Age | Commit message (Collapse) | Author |
|
OK claudio@
|
|
fix the bug I introduced that bluhm@ et al noticed
|
|
BGPsec router keys are extracted from RPKI certificates and
emitted via the JSON output in base64 encoded form.
OK tb@ claudio@
|
|
of this switch from EVP_EncodeUpdate() plus complexity to the much
simpler use of calling EVP_EncodeBlock() directly.
OK job@
|
|
|
|
OK tb@
|
|
ok millert
|
|
OK claudio@
|
|
with normalized basedns work. Seems all other DN attributes in parse.y
pass through normalize_dn() so this seems to be the last one missing out.
With this configs using capitalized namespace DN like o=OpenBSD,c=CA
will actually work.
OK kn@ gsoares@
|
|
Host() return 1 on success and 0 or -1 on failure.
OK kn@ gsoares@
|
|
OK benno@
|
|
the chain for certificates via X509_STORE_CTX_set0_trusted_stack().
To make this work alter build_chains() to also return the root TA.
Factor out get_crl() from build_crls() and use it to fetch the crl
when validating roas. The crl now sets its expire time in struct crl
and this can be used to set the expire time of a ROA entry.
This simplifies proc_parser_roa() a fair bit and results in less calls
to mktime() (which is a surprisingly complex function).
OK tb@
|
|
as a epoch time_t. Store the expire time for certs, crls will follow after.
OK tb@
|
|
Noticed by benno@, OK tb@
|
|
for the really bizarre case where we would end up having several update
paths.
|
|
and delete all others. use PATH_MAX and other standardized symbols instead
of prehistoric kernel-only names, create local MINIMUM/MAXIMUM macros where
required, and directly include standard userland .h files as required.
|
|
OK claudio@
|
|
|
|
often fails. It happens when the HTTP parser reads more than one chunk in a
single tls_read() invocation causing the state machine to think it needs to read
more data while buffer already contains unexamined data. Considering a non-empty
buffer before tls_read() fixes the problem.
ok benno@ claudio@
|
|
fw_update does not need to install the 3 realtek firmwares anymore.
We must keep them around during the 7.0 cycle, but 7.1 onwards will
not require the files.
discussed with sthen and kevlo
|
|
Implement initial support for the str() function, which is used
primarily to truncate or NUL-terminate strings from either cli args
or args to tracepoints and syscalls.
Current implementation only supports cli args and is primarily for
compatability with bpftrace. Future work is needed once dt(4)
supports builtin args other than long values.
Adds a regress test and wires in argument-based tests again.
ok mpi@
|
|
ok claudio
|
|
OpenBGPD and GoBGP dump so that it works with all the MRT implementations
out there supporting this.
While there do some additional minor cleanup.
OK deraadt@
|
|
|
|
|
|
fixes a bug where ruleset was not evaluated with the expanded address.
reported by Stefan Haller
ok millert@
|
|
ok millert@
|
|
too much in btrace(8).
OK mpi@ deraadt@
|
|
|
|
|
|
Use RFC 5424 NILVALUE as fallback for LocalHostName.
OK millert@ mvs@
|
|
to work with a buffer that is not a real string.
The wpos is decremented in the wrong spot and would affect both
binary and non binary checks.
Simplify this code by using strndup.
OK rob@ benno@
|
|
requirements require that it's used in certificates so it makes sense to
generate a CSR compliant with this, additionally it replaces rather than
adds to the name in the certificate's subject which we weren't handling
correctly. Diff from wolf at wolfsden/cz, ok florian@
|
|
Access 8-byte nonce as unaligned data to avoid a crash on strict
alignment architectures. With IP and UDP, payload alignment is
guaranteed to 4-byte boundary only.
Reported and tested by Peter J. Philipp
OK deraadt@
|
|
OK deraadt@
|
|
|
|
When the limit is reached the object is considered invalid and the tree
traversal stops on that node.
OK beck@ job@
|
|
output when we never reach the destination.
Prompted by & input jmc
|
|
With this
dhcpleasectl em0
does the same as
dhclient em0
used to do. To please people's muscle memory one can be aliased to the other.
earlier version OK benno
with lots of help massaging the output & OK deraadt
|
|
ok deraadt florian
|
|
300 the time it takes to fetch and process all the deltas is higher than
fetching just a snapshot.
OK job@ sthen@
|
|
|
|
using config(8);
the contents of this configuration file will be fed to config(8) after
kernel relinking is done, so on the next boot the new kernel will have
all the configuration changes set by the user
this comes handy if you still want to use KARL while making changes
to the GENERIC kernel
diff from Paul de Weerd with input from several developers
|
|
everything into an iov and do some sprintf() formating later. Better
put everything into the iov upfront based on what the output methods
need. Then either the full iov is written or a line is created by
concatenating.
OK martijn@
|
|
keep-alive is the default. Check this early on and disable keep-alive
if a Connection: closed header is sent. Fixes the keep-alive issues
I have seen.
OK sthen@
|
|
valid argument type
found with afl++
ok mpi@
|
|
Instead of converting the ASN1_OBJECT into a string and comparing the
strings, convert the string into an ASN1_OBJECT once and then compare
these objects with OBJ_cmp().
Makes the code a bit easier to read and removes some repetitive conversions.
With input and OK tb@
|
|
First we can't assume rules are written in the order they will be executed.
Secondly filters might need to check variables before they had a chance to
be populated by the right event.
|
|
|
|
The following syntax, reducing duplication, is now allowed:
END,
interval:hz:2
{
...
}
Rule descriptors are now linked to a list of probe descriptors instead of
a single one. Enabled kernel probes are now linked to btrace(8) probe
descriptors.
While here stop parsing filter and probe if debug is not enabled.
|