radsecproxy.git/ChangeLog, branch proxy-state RADIUS proxy with support for TLS RadSec Update ChangeLog with two older bug fixes. 2013-08-27T11:35:51+00:00 Linus Nordberg linus@nordberg.se 2013-08-27T11:35:51+00:00 0c80ef364c03dfe35d4e3231ad216ca1ad7063cf 






Don't mention a version number in ChangeLog in the master branch.
2013-08-27T11:20:28+00:00

Linus Nordberg
linus@nordberg.se

2013-08-27T11:20:28+00:00

c39550a6c6b8e792c870aa63bed2467d5a9aaacd












Time out on TLS clients not closing the connection properly.
2013-08-26T15:02:07+00:00

Linus Nordberg
linus@nordberg.se

2013-08-26T15:02:07+00:00

25e21cd0c2a8e7b6afee116fbcbc1adaf337adaf

Patch by Fabian Mauchle.





Patch by Fabian Mauchle.







When timing out while reading from a TLS server, shutdown the socket properly.
2013-08-26T14:52:40+00:00

Linus Nordberg
linus@nordberg.se

2013-08-26T14:52:14+00:00

5c4b0c31393221c74367c8b2a33ef127bdb9e59c

Also signal the "client writer" (clientwr()).
Together, this should result in TLS connections being cleaned up properly.

Patch by Fabian Mauchle.





Also signal the "client writer" (clientwr()).
Together, this should result in TLS connections being cleaned up properly.

Patch by Fabian Mauchle.







Don't free struct clsrvconf members rewritein and rewriteout.
2013-08-26T13:37:15+00:00

Linus Nordberg
linus@nordberg.se

2013-08-26T13:32:13+00:00

1335ec42794cf5007bdab487423aef15358637a2

They are pointers into static struct hash *rewriteconfs and should
live forever.

Patch by Fabian Mauchle.





They are pointers into static struct hash *rewriteconfs and should
live forever.

Patch by Fabian Mauchle.







Update ChangeLog with the last three bug fixes/ehancements.
2013-08-26T13:04:28+00:00

Linus Nordberg
linus@nordberg.se

2013-08-26T13:04:28+00:00

974aa9012abcfd3050271dba9d4d38856892b5ca

Also, in a lame attempt att giving credit for last commit where I
failed at doing that:

  4920ff44 is a patch from Fabian Mauchle.





Also, in a lame attempt att giving credit for last commit where I
failed at doing that:

  4920ff44 is a patch from Fabian Mauchle.







Update ChangeLog entry for 1.6.2 with correct CVE id.
2012-11-01T08:02:42+00:00

Linus Nordberg
linus@nordu.net

2012-11-01T08:02:42+00:00

ac15aa5d5b9a307cad3b689c73796326a744eb45

1.6.2 is already released but correct ChangeLog info is good.





1.6.2 is already released but correct ChangeLog info is good.







Mention CVE number in ChangeLog.
2012-10-25T11:46:00+00:00

Linus Nordberg
linus@nordu.net

2012-10-25T11:41:24+00:00

2f452345f3e599de9a25dd3b1954367bb9098b4f












radsecproxy-1.6.2
2012-10-25T11:21:57+00:00

Linus Nordberg
linus@nordu.net

2012-10-25T11:21:57+00:00

73f53fee4a00c083c353362da26514d6d6d5c2e6












Don't mix up pre- and post-handshake verification of DTLS clients.
2012-10-22T16:13:45+00:00

Linus Nordberg
linus@torproject.org

2012-10-19T21:23:04+00:00

3682c935facf5ccd7fa600644bbb76957155c680

Commit db965c9b addressed TLS clients only.

When verifying DTLS clients, don't consider config blocks with CA
settings ('tls') which differ from the one used for verifying the
certificate chain.

Original issue reported and analysed by Ralf Paffrath. DTLS being
vulnerable reported by Raphael Geisser.

Addresses issue RADSECPROXY-43, CVE-2012-4523.





Commit db965c9b addressed TLS clients only.

When verifying DTLS clients, don't consider config blocks with CA
settings ('tls') which differ from the one used for verifying the
certificate chain.

Original issue reported and analysed by Ralf Paffrath. DTLS being
vulnerable reported by Raphael Geisser.

Addresses issue RADSECPROXY-43, CVE-2012-4523.