summaryrefslogtreecommitdiffstats
path: root/runtime
Commit message (Collapse)AuthorAgeFilesLines
* added (internal) error codes to error messagesRainer Gerhards2008-06-2711-106/+123
| | | | | Also added redirector to web description of error codes closes bug http://bugzilla.adiscon.com/show_bug.cgi?id=20
* reduced number of compile warnings in -pedantic gcc modeRainer Gerhards2008-06-2714-57/+53
|
* misc small changes: corrected version, removed some debug output,Rainer Gerhards2008-06-271-2/+1
| | | | | | ..., restructured makefile, added some troubleshooting to test case (program rscript-parse.c has problem due to different structure alignment, where I do not yet know the reason)
* bugfix: gtls always read only 8 bytes per recv callRainer Gerhards2008-06-251-1/+1
|
* fixed invalid state checking inside gtls retry handlerRainer Gerhards2008-06-251-1/+1
|
* gnu error status must be set after retry operationRainer Gerhards2008-06-241-0/+2
| | | | ... otherwise, we check an invalid error state.
* bugfix: gtls und ptcp netstream driver communicated invalid iRetRainer Gerhards2008-06-242-3/+12
| | | | This was introduced due to recent interface change.
* improved gtls error reportingRainer Gerhards2008-06-241-1/+3
|
* added support for EGAIN while trying to receive data on gTLS sessionRainer Gerhards2008-06-244-19/+127
| | | | | | | | | This maps to bugzilla bug 83: http://bugzilla.adiscon.com/show_bug.cgi?id=83 This is the first test version, posted to user for repro of the problem. It contains code to handle the case, HOWEVER, I have not been able to test it in a scenario where a retry actually happens while receiving (I dont't get this in my environment). So I assume it is buggy and will probably not work.
* disabled compile warnings caused by third-party librariesRainer Gerhards2008-06-234-0/+12
|
* changed Rcv-Interface in tcpsrv subsystemRainer Gerhards2008-06-233-4/+14
| | | | | | It is now iRet based. This enables us to communicate more in-depth information to the upper peers. This is needed to handle the EGAIN case on rcv (not yet implemented)
* disabled in-depth GnuTLS debugging aidRainer Gerhards2008-06-231-0/+2
| | | | | | | This is a debug aid, only. Note that it may reveal sensitive information, so it should never be active in production code. Currently, this is a compile-time switch and requires code changes to (de)activate.
* bugfix: some error states were swappedRainer Gerhards2008-06-202-6/+29
| | | | | | | | ... in gnutls code, resulting in some hard too understand error messages. Also genereally improved certificate error messages a bit. Also, added GnuTLS debugging support.
* begun step-by-step guide for TLS protected syslogRainer Gerhards2008-06-182-2/+2
|
* begun building a testbenchRainer Gerhards2008-06-135-2/+1303
|
* Fix linker flags for librsyslog and rsyslogdMichael Biebl2008-06-111-1/+1
| | | | | | | | | | Use $(dl_libs) and $(rt_libs) instead of -ldl and -lrt. This ensures that rsyslog can be successfully built on *BSD. Don't like rsyslogd against $(dl_libs) and $(rt_libs) anymore. This functionality is now in librsyslog. Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
* fixed syntax error (typo in var name) and cleaupRainer Gerhards2008-06-102-8/+4
|
* somewhat improved plain tcp syslog reliabilityRainer Gerhards2008-06-095-1/+54
| | | | | | ...by doing a connection check before sending. Credits to Martin Schuette for providing the idea. Details are available at http://blog.gerhards.net/2008/06/reliable-plain-tcp-syslog-once-again.html
* fixed a bug with the new property replacer optionRainer Gerhards2008-06-071-1/+1
| | | | | there was a copy&paste error in the timereported property - thanks to Elizabeth for reporting it
* added new property replacer option "time-subseconds"Rainer Gerhards2008-06-064-1/+70
| | | | enables to query just the subsecond part of a high-precision timestamp
* preparing 3.19.6v3.19.6Rainer Gerhards2008-06-061-1/+1
|
* enhanced property replacer to support multiple regex matchesRainer Gerhards2008-06-041-5/+28
|
* bugfix: off-by-one bug during certificate checkRainer Gerhards2008-06-041-2/+4
|
* bugfix: part of permittedPeer structure was not correctly initializedRainer Gerhards2008-06-031-2/+1
| | | | thanks to varmojfekoj for spotting this
* capability for replacement text in no match regex case addedRainer Gerhards2008-05-301-13/+18
| | | | | | implemented in property replacer: if a regular expression does not match, it can now either return "**NO MATCH** (default, as before), a blank property or the full original property text
* enhanced property replacer's regex to support submatchesRainer Gerhards2008-05-291-7/+21
| | | | | | | - enabled Posix ERE expressions inside the property replacer (previously BRE was permitted only) - provided ability to specify that a regular expression submatch shall be used inside the property replacer
* Merge branch 'ietf-tls'Rainer Gerhards2008-05-277-57/+1088
|\
| * implemented wildcards inside certificate name check authenticationRainer Gerhards2008-05-274-7/+311
| |
| * client now provides cert even if it is not signed by one of the server's ↵Rainer Gerhards2008-05-273-10/+170
| | | | | | | | trusted CAs (gtls)
| * protected gtls error string function by a mutex.Rainer Gerhards2008-05-261-1/+7
| | | | | | | | | | Without it, we could have a race condition in extreme cases. This was very remote, but now can no longer happen.
| * fixed fingerprint generatorRainer Gerhards2008-05-261-2/+1
| | | | | | | | fixed problem introduced earlier today
| * fixed wrong cert expiration date checkRainer Gerhards2008-05-261-1/+1
| |
| * added certificate validity date check (gtls)Rainer Gerhards2008-05-262-10/+58
| |
| * added gtls name authentication based on common name (inside DN)Rainer Gerhards2008-05-262-7/+100
| | | | | | | | also changed fingerprint gtls auth mode to new format fingerprint
| * added capability to auto-configure tls auth rule for client connecting to serverRainer Gerhards2008-05-262-13/+52
| | | | | | | | must match hostname in send action
| * improved gtls error reportingRainer Gerhards2008-05-261-2/+11
| |
| * checking if client provided a cert and complain if notRainer Gerhards2008-05-231-1/+3
| |
| * added x509/name authentication (so far based on dnsName only)Rainer Gerhards2008-05-221-58/+137
| |
| * added code to pull the subjectAltName - dNSNameRainer Gerhards2008-05-212-3/+23
| |
| * fixed invalid prototypeRainer Gerhards2008-05-211-1/+1
| |
| * implemented x509/certvalid "authentication"Rainer Gerhards2008-05-214-4/+276
| |
* | bugfix: sender information (fromhost et al) was missing in imudpRainer Gerhards2008-05-211-1/+1
| | | | | | | | thanks to sandiso for reporting this bug
* | Merge branch 'ietf-tls'Rainer Gerhards2008-05-2112-23/+398
|\| | | | | | | | | | | Conflicts: ChangeLog
| * re-enabled anon mode (failed if client did not provide cert)Rainer Gerhards2008-05-211-3/+6
| |
| * changed default GnuTLS key material to more reasonable valuesRainer Gerhards2008-05-201-1/+0
| | | | | | | | | | We now also provide everything to sign with a common CA. NOTE: none of this is for production use!
| * first implementation of TLS server client authentication checkRainer Gerhards2008-05-1912-39/+209
| | | | | | | | | | | | | | The TLS server now checks the client fingerprint. This works, but is highly experimental. Needs to be refined for practice. Also: - implemented permittedPeers helper construct to store names - changed omfwd implementation to use new permittedPeers
| * improved error messages and corrected fingerprint formatRainer Gerhards2008-05-194-13/+32
| |
| * regained netstream driver genericity; improved driversRainer Gerhards2008-05-172-3/+47
| | | | | | | | | | | | | | | | | | - made action logic pass optional auth params only if they are actually configured - added new authMode and Fingerprint methods to ptcp netstream driver (keeping them once again generic) - added diagnostics messages when invalid auth modes were configured
| * added first rough ability to authenticate the server against its certificateRainer Gerhards2008-05-166-5/+117
| | | | | | | | | | | | | | | | | | | | This is very experimental and needs some more work. It probably even segfaults - but the base code is there and running. The rest is refinement. While working on this, I did these two bugfixes: - bugfix: small mem leak in omfwd on exit (strmdriver name was not freed) - bugfix: $ActionSendStreamDriver had no effect
| * Merge branch 'master' into ietf-tlsRainer Gerhards2008-05-168-11/+70
| |\
generated by cgit (git 2.34.1) at 2024-10-03 23:20:10 +0000