Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | bugfix (cosmetical): authorization was not checked when gtls handshake ↵ | varmojfekoj | 2008-07-15 | 1 | -1/+4 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | completed immediately. While this sounds scary, the situation can not happen in practice. We use non-blocking IO only for server-based gtls session setup. As TLS requires the exchange of multiple frames before the handshake completes, it simply is impossible to do this in one step. However, it is useful to have the code path correct even for this case - otherwise, we may run into problems if the code is changed some time later (e.g. to use blocking sockets). Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com> | |||||
* | | bugfix: priority was incorrectly calculated on FreeBSD 7 | Rainer Gerhards | 2008-07-14 | 1 | -6/+10 | |
| | | | | | | | | | | | | because the LOG_MAKEPRI() C macro has a different meaning there (it is just a simple addition of faciltity and severity). I have changed this to use own, consistent, code for PRI calculation. | |||||
* | | cleanup of debugging messages (removed no longer needed ones) | Rainer Gerhards | 2008-07-14 | 2 | -5/+0 | |
| | | ||||||
* | | Merge branch 'beta' - important mutex bugfix | Rainer Gerhards | 2008-07-14 | 1 | -2/+29 | |
| | | | | | | | | | | | | | | | | | | Conflicts: ChangeLog configure.ac doc/Makefile.am doc/manual.html | |||||
* | | bugfix: bad memory leak in disk-based queue modes | Rainer Gerhards | 2008-07-09 | 1 | -21/+8 | |
| | | ||||||
* | | Merge branch 'beta' | Rainer Gerhards | 2008-07-07 | 1 | -1/+1 | |
|/ | ||||||
* | bugfix: machine certificate was required for client even in TLS anon mode | Rainer Gerhards | 2008-07-02 | 4 | -18/+25 | |
| | | | | | | Reference: http://bugzilla.adiscon.com/show_bug.cgi?id=85 The fix also slightly improves performance by not storing certificates in client sessions when there is no need to do so. | |||||
* | Merge branch 'beta' | Rainer Gerhards | 2008-07-01 | 2 | -10/+7 | |
| | | | | | | | | | | | | | | | Conflicts: ChangeLog conf.c doc/Makefile.am doc/manual.html omfwd.c plugins/omgssapi/omgssapi.c This was a bit hard to merge; if there are problems, they may be in the area of the new "comment in action line" code that came from the beta. | |||||
* | added (internal) error codes to error messages | Rainer Gerhards | 2008-06-27 | 11 | -106/+123 | |
| | | | | | Also added redirector to web description of error codes closes bug http://bugzilla.adiscon.com/show_bug.cgi?id=20 | |||||
* | reduced number of compile warnings in -pedantic gcc mode | Rainer Gerhards | 2008-06-27 | 14 | -57/+53 | |
| | ||||||
* | misc small changes: corrected version, removed some debug output, | Rainer Gerhards | 2008-06-27 | 1 | -2/+1 | |
| | | | | | | ..., restructured makefile, added some troubleshooting to test case (program rscript-parse.c has problem due to different structure alignment, where I do not yet know the reason) | |||||
* | bugfix: gtls always read only 8 bytes per recv call | Rainer Gerhards | 2008-06-25 | 1 | -1/+1 | |
| | ||||||
* | fixed invalid state checking inside gtls retry handler | Rainer Gerhards | 2008-06-25 | 1 | -1/+1 | |
| | ||||||
* | gnu error status must be set after retry operation | Rainer Gerhards | 2008-06-24 | 1 | -0/+2 | |
| | | | | ... otherwise, we check an invalid error state. | |||||
* | bugfix: gtls und ptcp netstream driver communicated invalid iRet | Rainer Gerhards | 2008-06-24 | 2 | -3/+12 | |
| | | | | This was introduced due to recent interface change. | |||||
* | improved gtls error reporting | Rainer Gerhards | 2008-06-24 | 1 | -1/+3 | |
| | ||||||
* | added support for EGAIN while trying to receive data on gTLS session | Rainer Gerhards | 2008-06-24 | 4 | -19/+127 | |
| | | | | | | | | | This maps to bugzilla bug 83: http://bugzilla.adiscon.com/show_bug.cgi?id=83 This is the first test version, posted to user for repro of the problem. It contains code to handle the case, HOWEVER, I have not been able to test it in a scenario where a retry actually happens while receiving (I dont't get this in my environment). So I assume it is buggy and will probably not work. | |||||
* | disabled compile warnings caused by third-party libraries | Rainer Gerhards | 2008-06-23 | 4 | -0/+12 | |
| | ||||||
* | changed Rcv-Interface in tcpsrv subsystem | Rainer Gerhards | 2008-06-23 | 3 | -4/+14 | |
| | | | | | | It is now iRet based. This enables us to communicate more in-depth information to the upper peers. This is needed to handle the EGAIN case on rcv (not yet implemented) | |||||
* | disabled in-depth GnuTLS debugging aid | Rainer Gerhards | 2008-06-23 | 1 | -0/+2 | |
| | | | | | | | This is a debug aid, only. Note that it may reveal sensitive information, so it should never be active in production code. Currently, this is a compile-time switch and requires code changes to (de)activate. | |||||
* | bugfix: some error states were swapped | Rainer Gerhards | 2008-06-20 | 2 | -6/+29 | |
| | | | | | | | | ... in gnutls code, resulting in some hard too understand error messages. Also genereally improved certificate error messages a bit. Also, added GnuTLS debugging support. | |||||
* | begun step-by-step guide for TLS protected syslog | Rainer Gerhards | 2008-06-18 | 2 | -2/+2 | |
| | ||||||
* | begun building a testbench | Rainer Gerhards | 2008-06-13 | 5 | -2/+1303 | |
| | ||||||
* | Fix linker flags for librsyslog and rsyslogd | Michael Biebl | 2008-06-11 | 1 | -1/+1 | |
| | | | | | | | | | | Use $(dl_libs) and $(rt_libs) instead of -ldl and -lrt. This ensures that rsyslog can be successfully built on *BSD. Don't like rsyslogd against $(dl_libs) and $(rt_libs) anymore. This functionality is now in librsyslog. Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com> | |||||
* | fixed syntax error (typo in var name) and cleaup | Rainer Gerhards | 2008-06-10 | 2 | -8/+4 | |
| | ||||||
* | somewhat improved plain tcp syslog reliability | Rainer Gerhards | 2008-06-09 | 5 | -1/+54 | |
| | | | | | | ...by doing a connection check before sending. Credits to Martin Schuette for providing the idea. Details are available at http://blog.gerhards.net/2008/06/reliable-plain-tcp-syslog-once-again.html | |||||
* | fixed a bug with the new property replacer option | Rainer Gerhards | 2008-06-07 | 1 | -1/+1 | |
| | | | | | there was a copy&paste error in the timereported property - thanks to Elizabeth for reporting it | |||||
* | added new property replacer option "time-subseconds" | Rainer Gerhards | 2008-06-06 | 4 | -1/+70 | |
| | | | | enables to query just the subsecond part of a high-precision timestamp | |||||
* | preparing 3.19.6v3.19.6 | Rainer Gerhards | 2008-06-06 | 1 | -1/+1 | |
| | ||||||
* | enhanced property replacer to support multiple regex matches | Rainer Gerhards | 2008-06-04 | 1 | -5/+28 | |
| | ||||||
* | bugfix: off-by-one bug during certificate check | Rainer Gerhards | 2008-06-04 | 1 | -2/+4 | |
| | ||||||
* | bugfix: part of permittedPeer structure was not correctly initialized | Rainer Gerhards | 2008-06-03 | 1 | -2/+1 | |
| | | | | thanks to varmojfekoj for spotting this | |||||
* | capability for replacement text in no match regex case added | Rainer Gerhards | 2008-05-30 | 1 | -13/+18 | |
| | | | | | | implemented in property replacer: if a regular expression does not match, it can now either return "**NO MATCH** (default, as before), a blank property or the full original property text | |||||
* | enhanced property replacer's regex to support submatches | Rainer Gerhards | 2008-05-29 | 1 | -7/+21 | |
| | | | | | | | - enabled Posix ERE expressions inside the property replacer (previously BRE was permitted only) - provided ability to specify that a regular expression submatch shall be used inside the property replacer | |||||
* | Merge branch 'ietf-tls' | Rainer Gerhards | 2008-05-27 | 7 | -57/+1088 | |
|\ | ||||||
| * | implemented wildcards inside certificate name check authentication | Rainer Gerhards | 2008-05-27 | 4 | -7/+311 | |
| | | ||||||
| * | client now provides cert even if it is not signed by one of the server's ↵ | Rainer Gerhards | 2008-05-27 | 3 | -10/+170 | |
| | | | | | | | | trusted CAs (gtls) | |||||
| * | protected gtls error string function by a mutex. | Rainer Gerhards | 2008-05-26 | 1 | -1/+7 | |
| | | | | | | | | | | Without it, we could have a race condition in extreme cases. This was very remote, but now can no longer happen. | |||||
| * | fixed fingerprint generator | Rainer Gerhards | 2008-05-26 | 1 | -2/+1 | |
| | | | | | | | | fixed problem introduced earlier today | |||||
| * | fixed wrong cert expiration date check | Rainer Gerhards | 2008-05-26 | 1 | -1/+1 | |
| | | ||||||
| * | added certificate validity date check (gtls) | Rainer Gerhards | 2008-05-26 | 2 | -10/+58 | |
| | | ||||||
| * | added gtls name authentication based on common name (inside DN) | Rainer Gerhards | 2008-05-26 | 2 | -7/+100 | |
| | | | | | | | | also changed fingerprint gtls auth mode to new format fingerprint | |||||
| * | added capability to auto-configure tls auth rule for client connecting to server | Rainer Gerhards | 2008-05-26 | 2 | -13/+52 | |
| | | | | | | | | must match hostname in send action | |||||
| * | improved gtls error reporting | Rainer Gerhards | 2008-05-26 | 1 | -2/+11 | |
| | | ||||||
| * | checking if client provided a cert and complain if not | Rainer Gerhards | 2008-05-23 | 1 | -1/+3 | |
| | | ||||||
| * | added x509/name authentication (so far based on dnsName only) | Rainer Gerhards | 2008-05-22 | 1 | -58/+137 | |
| | | ||||||
| * | added code to pull the subjectAltName - dNSName | Rainer Gerhards | 2008-05-21 | 2 | -3/+23 | |
| | | ||||||
| * | fixed invalid prototype | Rainer Gerhards | 2008-05-21 | 1 | -1/+1 | |
| | | ||||||
| * | implemented x509/certvalid "authentication" | Rainer Gerhards | 2008-05-21 | 4 | -4/+276 | |
| | | ||||||
* | | bugfix: sender information (fromhost et al) was missing in imudp | Rainer Gerhards | 2008-05-21 | 1 | -1/+1 | |
| | | | | | | | | thanks to sandiso for reporting this bug |