summaryrefslogtreecommitdiff
path: root/usr.sbin
AgeCommit message (Collapse)Author
2017-02-07Ox on its own line;Jason McIntyre
2017-02-07/tmp/cvsspEkokReyk Floeter
2017-02-07Improve parsing of the HTTP request lineReyk Floeter
Make sure that the beginning of a new request starts with an alphabetic character. This is a quick way to detect non-ASCII requests (eg. TLS on port 80). The full validation of the request method is done once the input line is read. Make sure that non-terminated lines do not exceed the SERVER_MAXHEADERLENGTH which is 8k. As the current read watermark is set to 64k, this means that the limit check is triggered after max. 64k of input, depending on the TCP read buffer. OK benno@ jsing@
2017-02-07Add installurl to FILES and SEE ALSO.Antoine Jacoutot
2017-02-06amend the "unsigned package" message, commenting that signify(1) doesn'tMarc Espie
see old-style signatures. Clue for people trying pkg_add -current against 6.0 or earlier.
2017-02-06basic installurl support, get installpath from it (appending the requisiteMarc Espie
magic for packages location...). Fairly straightforward if pkg.conf defines installpath=, it takes precedence (manual trumps automatic) to be fully documented once the dust settles. okay aja@
2017-02-06Bump bcrypt version to $2b$ and increase number of rounds in two examples.Theo Buehler
2017-02-06Use quotes to protect the password hash from shell expansion. Update hashTheo Buehler
to the new bcrypt version $2b$ and use more rounds. Prof. Falken's password is much safer now. Found thanks to a problem report by John McGuigan. ok beck
2017-02-05The installer does not create pkg.conf during installation and doesRobert Peichaer
not update it during upgrades anymore. pkg_add(1) will soon use the installurl file as primary source to find the package repository. OK espie@, tb@
2017-02-05Use a non-greedy regular expression for the installpath url.Robert Peichaer
This ensures, that a trailing whitespace does not break pkg_add. OK espie@
2017-02-04Appropriately replace "domain name" with "hostname"; less misleadingJeremie Courreges-Anglas
tb@ was initially concerned about next-server but there were more similar occurrences. Simple solution - "hostname" - proposed by jmc@ ok from both
2017-02-04Cast char to unsigned char for isspace()Philip Guenther
ok gilles@
2017-02-04missing function prototypeMike Larkin
2017-02-03Stop assuming that in_{addr,port}_t are typedefed in <sys/types.h> andPhilip Guenther
instead pull in <netinet/in.h> or <arpa/inet.h> when those are needed. ok florian@ beck@ millert@
2017-02-03Don't use <sys/param.h> from userland without cause. Sort <sys/*>Philip Guenther
before other includes per style(9) while we're here. ok florian@ bcook@ jsing@ beck@
2017-02-02Fix support for HTTP pipelining by handling all requests in the buffer.Reyk Floeter
Tested & OK jung@
2017-02-02Disable client-initiated TLS renegotiation by default.Reyk Floeter
It is rarely needed and imposes a light DoS risk. LibreSSL's libssl allows to turn it off with a simple SSL_OP_NO_CLIENT_RENEGOTIATION option instead of the complicated implementation that was used before. It now turns it off completely instead of allowing one initial client-initiated renegotiation. It can still be enabled with "tls client-renegotiation". ok benno@ beck@ jsing@
2017-02-01netinet/in.h should be included, and freebsd and some othersBob Beck
don't have EAI_NODATA, so make this easier for people from bernard spill
2017-01-31Teach ikectl to include extensions in the CSR, rather than just adding themStuart Henderson
when signing the certificates by the local CA. This can make things easier if you want to take a CSR from ikectl to another CA for signing, they often copy extensions from the request. ok reyk@
2017-01-31Don't include a literal "%" in the value for humidity sensorValue inStuart Henderson
OPENBSD-SENSORS-MIB, % is the unit for this value and is already present in sensorUnits, and it's harder for NMS to parse "100.00%" as a number. From Joel Knight.
2017-01-31remove extra call setting OCSP staple now that it is done aboveBob Beck
using keypair_ocsp.. ok reyk@
2017-01-31Correct mistake I made when converting this to new funcitonBob Beck
2017-01-31Add tls_config_[add|set]keypair_ocsp functions so that ocsp staples may beBob Beck
added associated to a keypair used for SNI, and are usable for more than just the "main" certificate. Modify httpd to use this. Bump libtls minor. ok jsing@
2017-01-31Reimplement httpd's support for byte ranges.Reyk Floeter
The previous implementation loaded all the output into a single output buffer and used its size to determine the Content-Length of the body. The new implementation calculates the body length first and writes the individual ranges in an async way using the bufferevent mechanism. This prevents httpd from using too much memory and applies the watermark and throttling mechanisms to range requests. Problem reported by Pierre Kim (pierre.kim.sec at gmail.com) OK benno@ sunil@
2017-01-31The variable clt_done is used in too many places.Reyk Floeter
Introduce a new variable clt_headersdone in the async HTTP parser. OK sunil@ benno@
2017-01-31Do not set EVBUFFER_EOF on read/write errors and handle EOF correctly.Reyk Floeter
Either libevent or the TLS callback can trigger an EOF when the connection is closed. OK sunil@ jung@ benno@
2017-01-31Use the sizeof operator on a struct not a pointer to one.Jonathan Gray
ok rzalamena@
2017-01-30Drop empty line.Antoine Jacoutot
2017-01-30Fix error path of range requests, found while reviewing byte range support.Reyk Floeter
OK jsg@
2017-01-30build mkuboot on arm64Jonathan Gray
2017-01-29Fix tcpdump(8) display of duration values provided in 802.11 control frames.Stefan Sperling
These values are in microseconds, not milliseconds. ok sthen@
2017-01-28- -N got changed to -DJason McIntyre
- there is no Challenges section reported by michael reed
2017-01-28Back out make(obj) hack: it doesn't solve the problem entirely and mayTheo Buehler
interfere with read-only src tree setups.
2017-01-27Copyright notices don't belong in the displayed text of manual pages,Ingo Schwarze
so delete it. Of course, the notice is still present as a comment in the source code of the page, at the place where it belongs. Found because it also violated "new sentence, new line".
2017-01-27More s/OSCP/OCSP/ typosTom Cosgrove
ok jmc@
2017-01-26oscp -> ocsp;Jason McIntyre
from holger mikolon, plus one more in nc;
2017-01-26Document the ldomctl(8) 'select' command previously not mentioned in theStefan Sperling
manual page. Also, replace an alternative fact given for the 'dump' command with an actual fact: it does not accept an argument.
2017-01-26Remove unused _REL variableRobert Peichaer
OK aja@
2017-01-26Move setting _OSrev to immediately after verifying _KERNV and exitRobert Peichaer
early if _OSrev is empty. OK aja@
2017-01-26No need to escape '.' in shell patterns - it has no special meaning.Robert Peichaer
OK aja@
2017-01-26Spacing and use arithmetic testRobert Peichaer
OK aja@
2017-01-26Use numeric exit codes consistently rather than a mixBob Beck
ok jsing@
2017-01-26styleBob Beck
2017-01-26Fix the structure initialzation to compile. bad inioguchi and millert :)Bob Beck
ok jsing@ rpe@
2017-01-25Fix array initialization syntax for ocspcheck.cKinichiro Inoguchi
Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@
2017-01-25if the fs got badly damaged, display a decent error message instead ofMarc Espie
erroring out when we can't read a plist.
2017-01-25In some cases, pkg_info -e spec would display the spec instead of theMarc Espie
actual pkg name as intended. (forgot who reported that one, sorry)
2017-01-25some run environnement do not properly reset signals (e.g., python) andMarc Espie
as a result pkg_add + signify fails with weird error messages, as it relies on default SIGPIPE behavior. Finally fix the problem, sanitize our running environment before forking. Problem reported by various people.
2017-01-25remove __BEGIN_DECLS and __END_DECLS from http.hKinichiro Inoguchi
sync with ocspcheck and acme-client ok benno@
2017-01-25bring changes from acme-client over here.Sebastian Benoit
ok beck@