summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* somewhat improved plain tcp syslog reliabilityRainer Gerhards2008-06-0910-13/+94
| | | | | | ...by doing a connection check before sending. Credits to Martin Schuette for providing the idea. Details are available at http://blog.gerhards.net/2008/06/reliable-plain-tcp-syslog-once-again.html
* fixed a bug with the new property replacer optionRainer Gerhards2008-06-072-2/+2
| | | | | there was a copy&paste error in the timereported property - thanks to Elizabeth for reporting it
* added new property replacer option "time-subseconds"Rainer Gerhards2008-06-068-2/+80
| | | | enables to query just the subsecond part of a high-precision timestamp
* added doc on suggested TLS deploymentRainer Gerhards2008-06-062-3/+146
| | | | (rough picture, actual configuration sample still missing).
* bumping version numberRainer Gerhards2008-06-064-6/+8
|
* preparing 3.19.6v3.19.6Rainer Gerhards2008-06-062-2/+3
|
* enhanced property replacer to support multiple regex matchesRainer Gerhards2008-06-045-11/+61
|
* bugfix: removed some memory leaks in TLS codeRainer Gerhards2008-06-043-7/+23
|
* bugfix: off-by-one bug during certificate checkRainer Gerhards2008-06-042-2/+5
|
* bugfix: part of permittedPeer structure was not correctly initializedRainer Gerhards2008-06-032-2/+3
| | | | thanks to varmojfekoj for spotting this
* bumped version numberRainer Gerhards2008-05-303-2/+4
|
* finalized 3.19.5v3.19.5Rainer Gerhards2008-05-302-5/+5
|
* capability for replacement text in no match regex case addedRainer Gerhards2008-05-305-18/+59
| | | | | | implemented in property replacer: if a regular expression does not match, it can now either return "**NO MATCH** (default, as before), a blank property or the full original property text
* enhanced property replacer's regex to support submatchesRainer Gerhards2008-05-295-14/+80
| | | | | | | - enabled Posix ERE expressions inside the property replacer (previously BRE was permitted only) - provided ability to specify that a regular expression submatch shall be used inside the property replacer
* fixed typoIida, Masanari2008-05-281-2/+2
| | | | | | | | Typo caused confusion, because the database name is case sensitive, but case was used different in the sample and the database create script. Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
* updated status documentRainer Gerhards2008-05-281-4/+4
|
* bumped version numberRainer Gerhards2008-05-273-2/+4
|
* finalized 3.19.4v3.19.4Rainer Gerhards2008-05-272-7/+14
|
* Merge branch 'ietf-tls'Rainer Gerhards2008-05-2712-96/+1248
|\
| * implemented wildcards inside certificate name check authenticationRainer Gerhards2008-05-274-7/+311
| |
| * client now provides cert even if it is not signed by one of the server's ↵Rainer Gerhards2008-05-273-10/+170
| | | | | | | | trusted CAs (gtls)
| * protected gtls error string function by a mutex.Rainer Gerhards2008-05-262-1/+10
| | | | | | | | | | Without it, we could have a race condition in extreme cases. This was very remote, but now can no longer happen.
| * fixed fingerprint generatorRainer Gerhards2008-05-261-2/+1
| | | | | | | | fixed problem introduced earlier today
| * fixed wrong cert expiration date checkRainer Gerhards2008-05-261-1/+1
| |
| * added certificate validity date check (gtls)Rainer Gerhards2008-05-262-10/+58
| |
| * added gtls name authentication based on common name (inside DN)Rainer Gerhards2008-05-263-7/+101
| | | | | | | | also changed fingerprint gtls auth mode to new format fingerprint
| * added capability to auto-configure tls auth rule for client connecting to serverRainer Gerhards2008-05-262-13/+52
| | | | | | | | must match hostname in send action
| * improved gtls error reportingRainer Gerhards2008-05-262-7/+26
| |
| * checking if client provided a cert and complain if notRainer Gerhards2008-05-231-1/+3
| |
| * updated TLS documentation with HOWTO on certificate generationRainer Gerhards2008-05-231-11/+113
| |
| * changed config directive name to reflect different useRainer Gerhards2008-05-223-25/+23
| | | | | | | | | | | | $ActionSendStreamDriverCertFingerprint is now $ActionSendStreamDriverPermittedPeer and can be used both for fingerprint and name authentication (similar to the input side)
| * added x509/name authentication (so far based on dnsName only)Rainer Gerhards2008-05-221-58/+137
| |
| * added code to pull the subjectAltName - dNSNameRainer Gerhards2008-05-212-3/+23
| |
| * fixed invalid prototypeRainer Gerhards2008-05-211-1/+1
| |
| * implemented x509/certvalid "authentication"Rainer Gerhards2008-05-215-7/+286
| |
* | bugfix: sender information (fromhost et al) was missing in imudpRainer Gerhards2008-05-212-1/+3
| | | | | | | | thanks to sandiso for reporting this bug
* | Merge branch 'beta'Rainer Gerhards2008-05-212-1/+5
|\ \ | | | | | | | | | | | | | | | Conflicts: ChangeLog
| * | bugfix: imklog went into an endless loop if a PRI value was insideRainer Gerhards2008-05-212-1/+6
| | | | | | | | | | | | | | | | | | a kernel log message This is an unusual case under Linux, and a frequent one under BSD
* | | bumping version numberRainer Gerhards2008-05-213-2/+4
| | |
* | | finalizing v3.19.3v3.19.3Rainer Gerhards2008-05-212-2/+2
| | |
* | | Merge branch 'ietf-tls'Rainer Gerhards2008-05-2126-112/+742
|\ \ \ | | |/ | |/| | | | | | | | | | Conflicts: ChangeLog
| * | added some forgotten docRainer Gerhards2008-05-212-12/+27
| | |
| * | added new transport auth methods to doc setRainer Gerhards2008-05-215-9/+86
| | |
| * | re-enabled anon mode (failed if client did not provide cert)Rainer Gerhards2008-05-212-4/+7
| | |
| * | changed default GnuTLS key material to more reasonable valuesRainer Gerhards2008-05-205-57/+55
| | | | | | | | | | | | | | | We now also provide everything to sign with a common CA. NOTE: none of this is for production use!
| * | first implementation of TLS server client authentication checkRainer Gerhards2008-05-1916-58/+347
| | | | | | | | | | | | | | | | | | | | | The TLS server now checks the client fingerprint. This works, but is highly experimental. Needs to be refined for practice. Also: - implemented permittedPeers helper construct to store names - changed omfwd implementation to use new permittedPeers
| * | improved error messages and corrected fingerprint formatRainer Gerhards2008-05-194-13/+32
| | |
| * | regained netstream driver genericity; improved driversRainer Gerhards2008-05-173-6/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | - made action logic pass optional auth params only if they are actually configured - added new authMode and Fingerprint methods to ptcp netstream driver (keeping them once again generic) - added diagnostics messages when invalid auth modes were configured
| * | added first rough ability to authenticate the server against its certificateRainer Gerhards2008-05-168-23/+174
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is very experimental and needs some more work. It probably even segfaults - but the base code is there and running. The rest is refinement. While working on this, I did these two bugfixes: - bugfix: small mem leak in omfwd on exit (strmdriver name was not freed) - bugfix: $ActionSendStreamDriver had no effect
| * | Merge branch 'master' into ietf-tlsRainer Gerhards2008-05-1630-81/+257
| |\ \
generated by cgit (git 2.34.1) at 2024-06-10 06:07:24 +0000