resetting them to the new backends. This is also what some of the bufferevent functions are doing. OK benno@ | |||
| 2017-11-27 | Simplify relay_close_http(), make relay_httpdesc_free() accept and ignore | Claudio Jeker | |
| a NULL pointer argument (like free()). Also switch a !size to size == 0. OK benno@ | |||
| 2017-11-27 | typo in comments "optionel" -> "optional" | Mike Larkin | |
| 2017-11-27 | Deprecate agreement url config option and get the information from the | Florian Obser | |
| directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno | |||
| 2017-11-24 | Revert my change to ignore EIO errors when writing to log files. | Alexander Bluhm | |
| Syslogd continued logging messages to a file that had an EIO error. This could slow down the whole system. File system errors may cause huge delays at every access. This prevented debugging the issue. Now syslogd will log a warning and shut down logging to this file until restart or SIGHUP. OK deraadt@ espie@ millert@ | |||
| 2017-11-23 | simplify imsg handler. | Eric Faurot | |
| ok sunil@ gilles@ | |||
| 2017-11-21 | no need to check the sending process in imsg handlers when there is no | Eric Faurot | |
| ambiguity: just use a single switch. ok gilles@ sunil@ | |||
| 2017-11-21 | The call to setegid(2) was replaced with setresgid(2) a while ago. | Theo Buehler | |
| Adjust error message accordingly. | |||
| 2017-11-18 | merge the masquerade and missing domain header callbacks into one function. | Eric Faurot | |
| ok gilles@ | |||
| 2017-11-17 | Use explicit_bzero to erase secrets | Jeremie Courreges-Anglas | |
| from Scott Cheloa, ok tb@ | |||
| 2017-11-16 | Check that http options are only configured in http protocols. | Alexander Bluhm | |
| OK benno@ | |||
| 2017-11-15 | make the maximum size of http headers configurable in the protocol. | Sebastian Benoit | |
| ok bluhm@, >8k makes sense claudio@ | |||
| 2017-11-14 | Inverse logic, issue found by henning@. MPLS VPN is still broken though. | Claudio Jeker | |
| 2017-11-11 | reads better as *an* rdomain, i think; | Jason McIntyre | |
| 2017-11-11 | update switch handling in vmd(8). vmd now gets switch information (rdomain, | Mike Larkin | |
| etc) from underlying switch interface instead of handling this on its own. Diff from carlos cardenas, Thanks! ok reyk@ | |||
| 2017-11-09 | /usr/share/compile -> /usr/share/relink/kernel | Antoine Jacoutot | |
| from semarie I meant to do that at p2k17 but totally forgot... | |||
| 2017-11-08 | Since r1.41 the extensions are included in the CSR. Thus ca_request() | Patrick Wildt | |
| already sets the extension values and returns. ca_sign() re-uses the information to write out the extension file. Since ca_request() uses strings stored on the stack, on return the pointers to those strings will be unusable. To fix this, strdup() the strings passed ca_setenv() so we can re-use them in another scope. And free() them when we clear the environment in ca_clrenv(). Initial report and diff from Andrei-Marius Radu. ok markus@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |