| Age | Commit message (Collapse) | Author |
|---|
|
|
|
empty strings. There are no empty strings being passed around but a
fair amount of optional strings and this will simplify this code.
OK tb@
|
|
If you add alternatives domain names to
acme-client.conf, using -F is required to
renew the certificate with the new names.
ok jmc@
|
|
location and the filename of the referenced file. Use the same method
both in main.c and mft.c which is a fair bit simpler than using calloc
and strlcpy/strlcat to build the string by hand.
OK tb@
|
|
NAK.
Suggestion & ok dlg@
|
|
in other places as well.
ok procter@
|
|
causes btrace to reject such programs. An example is exit which is both
a syscall and a builtin btrace function. Pointed out by bluhm@
To resolve the conflict, make use of a lexer backdoor. A concept
described in the original yacc paper and also found in other yacc
parsers in our tree.
ok bluhm@ mpi@
|
|
|
|
|
|
|
|
ok mlarkin@ tb@
|
|
|
|
provided vcard payload. This change verifies the certificate of the .gbr
file and makes sure it is valid (like we do for e.g. .roa files).
OK job@
|
|
hash even if rpki-client ignores this file later on.
OK job@
|
|
man page and inputs from schwarze@
ok sthen@
|
|
function accepts an optional argument representing the number of map
entries to print.
ok bluhm@ mpi@
|
|
fails, buffer is unchanged; initialize it with empty string. snprintf
may return negative value or the length that would have been written;
check and calculate remaining size. snprintf writes size - 1
characters; pass buffer size as length.
OK mpi@
|
|
ispunct characters. Everything else is fishy and so block those early on.
OK millert@ job@
|
|
prefixes from multiple sessions into the same table. Before a prefix
was removed from the table on the first withdraw (even though there
was an alternative around).
Requested by, tested and OK dlg@
|
|
From Martin Vahlensieck.
|
|
|
|
Found by naddy@
|
|
OK naddy@
|
|
This test no longer depends on specific overflow behaviour.
OK millert@
|
|
instead of printf(3) to output printable characters.
Pointed by Martin Vahlensieck.
ok gnezdo@
|
|
internally. This is a step in direction of more async aware io in rpki-client.
Now everything uses a buffer which is then written.
OK tb@
|
|
ok mpi@
|
|
|
|
work in slaacd.
Suggested / requested by tb who showed me previous work by reyk which
unfortunately predated my work in slaacd and followed a different
pattern to that done in slaacd.
Testing & OK tb
|
|
Pointed out by jmatthew and requested by florian.
|
|
This warning was present since an incorrect cast was removed in r1.11.
Add the cast to the correct place, i.e., cast to the wider type.
ok florian martijn
|
|
ldapd infers certificate and key paths from the configured certificate
string. It appends ".crt" and ".key", respectively, and in the case of
a relative path it also prepends "/etc/ldap/certs/". A logic error
results in prepending "/etc/ldap/certs/" also for absolute paths. Avoid
this by making the whole thing readable at the cost of a bit of verbosity.
Problem reported by Maksim Rodin on misc@, thanks!
Initial fix from me, committing an improved version on behalf of martijn.
ok jmatthew, tb
|
|
Problem noted by & OK tb
|
|
OK deraadt@
|
|
OK sthen
|
|
|
|
from Edgar Pettijohn
ok kn
|
|
slightly relax the ORCPT check by not enforcing that a
domain is required, allowing e.g.: ORCPT=rfc822;root
originally reported via github issue #1084 by Leo Gaspard
with input from gilles
ok kn
|
|
This allows you to add a SAN DNS name to a cert, and request a forced renewal
to get the new name added immediately
ok florian@
|
|
|
|
issue raised by martin vahlensieck
discussed with and ok sthen
|
|
their own lines.
Diffs from Martin Vahlensiech via tech@. Thanks!
|
|
|
|
first pass will read packing-lists fully, use that to cache along dependency
information, so we don't have to read packing-list again during second pass.
we do not cache full plists for the file checks, because
1/ that is significantly larger
2/ that pass is disk io bound anyway
|
|
definitions to the list of RequiredBy.
requires passing the pkgname around for the special case where tag and
define-tag are in the same location, so use that info for better diagnostics
Note that this loses the optimization where we only need read DependsOnly
this can be addressed later by storing stub packing-lists with only relevant
info during the first pass, so that we don't have to read them again
|
|
|
|
Quite a few users and developers (including me) were confused by how
virtual CPU strides would work.
Initial diff together with stsp, final feedback from kettenis
|
|
file doesn't exist; ok florian jmc
|
|
|
|
There is currently dead code in mft_parse() that handles stale
manifests by setting the stale flag and removing all files they
reference. This code was made unreachable in a refactor that
fixed a logic error that made mft_parse() succeed despite its
error handling. check_validity() returns three possible values.
Report failures and stale mfts back immediately via rc. Success
needs to reset rc to -1, so subsequent errors are reported as
such.
This is mostly cosmetic and only changes the rpki-client output
in that the comment at the top of the config now actually shows
stale manifests. This makes regress pass again.
ok claudio job
|
