summaryrefslogtreecommitdiffstats
path: root/runtime
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'ietf-tls'Rainer Gerhards2008-05-277-57/+1088
|\
| * implemented wildcards inside certificate name check authenticationRainer Gerhards2008-05-274-7/+311
| |
| * client now provides cert even if it is not signed by one of the server's ↵Rainer Gerhards2008-05-273-10/+170
| | | | | | | | trusted CAs (gtls)
| * protected gtls error string function by a mutex.Rainer Gerhards2008-05-261-1/+7
| | | | | | | | | | Without it, we could have a race condition in extreme cases. This was very remote, but now can no longer happen.
| * fixed fingerprint generatorRainer Gerhards2008-05-261-2/+1
| | | | | | | | fixed problem introduced earlier today
| * fixed wrong cert expiration date checkRainer Gerhards2008-05-261-1/+1
| |
| * added certificate validity date check (gtls)Rainer Gerhards2008-05-262-10/+58
| |
| * added gtls name authentication based on common name (inside DN)Rainer Gerhards2008-05-262-7/+100
| | | | | | | | also changed fingerprint gtls auth mode to new format fingerprint
| * added capability to auto-configure tls auth rule for client connecting to serverRainer Gerhards2008-05-262-13/+52
| | | | | | | | must match hostname in send action
| * improved gtls error reportingRainer Gerhards2008-05-261-2/+11
| |
| * checking if client provided a cert and complain if notRainer Gerhards2008-05-231-1/+3
| |
| * added x509/name authentication (so far based on dnsName only)Rainer Gerhards2008-05-221-58/+137
| |
| * added code to pull the subjectAltName - dNSNameRainer Gerhards2008-05-212-3/+23
| |
| * fixed invalid prototypeRainer Gerhards2008-05-211-1/+1
| |
| * implemented x509/certvalid "authentication"Rainer Gerhards2008-05-214-4/+276
| |
* | bugfix: sender information (fromhost et al) was missing in imudpRainer Gerhards2008-05-211-1/+1
| | | | | | | | thanks to sandiso for reporting this bug
* | Merge branch 'ietf-tls'Rainer Gerhards2008-05-2112-23/+398
|\| | | | | | | | | | | Conflicts: ChangeLog
| * re-enabled anon mode (failed if client did not provide cert)Rainer Gerhards2008-05-211-3/+6
| |
| * changed default GnuTLS key material to more reasonable valuesRainer Gerhards2008-05-201-1/+0
| | | | | | | | | | We now also provide everything to sign with a common CA. NOTE: none of this is for production use!
| * first implementation of TLS server client authentication checkRainer Gerhards2008-05-1912-39/+209
| | | | | | | | | | | | | | The TLS server now checks the client fingerprint. This works, but is highly experimental. Needs to be refined for practice. Also: - implemented permittedPeers helper construct to store names - changed omfwd implementation to use new permittedPeers
| * improved error messages and corrected fingerprint formatRainer Gerhards2008-05-194-13/+32
| |
| * regained netstream driver genericity; improved driversRainer Gerhards2008-05-172-3/+47
| | | | | | | | | | | | | | | | | | - made action logic pass optional auth params only if they are actually configured - added new authMode and Fingerprint methods to ptcp netstream driver (keeping them once again generic) - added diagnostics messages when invalid auth modes were configured
| * added first rough ability to authenticate the server against its certificateRainer Gerhards2008-05-166-5/+117
| | | | | | | | | | | | | | | | | | | | This is very experimental and needs some more work. It probably even segfaults - but the base code is there and running. The rest is refinement. While working on this, I did these two bugfixes: - bugfix: small mem leak in omfwd on exit (strmdriver name was not freed) - bugfix: $ActionSendStreamDriver had no effect
| * Merge branch 'master' into ietf-tlsRainer Gerhards2008-05-168-11/+70
| |\
| * | client provides x.509 and server prints fingerprintRainer Gerhards2008-05-152-6/+34
| | |
* | | bugfix: missing linker options caused build to fail on some systems.Tiziano Mueller2008-05-211-1/+1
| |/ |/| | | | | Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
* | fixed potential uninitialzed var access (highly improbable)Rainer Gerhards2008-05-161-0/+2
| |
* | Merge branch 'beta'Rainer Gerhards2008-05-161-0/+2
| | | | | | | | | | | | | | Conflicts: ChangeLog rfc3195d.c
* | added fromhost-ip properties and some bugfixesRainer Gerhards2008-05-166-11/+56
| | | | | | | | | | | | | | | | | | | | - bugfix: TCP input modules did incorrectly set fromhost property (always blank) - bugfix: imklog did not set fromhost property - added "fromhost-ip" property - added "RSYSLOG_DebugFormat" canned template - bugfix: hostname and fromhost were swapped when a persisted message (in queued mode) was read in
* | added TODO itemRainer Gerhards2008-05-151-1/+1
| |
* | bugfix: TLS server went into an endless loop in some situations.Rainer Gerhards2008-05-152-0/+10
|/ | | | Thanks to Michael Biebl for reporting the problem.
* server's X509 cert fingerprint is obtained by client on connectRainer Gerhards2008-05-083-189/+50
|
* added a bit of doc (at least something...)Rainer Gerhards2008-05-083-1/+238
|
* bugfix: gtls netstram driver did not specify threading modelRainer Gerhards2008-05-081-3/+7
| | | | (could possibly lead to "interesting effects" ;))
* limited number of unavoidable compiler warnings when compiling with GnuTLSRainer Gerhards2008-05-071-2/+15
|
* added missing includes (noticed under SuSe Linux)Rainer Gerhards2008-05-062-0/+2
|
* final touches for 3.19.0v3.19.0Rainer Gerhards2008-05-061-1/+0
|
* Merge branch 'tls'Rainer Gerhards2008-05-0621-209/+550
|\
| * trying to remove compiler warningsRainer Gerhards2008-05-051-2/+2
| |
| * support for different forwarding stream drivers addedRainer Gerhards2008-05-053-3/+31
| | | | | | | | they can now be set on an action-by-action basis
| * made default certificate file locations configurableRainer Gerhards2008-05-053-7/+87
| | | | | | | | | | | | - added $DefaultNetstreamDriverCAFile config directive - added $DefaultNetstreamDriverCertFile config directive - added $DefaultNetstreamDriverKeyFile config directive
| * made imgssapi work with new netstrm driver modelRainer Gerhards2008-05-053-2/+29
| | | | | | | | | | | | | | | | | | there were a couple of things where imgssapi was not compatible with the new encapsulation. I did a somewhat dirty fix. The real solution would be to turn gssapi functionality into a netstream driver, which is too much for now (after all, we want to release some time AND we need to have the code mature in practice before we go for the next target...).
| * added $InputTCPServerStreamDriverMode config directiveRainer Gerhards2008-04-305-6/+36
| |
| * restructured netstrm driver layerRainer Gerhards2008-04-308-82/+17
| | | | | | | | | | | | | | the new structure prevents repetitive loads and unloads of driver files; it also has less overhead The "select" and regular driver are now contained in a single file.
| * server handshake now works with nonblocking socketsRainer Gerhards2008-04-306-8/+82
| |
| * made plain tcp syslog via TLS work on the serverRainer Gerhards2008-04-303-6/+133
| | | | | | | | ... but so far only in blocking mode
| * fixed problem with module unload sequenceRainer Gerhards2008-04-297-24/+21
| |
| * removed loadbale module leakRainer Gerhards2008-04-296-75/+50
| | | | | | | | | | | | - moved netstrms, netstrm and nssel into a single loadble module because they belong together - fixed "loadbale module leak"
| * ability to load proper select netstrm driverRainer Gerhards2008-04-294-16/+26
| |
| * added $ActionSendStreamDriverMode config directiveRainer Gerhards2008-04-286-3/+61
| |
generated by cgit (git 2.34.1) at 2024-05-01 01:08:01 +0000