summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Return free memory more aggressively.Linus Nordberg2013-09-022-0/+9
| | | | | | | | | | Have free(3) call sbrk(2) when there's 4 MB to free (default on Linux seems to be 128). Patch by Fabian Mauchle. Conflicts: configure.ac
* Create threads with a 32 KB stack rather than what happens to be the default.Linus Nordberg2013-09-026-16/+23
| | | | | | On Linux, the default stack size is typically 8 MB. Patch by Fabian Mauchle.
* Honour escaped slashes in regular expressions.Linus Nordberg2013-09-021-1/+3
| | | | Closes RADSECPROXY-51.
* Verify a single hash/hmac in the tests, not two.Linus Nordberg2013-09-021-6/+5
|
* Add Simon Lundström to AUTHORS.Linus Nordberg2013-09-021-0/+1
|
* Fix a help string in radsecproxy-hash(1) (-h).Linus Nordberg2013-09-021-1/+1
| | | | Spotted by Simon Lundström.
* Make radsecproxy-hash(1) not print the hash four times.Linus Nordberg2013-09-021-2/+2
| | | | | | | Bug found by Simon Lundström and jocar. Conflicts: radsecproxy-hash.c
* Improve the documentation for the fticks_hashmac() interface.Linus Nordberg2013-09-021-3/+19
| | | | | | | | | | That interface is a bit surprising. radsecproxy-hash(1) was indeed bitten by it. Also, make _format_hash() behave consistently even when out_len < 3. Conflicts: fticks_hashmac.c
* Update ChangeLog entry for 1.6.2 with correct CVE id.Linus Nordberg2013-09-021-1/+2
| | | | 1.6.2 is already released but correct ChangeLog info is good.
* Mention CVE number in ChangeLog.radsecproxy-1.6.2Linus Nordberg2012-10-251-2/+2
|
* radsecproxy-1.6.2Linus Nordberg2012-10-254-5/+5
|
* Don't mix up pre- and post-handshake verification of DTLS clients.Linus Nordberg2012-10-222-1/+9
| | | | | | | | | | | | | Commit db965c9b addressed TLS clients only. When verifying DTLS clients, don't consider config blocks with CA settings ('tls') which differ from the one used for verifying the certificate chain. Original issue reported and analysed by Ralf Paffrath. DTLS being vulnerable reported by Raphael Geisser. Addresses issue RADSECPROXY-43, CVE-2012-4523.
* Update documentation on default secret for TLS and DTLS.Linus Nordberg2012-10-221-3/+5
| | | | | The change was done in radsecproxy-1.6 (2012-04-27) but wasn't documented properly.
* Bump version.Linus Nordberg2012-10-223-3/+3
|
* Update ChangeLog with CVE id for RADSECPROXY-43.Linus Nordberg2012-10-181-1/+2
|
* Bump version in configure.ac too.radsecproxy-1.6.1Linus Nordberg2012-09-141-1/+1
|
* radsecproxy-1.6.1Linus Nordberg2012-09-143-4/+4
|
* Document the effects of RADSECPROXY-43.Linus Nordberg2012-09-141-0/+9
| | | | https://project.nordu.net/browse/RADSECPROXY-43
* Don't mix up pre- and post-handshake verification of clients.Linus Nordberg2012-09-132-13/+25
| | | | | | | | | | When verifying clients, don't consider config blocks with CA settings ('tls') which differ from the one used for verifying the certificate chain. Reported by Ralf Paffrath. Reported and analysed by Ralf Paffrath. Addresses issue RADSECPROXY-43.
* Make naptr-eduroam.sh check NAPTR type case insensitively.Linus Nordberg2012-08-132-2/+3
| | | | Fix by Adam Osuchowski.
* Fix typo in ChangeLog.Linus Nordberg2012-08-131-1/+1
|
* New versions of generated files from the Autotools.Linus Nordberg2012-05-234-301/+374
|
* Bump version to 1.6.1-dev.Linus Nordberg2012-05-233-4/+4
|
* manpage fix: use minus signs instead of hyphensFaidon Liambotis2012-05-232-11/+11
| | | | | | | | | | To: radsecproxy@uninett.no Cc: Faidon Liambotis <paravoid@debian.org> Date: Wed, 23 May 2012 01:50:26 +0300 groff interprets "-" as hyphens (U+2010) and not as minus signs (U+002D). Process arguments are clearly being done with minus signs, so escape them properly and make copy/paste work again.
* Tiny spelling fix on radsecproxy.conf.5.xmlFaidon Liambotis2012-05-231-1/+1
| | | | | | | | To: radsecproxy@uninett.no Cc: Faidon Liambotis <paravoid@debian.org> Date: Wed, 23 May 2012 01:50:27 +0300 s/specifed/specified/
* radsecproxy-1.6.radsecproxy-1.6Linus Nordberg2012-04-277-800/+460
|
* radsecproxy-1.6-rc2.radsecproxy-1.6-rc2Linus Nordberg2012-04-274-5/+5
|
* Release a lock.Linus Nordberg2012-04-271-0/+1
| | | | Patch from Ralf Paffrath <paffrath@dfn.de>.
* radsecproxy-1.6-rc1.radsecproxy-1.6-rc1Linus Nordberg2012-04-264-5/+5
|
* Add experimental code for dynamic discovery (only if ↵Linus Nordberg2012-04-262-4/+44
| | | | | | ENABLE_EXPERIMENTAL_DYNDISC). Patch from Ralf Paffrath <paffrath@dfn.de>.
* Add configure option --enable-experimental-dyndisc.Linus Nordberg2012-04-262-2/+21
|
* Ready for radsecproxy-1.6-rc0.radsecproxy-1.6-rc0Linus Nordberg2012-04-174-11/+11
|
* Document the IPv4Only and IPv6Only options.Linus Nordberg2012-04-172-17/+59
| | | | RADSECPROXY-37.
* Initialize ipv4only and ipv6only.selectfamilyLinus Nordberg2012-04-171-2/+2
|
* Add top-level config options IPv4Only and IPv6Only.Linus Nordberg2012-04-172-3/+19
| | | | | | Related to RADSECPROXY-37. TODO: Add documentation.
* Add client and server config options IPv4Only and IPv6Only.Linus Nordberg2012-04-178-17/+55
| | | | | | Related to RADSECPROXY-37. TODO: Add documentation.
* Use printf(1) instead of 'echo -e' in tools/ scripts.Linus Nordberg2012-04-163-7/+9
| | | | Closes RADSECPROXY-40.
* Update documentation to reflect the change of the default place to look for ↵Linus Nordberg2012-04-161-2/+2
| | | | radsecproxy.conf.
* Add a note about the change of default place to look for radsecproxy.conf.Linus Nordberg2012-04-161-1/+6
|
* Correct changelog entry for RADSECPROXY-33.Linus Nordberg2012-04-161-1/+2
|
* Block a dynamic server for 15 minutes if it's not working.Linus Nordberg2012-04-161-1/+1
| | | | This is the old number. We used 1 minute during testing.
* Document the DynamicLookupCommand option.dynconf2Linus Nordberg2012-04-121-0/+16
| | | | Closes RADSECPROXY-36.
* Merge branch 'master' into dynconf2Linus Nordberg2012-04-121-16/+0
|\
| * Revert "Document the DynamicLookupCommand option."Linus Nordberg2012-04-121-16/+0
| | | | | | | | | | | | This goes in branch dynconf2. This reverts commit dbcc997716f5bec3316c74371eb8077884d6672d.
* | Add a blurb on dynamic lookup in ChangeLog.Linus Nordberg2012-04-121-0/+3
| |
* | Add dynamic config updates to ChangeLog.Linus Nordberg2012-04-121-0/+4
| |
* | Assert that the conf has at least one host in addserverextraudp().Linus Nordberg2012-04-121-0/+2
| | | | | | | | | | | | Dynamic servers has clearly never been run on UDP servers. We should probably do something less evil than crashing here. Closes RADSECPROXY-26.
* | Don't treat exit 10 from dynamic scripts differently from any other non-zero ↵Linus Nordberg2012-04-123-10/+5
| | | | | | | | | | | | | | | | | | | | | | code. clientwr() should treat the dynamic lookup as a failure and will not be any happier to know that the exact error was that it didn't resolv. The script can do whatever logging is wanted. That said, this commit also makes the scripts exit with 10 in order to signal failure.
* | Keep track of a failing dynamic server and don't use it while failing.Linus Nordberg2012-04-122-8/+36
|/ | | | | | | | | | Also, sleep less than 15 minutes (900s), mainly for testing. This number will change. Also, die hard and explicitly if freeing an already freed config in freeclsrvconf(). This is part of fixing RADSECPROXY-33.
* Use /bin/sh rather than /bin/bash in scripts.Linus Nordberg2012-04-121-1/+1
| | | | Using /bin/bash isn't portable.