Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | added new transport auth methods to doc set | Rainer Gerhards | 2008-05-21 | 5 | -9/+86 |
| | |||||
* | re-enabled anon mode (failed if client did not provide cert) | Rainer Gerhards | 2008-05-21 | 2 | -4/+7 |
| | |||||
* | changed default GnuTLS key material to more reasonable values | Rainer Gerhards | 2008-05-20 | 5 | -57/+55 |
| | | | | | We now also provide everything to sign with a common CA. NOTE: none of this is for production use! | ||||
* | first implementation of TLS server client authentication check | Rainer Gerhards | 2008-05-19 | 16 | -58/+347 |
| | | | | | | | The TLS server now checks the client fingerprint. This works, but is highly experimental. Needs to be refined for practice. Also: - implemented permittedPeers helper construct to store names - changed omfwd implementation to use new permittedPeers | ||||
* | improved error messages and corrected fingerprint format | Rainer Gerhards | 2008-05-19 | 4 | -13/+32 |
| | |||||
* | regained netstream driver genericity; improved drivers | Rainer Gerhards | 2008-05-17 | 3 | -6/+56 |
| | | | | | | | | | - made action logic pass optional auth params only if they are actually configured - added new authMode and Fingerprint methods to ptcp netstream driver (keeping them once again generic) - added diagnostics messages when invalid auth modes were configured | ||||
* | added first rough ability to authenticate the server against its certificate | Rainer Gerhards | 2008-05-16 | 8 | -23/+174 |
| | | | | | | | | | | This is very experimental and needs some more work. It probably even segfaults - but the base code is there and running. The rest is refinement. While working on this, I did these two bugfixes: - bugfix: small mem leak in omfwd on exit (strmdriver name was not freed) - bugfix: $ActionSendStreamDriver had no effect | ||||
* | Merge branch 'master' into ietf-tls | Rainer Gerhards | 2008-05-16 | 30 | -81/+257 |
|\ | |||||
| * | bumped version number | Rainer Gerhards | 2008-05-16 | 2 | -1/+3 |
| | | |||||
| * | removed references to deleted filesv3.19.2 | Rainer Gerhards | 2008-05-16 | 1 | -4/+0 |
| | | |||||
| * | fixed potential uninitialzed var access (highly improbable) | Rainer Gerhards | 2008-05-16 | 1 | -0/+2 |
| | | |||||
| * | preparing for 3.19.2 | Rainer Gerhards | 2008-05-16 | 3 | -19/+50 |
| | | |||||
| * | Merge branch 'beta' | Rainer Gerhards | 2008-05-16 | 3 | -3/+23 |
| |\ | | | | | | | | | | | | | | | | | | | Conflicts: ChangeLog rfc3195d.c | ||||
| | * | Merge branch 'v3-stable' into beta | Rainer Gerhards | 2008-05-16 | 6 | -8/+28 |
| | |\ | |||||
| | | * | Merge branch 'v2-stable' into v3-stable | Rainer Gerhards | 2008-05-15 | 2 | -3/+13 |
| | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ChangeLog configure.ac | ||||
| | | | * | bumped version number | Rainer Gerhards | 2008-05-15 | 2 | -1/+3 |
| | | | | | |||||
| | | | * | finalizing 2.0.5 releasev2.0.5 | Rainer Gerhards | 2008-05-15 | 1 | -1/+1 |
| | | | | | |||||
| | | | * | updated ChangeLog (forgotten...) | Rainer Gerhards | 2008-05-07 | 1 | -0/+1 |
| | | | | | |||||
| | | | * | support for liblogging 0.7.1+ added | Rainer Gerhards | 2008-05-07 | 1 | -3/+3 |
| | | | | | |||||
| | | * | | bugfix: some whitespaces where incorrectly not ignored | Rainer Gerhards | 2008-05-14 | 3 | -0/+6 |
| | | | | | | | | | | | | | | | | | | | | | | | | | when parsing the config file. This is now corrected. Thanks to Michael Biebl for pointing out the problem. | ||||
| | | * | | fixed potential segfault due to invalid call to cfsysline | varmojfekoj | 2008-05-14 | 3 | -5/+9 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | thanks to varmojfekoj for the patch Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com> | ||||
| | * | | | preparigng for 3.17.2 releasev3.17.2 | Rainer Gerhards | 2008-05-04 | 1 | -2/+2 |
| | | | | | |||||
| * | | | | added fromhost-ip properties and some bugfixes | Rainer Gerhards | 2008-05-16 | 19 | -32/+149 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - bugfix: TCP input modules did incorrectly set fromhost property (always blank) - bugfix: imklog did not set fromhost property - added "fromhost-ip" property - added "RSYSLOG_DebugFormat" canned template - bugfix: hostname and fromhost were swapped when a persisted message (in queued mode) was read in | ||||
| * | | | | bumped version number | Rainer Gerhards | 2008-05-15 | 2 | -4/+2 |
| | | | | | |||||
| * | | | | added TODO item | Rainer Gerhards | 2008-05-15 | 1 | -1/+1 |
| | | | | | |||||
| * | | | | bugfix: TLS server went into an endless loop in some situations. | Rainer Gerhards | 2008-05-15 | 4 | -13/+13 |
| | | | | | | | | | | | | | | | | | | | | Thanks to Michael Biebl for reporting the problem. | ||||
| * | | | | ugfix: lmtcpclt, lmtcpsrv and lmgssutil did all link to the static runtime ↵ | Rainer Gerhards | 2008-05-14 | 2 | -3/+9 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | library, resulting in a large size increase (and potential "interesting" effects). Thanks to Michael Biebel for reporting the size issue. | ||||
| * | | | | fixed potential segfault due to invalid call to cfsysline | varmojfekoj | 2008-05-14 | 4 | -7/+11 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | thanks to varmojfekoj for the patch Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com> | ||||
* | | | | | client provides x.509 and server prints fingerprint | Rainer Gerhards | 2008-05-15 | 2 | -6/+34 |
|/ / / / | |||||
* | | | | server's X509 cert fingerprint is obtained by client on connect | Rainer Gerhards | 2008-05-08 | 3 | -189/+50 |
| | | | | |||||
* | | | | added a bit of doc (at least something...) | Rainer Gerhards | 2008-05-08 | 5 | -1/+245 |
| | | | | |||||
* | | | | added tool to show fingerprints | Rainer Gerhards | 2008-05-08 | 1 | -0/+2 |
| | | | | | | | | | | | | | | | | | | | | this is required for IETF I-D syslog-transport-tls-12. This is a very rough first prototype | ||||
* | | | | added simple shell script to support creating self-signed certs | Rainer Gerhards | 2008-05-08 | 1 | -0/+3 |
| | | | | | | | | | | | | | | | | this is necessary to comply to IETF I-D -syslog-transport-tls-12 | ||||
* | | | | bugfix: gtls netstram driver did not specify threading model | Rainer Gerhards | 2008-05-08 | 1 | -3/+7 |
| | | | | | | | | | | | | | | | | (could possibly lead to "interesting effects" ;)) | ||||
* | | | | removed red hat specific files | Rainer Gerhards | 2008-05-07 | 5 | -145/+0 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | I could't maintain them and they are now handled by the package maintainers They were orginally introduced when there were no packages available. Over time, they became outdated and thus a bit problematic. | ||||
* | | | | preparing 3.19.1v3.19.1 | Rainer Gerhards | 2008-05-07 | 2 | -5/+5 |
| | | | | |||||
* | | | | limited number of unavoidable compiler warnings when compiling with GnuTLS | Rainer Gerhards | 2008-05-07 | 2 | -2/+18 |
| | | | | |||||
* | | | | fixed problem with man pages thanks to Michael Biebl's help | Rainer Gerhards | 2008-05-06 | 2 | -5/+3 |
| | | | | |||||
* | | | | configure help for --enable-gnutls wrong | Rainer Gerhards | 2008-05-06 | 2 | -1/+3 |
| | | | | | | | | | | | | | | | | | | | | said default is "yes" but default actually is "no" thanks to darix for pointing this out | ||||
* | | | | added missing includes (noticed under SuSe Linux) | Rainer Gerhards | 2008-05-06 | 2 | -0/+2 |
| | | | | |||||
* | | | | bumping version number | Rainer Gerhards | 2008-05-06 | 2 | -1/+4 |
| | | | | |||||
* | | | | file dirty.h was missing - thanks to darix for pointing this out | Rainer Gerhards | 2008-05-06 | 1 | -0/+2 |
| | | | | |||||
* | | | | some cleanup (gotten rid of some more plain chars) | Rainer Gerhards | 2008-05-06 | 9 | -23/+21 |
| | | | | |||||
* | | | | final touches for 3.19.0v3.19.0 | Rainer Gerhards | 2008-05-06 | 6 | -11/+10 |
| | | | | |||||
* | | | | Merge branch 'tls' | Rainer Gerhards | 2008-05-06 | 35 | -266/+713 |
|\ \ \ \ | |||||
| * | | | | trying to remove compiler warnings | Rainer Gerhards | 2008-05-05 | 2 | -2/+3 |
| | | | | | |||||
| * | | | | invalid strdup when no driver name was set caused segfault | Rainer Gerhards | 2008-05-05 | 1 | -1/+2 |
| | | | | | |||||
| * | | | | support for different forwarding stream drivers added | Rainer Gerhards | 2008-05-05 | 7 | -8/+51 |
| | | | | | | | | | | | | | | | | | | | | they can now be set on an action-by-action basis | ||||
| * | | | | made default certificate file locations configurable | Rainer Gerhards | 2008-05-05 | 4 | -7/+90 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - added $DefaultNetstreamDriverCAFile config directive - added $DefaultNetstreamDriverCertFile config directive - added $DefaultNetstreamDriverKeyFile config directive | ||||
| * | | | | made imgssapi work with new netstrm driver model | Rainer Gerhards | 2008-05-05 | 4 | -12/+46 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | there were a couple of things where imgssapi was not compatible with the new encapsulation. I did a somewhat dirty fix. The real solution would be to turn gssapi functionality into a netstream driver, which is too much for now (after all, we want to release some time AND we need to have the code mature in practice before we go for the next target...). |