summaryrefslogtreecommitdiffstats
path: root/runtime/nsd_gtls.c
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'v5-devel'Rainer Gerhards2011-12-161-0/+2
|\ | | | | | | | | | | | | | | | | Conflicts: ChangeLog configure.ac doc/manual.html plugins/imuxsock/imuxsock.c runtime/modules.c
| * one further change to support gnutls without libgcryptRainer Gerhards2011-10-211-0/+2
| |
* | Merge branch 'beta'Rainer Gerhards2011-12-121-1/+1
|\ \
| * \ Merge branch 'v5-stable' into betaRainer Gerhards2011-12-011-1/+1
| |\ \
| | * \ Merge branch 'v4-stable' into v5-stableRainer Gerhards2011-12-011-1/+1
| | |\ \ | | | | | | | | | | | | | | | | | | | | Conflicts: action.c
| | | * \ Merge branch 'v3-stable' into v4-stableRainer Gerhards2011-12-011-1/+1
| | | |\ \
| | | | * | bugfix: cosmetic: proper constant used instead of number in open callTomas Heinrich2011-12-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
* | | | | | Merge branch 'beta'Rainer Gerhards2011-10-271-2/+6
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ChangeLog configure.ac doc/manual.html doc/v6compatibility.html
| * | | | | Merge branch 'v5-stable' into betaRainer Gerhards2011-10-271-2/+6
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ChangeLog
| | * | | | Merge branch 'v4-stable' into v5-stableRainer Gerhards2011-10-271-2/+6
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ChangeLog
| | | * | | bugfix: potential abort after reading invalid X.509 certificateTomas Heinrich2011-10-271-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290 Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
| * | | | | Merge branch 'v5-stable' into betaRainer Gerhards2011-06-141-2/+3
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ChangeLog runtime/nsd_gtls.c tcpsrv.c tests/Makefile.am
| | * | | | bugfix: TLS-induced smaller memory still existed, now fixedRainer Gerhards2011-06-141-0/+3
| | | | | |
* | | | | | Merge branch 'v5-devel'Rainer Gerhards2011-10-211-1/+5
|\ \ \ \ \ \ | | |_|_|_|/ | |/| | | | | | | | | | | | | | | | Conflicts: ChangeLog
| * | | | | removed dependency on gcrypt for recently-enough GnuTLSRainer Gerhards2011-10-171-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | see: http://bugzilla.adiscon.com/show_bug.cgi?id=289
| * | | | | Merge branch 'v4-devel' into v5-develRainer Gerhards2011-06-141-0/+3
| |\ \ \ \ \ | | |_|/ / / | |/| | / / | | | |/ / | | |/| | Conflicts: tcpsrv.c
| | * | | bugfix: memory leak in imtcp & subsystems under some circumstancesRainer Gerhards2011-06-141-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | This leak is tied to error conditions which lead to incorrect cleanup of some data structures. [backport from v6, limited testing under v4]
* | | | | bugfix: TLS-mode memory leak was not completely fixed with previous commitRainer Gerhards2011-06-141-2/+3
| |_|/ / |/| | |
* | | | Merge branch 'v5-beta'Rainer Gerhards2011-03-111-0/+1
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ChangeLog configure.ac doc/manual.html plugins/omlibdbi/omlibdbi.c tests/Makefile.am tests/diag.sh
| * | | added work-around for bug in gtls, which causes fd leak when using TLSBojan Smojver2011-02-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The capability has been added for module to specify that they do not like being unloaded. related bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=222 Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
* | | | completed new TLS code in tcpfloodRainer Gerhards2011-02-281-0/+2
| | | |
* | | | (somewhat) improved TLS subsystemRainer Gerhards2011-02-011-22/+4
|/ / / | | | | | | | | | | | | | | | - improved TLS error reporting - improved TLS startup (Diffie-Hellman bits do not need to be generated, as we do not support full anon key exchange -- we always need certs)
* | | Merge branch 'v4-beta' into betaRainer Gerhards2009-11-251-1/+4
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ChangeLog configure.ac doc/manual.html doc/rsyslog_conf_modules.html tests/Makefile.am tests/sndrcv_drvr.sh
| * | bugfix (kind of): check if TCP connection is still alive if using TLSJonathan Bond-Caron2009-11-251-1/+4
| | | | | | | | | | | | Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
* | | some light performance enhancementRainer Gerhards2009-11-121-1/+5
| | | | | | | | | | | | | | | ...by replacing time() call with much faster (at least under linux) gettimeofday() calls.
* | | enhanced test environment (including testbench)Rainer Gerhards2009-10-221-2/+2
|/ / | | | | | | | | | | | | | | support for enhancing probability of memory addressing failure by using non-NULL default value for malloced memory (optional, only if requested by configure option). This helps to track down some otherwise undetected issues within the testbench and is expected to be very useful in the future.
* | going forward in moving string-handling functions to new interface...Rainer Gerhards2009-06-171-17/+17
| |
* | done various optimizations to the stringbuf and its usersRainer Gerhards2009-06-161-4/+4
| |
* | strmsrv now supports KEEPALIVE socket optionRainer Gerhards2009-06-021-0/+11
| |
* | some cleanupRainer Gerhards2009-04-171-0/+2
|/ | | | | ... mostly removal of compile-time warnings (thanks to Michael Biebl for suggesting to look after that)
* bugfix: memory leaks in gtls netstream driverRainer Gerhards2008-12-031-1/+7
|
* added interface function to nsd_gtls needed for ACL controlRainer Gerhards2008-12-011-0/+15
| | | | | | | | The legacy ACL system needs access to the remote sockaddr_storage data structure. This has been implemented for the ptcp driver and now follows for gtls. See recent commits for reason. We also moved up the version numbers in preparation of the release.
* bugfix (cosmetical): authorization was not checked when gtls handshake ↵varmojfekoj2008-07-151-1/+4
| | | | | | | | | | | | | | completed immediately. While this sounds scary, the situation can not happen in practice. We use non-blocking IO only for server-based gtls session setup. As TLS requires the exchange of multiple frames before the handshake completes, it simply is impossible to do this in one step. However, it is useful to have the code path correct even for this case - otherwise, we may run into problems if the code is changed some time later (e.g. to use blocking sockets). Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
* bugfix: machine certificate was required for client even in TLS anon modeRainer Gerhards2008-07-021-5/+21
| | | | | | Reference: http://bugzilla.adiscon.com/show_bug.cgi?id=85 The fix also slightly improves performance by not storing certificates in client sessions when there is no need to do so.
* Merge branch 'beta'Rainer Gerhards2008-07-011-1/+1
| | | | | | | | | | | | | | | Conflicts: ChangeLog conf.c doc/Makefile.am doc/manual.html omfwd.c plugins/omgssapi/omgssapi.c This was a bit hard to merge; if there are problems, they may be in the area of the new "comment in action line" code that came from the beta.
* added (internal) error codes to error messagesRainer Gerhards2008-06-271-19/+18
| | | | | Also added redirector to web description of error codes closes bug http://bugzilla.adiscon.com/show_bug.cgi?id=20
* bugfix: gtls always read only 8 bytes per recv callRainer Gerhards2008-06-251-1/+1
|
* bugfix: gtls und ptcp netstream driver communicated invalid iRetRainer Gerhards2008-06-241-3/+5
| | | | This was introduced due to recent interface change.
* improved gtls error reportingRainer Gerhards2008-06-241-1/+3
|
* added support for EGAIN while trying to receive data on gTLS sessionRainer Gerhards2008-06-241-18/+90
| | | | | | | | | This maps to bugzilla bug 83: http://bugzilla.adiscon.com/show_bug.cgi?id=83 This is the first test version, posted to user for repro of the problem. It contains code to handle the case, HOWEVER, I have not been able to test it in a scenario where a retry actually happens while receiving (I dont't get this in my environment). So I assume it is buggy and will probably not work.
* disabled compile warnings caused by third-party librariesRainer Gerhards2008-06-231-0/+2
|
* changed Rcv-Interface in tcpsrv subsystemRainer Gerhards2008-06-231-3/+9
| | | | | | It is now iRet based. This enables us to communicate more in-depth information to the upper peers. This is needed to handle the EGAIN case on rcv (not yet implemented)
* disabled in-depth GnuTLS debugging aidRainer Gerhards2008-06-231-0/+2
| | | | | | | This is a debug aid, only. Note that it may reveal sensitive information, so it should never be active in production code. Currently, this is a compile-time switch and requires code changes to (de)activate.
* bugfix: some error states were swappedRainer Gerhards2008-06-201-6/+27
| | | | | | | | ... in gnutls code, resulting in some hard too understand error messages. Also genereally improved certificate error messages a bit. Also, added GnuTLS debugging support.
* begun step-by-step guide for TLS protected syslogRainer Gerhards2008-06-181-1/+1
|
* somewhat improved plain tcp syslog reliabilityRainer Gerhards2008-06-091-0/+12
| | | | | | ...by doing a connection check before sending. Credits to Martin Schuette for providing the idea. Details are available at http://blog.gerhards.net/2008/06/reliable-plain-tcp-syslog-once-again.html
* preparing 3.19.6v3.19.6Rainer Gerhards2008-06-061-1/+1
|
* implemented wildcards inside certificate name check authenticationRainer Gerhards2008-05-271-6/+9
|
* client now provides cert even if it is not signed by one of the server's ↵Rainer Gerhards2008-05-271-9/+163
| | | | trusted CAs (gtls)
* protected gtls error string function by a mutex.Rainer Gerhards2008-05-261-1/+7
| | | | | Without it, we could have a race condition in extreme cases. This was very remote, but now can no longer happen.
generated by cgit (git 2.34.1) at 2024-05-05 03:01:05 +0000