| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
support for enhancing probability of memory addressing failure by
using non-NULL default value for malloced memory (optional, only if
requested by configure option). This helps to track down some
otherwise undetected issues within the testbench and is expected
to be very useful in the future.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
... mostly removal of compile-time warnings (thanks to Michael
Biebl for suggesting to look after that)
|
| | |
|
| |
|
|
|
|
|
|
| |
The legacy ACL system needs access to the remote sockaddr_storage
data structure. This has been implemented for the ptcp driver and
now follows for gtls. See recent commits for reason.
We also moved up the version numbers in preparation of the release.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
completed immediately.
While this sounds scary, the situation can not
happen in practice. We use non-blocking IO only for server-based gtls
session setup. As TLS requires the exchange of multiple frames before
the handshake completes, it simply is impossible to do this in one
step. However, it is useful to have the code path correct even for
this case - otherwise, we may run into problems if the code is changed
some time later (e.g. to use blocking sockets).
Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
|
| |
|
|
|
|
| |
Reference: http://bugzilla.adiscon.com/show_bug.cgi?id=85
The fix also slightly improves performance by not storing certificates in
client sessions when there is no need to do so.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Conflicts:
ChangeLog
conf.c
doc/Makefile.am
doc/manual.html
omfwd.c
plugins/omgssapi/omgssapi.c
This was a bit hard to merge; if there are problems, they
may be in the area of the new "comment in action line" code
that came from the beta.
|
| |
|
|
|
| |
Also added redirector to web description of error codes
closes bug http://bugzilla.adiscon.com/show_bug.cgi?id=20
|
| | |
|
| |
|
|
| |
This was introduced due to recent interface change.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This maps to bugzilla bug 83: http://bugzilla.adiscon.com/show_bug.cgi?id=83
This is the first test version, posted to user for repro of the problem.
It contains code to handle the case, HOWEVER, I have not been able to test it
in a scenario where a retry actually happens while receiving (I dont't get this
in my environment). So I assume it is buggy and will probably not work.
|
| | |
|
| |
|
|
|
|
| |
It is now iRet based. This enables us to communicate
more in-depth information to the upper peers. This is needed
to handle the EGAIN case on rcv (not yet implemented)
|
| |
|
|
|
|
|
| |
This is a debug aid, only. Note that it may reveal sensitive
information, so it should never be active in production code.
Currently, this is a compile-time switch and requires code changes
to (de)activate.
|
| |
|
|
|
|
|
|
| |
... in gnutls code, resulting in some hard too
understand error messages. Also genereally improved certificate
error messages a bit.
Also, added GnuTLS debugging support.
|
| | |
|
| |
|
|
|
|
| |
...by doing a connection check before sending. Credits to Martin
Schuette for providing the idea. Details are available at
http://blog.gerhards.net/2008/06/reliable-plain-tcp-syslog-once-again.html
|
| | |
|
| | |
|
| |
|
|
| |
trusted CAs (gtls)
|
| |
|
|
|
| |
Without it, we could have a race condition in extreme cases.
This was very remote, but now can no longer happen.
|
| |
|
|
| |
fixed problem introduced earlier today
|
| | |
|
| | |
|
| |
|
|
| |
also changed fingerprint gtls auth mode to new format fingerprint
|
| |
|
|
| |
must match hostname in send action
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The TLS server now checks the client fingerprint. This works, but
is highly experimental. Needs to be refined for practice. Also:
- implemented permittedPeers helper construct to store names
- changed omfwd implementation to use new permittedPeers
|
| | |
|
| |
|
|
|
|
|
|
|
| |
- made action logic pass optional auth params only if they are
actually configured
- added new authMode and Fingerprint methods to ptcp netstream
driver (keeping them once again generic)
- added diagnostics messages when invalid auth modes were
configured
|
| |
|
|
|
|
|
|
|
|
| |
This is very experimental and needs some more work. It probably even
segfaults - but the base code is there and running. The rest is
refinement.
While working on this, I did these two bugfixes:
- bugfix: small mem leak in omfwd on exit (strmdriver name was not freed)
- bugfix: $ActionSendStreamDriver had no effect
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- bugfix: TCP input modules did incorrectly set fromhost property
(always blank)
- bugfix: imklog did not set fromhost property
- added "fromhost-ip" property
- added "RSYSLOG_DebugFormat" canned template
- bugfix: hostname and fromhost were swapped when a persisted message
(in queued mode) was read in
|
| | | |
|
| | |
| |
| |
| | |
Thanks to Michael Biebl for reporting the problem.
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
| |
(could possibly lead to "interesting effects" ;))
|
| | |
|
| | |
|
