Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | radsecproxy-1.6.7radsecproxy-1.6.7 | Linus Nordberg | 2016-03-14 | 4 | -5/+5 |
| | |||||
* | Update ChangeLog for upcoming radsecproxy-1.6.7. | Linus Nordberg | 2016-03-11 | 1 | -0/+8 |
| | |||||
* | Fix the html target. | Linus Nordberg | 2016-03-11 | 1 | -5/+6 |
| | | | | | List the three .html files. Add targets for building .html from .1 and .5. | ||||
* | #include <string.h> for memcpy() and strcmp(). | Linus Nordberg | 2016-03-11 | 2 | -0/+2 |
| | |||||
* | Use DTLS_method() for new SSL context if it exists. | Linus Nordberg | 2016-03-11 | 1 | -0/+5 |
| | | | | | Effectively turning on support for DTLS 1.2 when OpenSSL version 1.0.2 or higher. | ||||
* | Allow TLSv1.1 and TLSv1.2. | Linus Nordberg | 2016-02-25 | 1 | -1/+2 |
| | | | | | This should in theory allow for later versions of TLS too but let's verify that when the time comes. | ||||
* | Mention radsecproxy-hash(1) in radsecproxy.1. | Linus Nordberg | 2016-02-25 | 1 | -3/+2 |
| | |||||
* | Install radsecproxy.conf.5 unconditionally.radsecproxy-1.6.6 | Linus Nordberg | 2015-01-19 | 2 | -1/+3 |
| | | | | Keep regeneration of it dependent on configure finding docbook2x-man(1). | ||||
* | radsecproxy-1.6.6 | Linus Nordberg | 2015-01-19 | 4 | -5/+5 |
| | |||||
* | Refer to RFC6614 instead of the old draft. | Linus Nordberg | 2015-01-19 | 1 | -2/+2 |
| | |||||
* | ChangeLog for the four security patches. | Linus Nordberg | 2015-01-16 | 1 | -0/+4 |
| | | | | | Conflicts: ChangeLog | ||||
* | Fix heap overflow in raddtlsget(), radtcpget() and radtlsget(). | Linus Nordberg | 2015-01-16 | 3 | -0/+12 |
| | | | | Patch by Stephen Röttger. | ||||
* | Fix null pointer dereference in decttl(). | Linus Nordberg | 2015-01-16 | 1 | -0/+3 |
| | | | | Patch by Stephen Röttger. | ||||
* | Fix use-after-free in _internal_removeserversubrealms(). | Linus Nordberg | 2015-01-16 | 1 | -2/+5 |
| | | | | Patch by Stephen Röttger. | ||||
* | Fix use-after-free in hash_extract(). | Linus Nordberg | 2015-01-16 | 2 | -1/+4 |
| | | | | Patch by Stephen Röttger. | ||||
* | Remove 'compile', generated by Automake. | Linus Nordberg | 2015-01-16 | 3 | -143/+2 |
| | | | | Patch by Christian Hesse. | ||||
* | Update copyright notice. | Linus Nordberg | 2015-01-16 | 1 | -1/+1 |
| | | | | | Conflicts: radsecproxy.c | ||||
* | When CHAP-Password, copy Request Authenticator to CHAP-Challenge. | Linus Nordberg | 2015-01-16 | 3 | -0/+26 |
| | | | | | Conflicts: radmsg.h | ||||
* | radsecproxy-1.6.5 --> 1.6.6-dev | Linus Nordberg | 2015-01-14 | 3 | -3/+3 |
| | |||||
* | Have rewriteIn for servers use the correct config section. | Linus Nordberg | 2015-01-14 | 2 | -2/+10 |
| | | | | | Conflicts: ChangeLog | ||||
* | radsecproxy-1.6.5.radsecproxy-1.6.5 | Linus Nordberg | 2013-09-06 | 4 | -4/+4 |
| | |||||
* | Have radmsg_copy_attrs() return error in all error cases. | Linus Nordberg | 2013-09-06 | 1 | -4/+2 |
| | | | | Also when copying of the first attribute fails. | ||||
* | Make a _copy_ of the attributes when copying them. | Linus Nordberg | 2013-09-06 | 2 | -1/+6 |
| | | | | | | Doh! Closes RADSECPROXY-53. | ||||
* | radsecproxy-1.6.4radsecproxy-1.6.4radsecproxy- | Linus Nordberg | 2013-09-05 | 3 | -3/+3 |
| | |||||
* | Keep Proxy-State attributes in all replies to clients. | Linus Nordberg | 2013-09-05 | 6 | -16/+105 |
| | | | | Closes RADSECPROXY-52. | ||||
* | radsecproxy-1.6.3radsecproxy-1.6.3 | Linus Nordberg | 2013-09-04 | 4 | -4/+4 |
| | |||||
* | Remove generated files (auto tools). | Linus Nordberg | 2013-09-04 | 6 | -5462/+0 |
| | | | | | | | | | Some of these were revived in 4c163b1e bc they were supposedly not generated when running autogen.sh. That's not the case (any more) so let's avoid checking in generated files. Note that these files will be included in tar balls made from make dist. | ||||
* | radsecproxy-1.6.3-rc0radsecproxy-1.6.3-rc0 | Linus Nordberg | 2013-09-02 | 4 | -4/+4 |
| | |||||
* | Update ChangeLog with two older bug fixes. | Linus Nordberg | 2013-09-02 | 1 | -0/+4 |
| | |||||
* | Improve warning message when failing to resolve a dynamic server config. | Linus Nordberg | 2013-09-02 | 1 | -2/+2 |
| | |||||
* | Time out on TLS clients not closing the connection properly. | Linus Nordberg | 2013-09-02 | 2 | -1/+3 |
| | | | | Patch by Fabian Mauchle. | ||||
* | When timing out while reading from a TLS server, shutdown the socket properly. | Linus Nordberg | 2013-09-02 | 2 | -0/+11 |
| | | | | | | | Also signal the "client writer" (clientwr()). Together, this should result in TLS connections being cleaned up properly. Patch by Fabian Mauchle. | ||||
* | Don't wait for _writable_ when _reading_ an SSL socket. | Linus Nordberg | 2013-09-02 | 1 | -10/+11 |
| | | | | | | | Also, don't select() at all if SSL_pending() says there's data to read. Patch by Fabian Mauchle. | ||||
* | Don't free struct clsrvconf members rewritein and rewriteout. | Linus Nordberg | 2013-09-02 | 2 | -2/+4 |
| | | | | | | | They are pointers into static struct hash *rewriteconfs and should live forever. Patch by Fabian Mauchle. | ||||
* | Update ChangeLog with the last three bug fixes/ehancements. | Linus Nordberg | 2013-09-02 | 1 | -0/+11 |
| | | | | | | | Also, in a lame attempt att giving credit for last commit where I failed at doing that: 4920ff44 is a patch from Fabian Mauchle. | ||||
* | Purge the duplication cache once per received packet. | Linus Nordberg | 2013-09-02 | 1 | -0/+17 |
| | |||||
* | Add Fabian Mauchle to AUTHORS. | Linus Nordberg | 2013-09-02 | 1 | -0/+1 |
| | |||||
* | Return free memory more aggressively. | Linus Nordberg | 2013-09-02 | 2 | -0/+9 |
| | | | | | | | | | | Have free(3) call sbrk(2) when there's 4 MB to free (default on Linux seems to be 128). Patch by Fabian Mauchle. Conflicts: configure.ac | ||||
* | Create threads with a 32 KB stack rather than what happens to be the default. | Linus Nordberg | 2013-09-02 | 6 | -16/+23 |
| | | | | | | On Linux, the default stack size is typically 8 MB. Patch by Fabian Mauchle. | ||||
* | Honour escaped slashes in regular expressions. | Linus Nordberg | 2013-09-02 | 1 | -1/+3 |
| | | | | Closes RADSECPROXY-51. | ||||
* | Verify a single hash/hmac in the tests, not two. | Linus Nordberg | 2013-09-02 | 1 | -6/+5 |
| | |||||
* | Add Simon Lundström to AUTHORS. | Linus Nordberg | 2013-09-02 | 1 | -0/+1 |
| | |||||
* | Fix a help string in radsecproxy-hash(1) (-h). | Linus Nordberg | 2013-09-02 | 1 | -1/+1 |
| | | | | Spotted by Simon Lundström. | ||||
* | Make radsecproxy-hash(1) not print the hash four times. | Linus Nordberg | 2013-09-02 | 1 | -2/+2 |
| | | | | | | | Bug found by Simon Lundström and jocar. Conflicts: radsecproxy-hash.c | ||||
* | Improve the documentation for the fticks_hashmac() interface. | Linus Nordberg | 2013-09-02 | 1 | -3/+19 |
| | | | | | | | | | | That interface is a bit surprising. radsecproxy-hash(1) was indeed bitten by it. Also, make _format_hash() behave consistently even when out_len < 3. Conflicts: fticks_hashmac.c | ||||
* | Update ChangeLog entry for 1.6.2 with correct CVE id. | Linus Nordberg | 2013-09-02 | 1 | -1/+2 |
| | | | | 1.6.2 is already released but correct ChangeLog info is good. | ||||
* | Mention CVE number in ChangeLog.radsecproxy-1.6.2 | Linus Nordberg | 2012-10-25 | 1 | -2/+2 |
| | |||||
* | radsecproxy-1.6.2 | Linus Nordberg | 2012-10-25 | 4 | -5/+5 |
| | |||||
* | Don't mix up pre- and post-handshake verification of DTLS clients. | Linus Nordberg | 2012-10-22 | 2 | -1/+9 |
| | | | | | | | | | | | | | Commit db965c9b addressed TLS clients only. When verifying DTLS clients, don't consider config blocks with CA settings ('tls') which differ from the one used for verifying the certificate chain. Original issue reported and analysed by Ralf Paffrath. DTLS being vulnerable reported by Raphael Geisser. Addresses issue RADSECPROXY-43, CVE-2012-4523. | ||||
* | Update documentation on default secret for TLS and DTLS. | Linus Nordberg | 2012-10-22 | 1 | -3/+5 |
| | | | | | The change was done in radsecproxy-1.6 (2012-04-27) but wasn't documented properly. |