summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Emit an error log line if client writer fails writing (SSL_write()).t46Linus Nordberg2014-03-312-2/+14
| | | | | | | | | | | Also, don't try to write zero number of octets because OpenSSL might not like that. I would like to close the connection too but would have to look into the UDP and DTLS cases more before that can be done. This is for figuring out more about how to treat SSL_write() errors, https://project.nordu.net/browse/RADSECPROXY-46.
* Close a server writer thread if SSL_write() fails.Linus Nordberg2014-03-311-1/+15
| | | | | | | | Also, don't try to write zero number of octets because OpenSSL might not like that. This is for figuring out more about how to treat SSL_write() errors, https://project.nordu.net/browse/RADSECPROXY-46.
* radsecproxy-1.6.5.radsecproxy-1.6.5Linus Nordberg2013-09-064-4/+4
|
* Have radmsg_copy_attrs() return error in all error cases.Linus Nordberg2013-09-061-4/+2
| | | | Also when copying of the first attribute fails.
* Make a _copy_ of the attributes when copying them.Linus Nordberg2013-09-062-1/+6
| | | | | | Doh! Closes RADSECPROXY-53.
* radsecproxy-1.6.4radsecproxy-1.6.4radsecproxy-Linus Nordberg2013-09-053-3/+3
|
* Keep Proxy-State attributes in all replies to clients.Linus Nordberg2013-09-056-16/+105
| | | | Closes RADSECPROXY-52.
* radsecproxy-1.6.3radsecproxy-1.6.3Linus Nordberg2013-09-044-4/+4
|
* Remove generated files (auto tools).Linus Nordberg2013-09-046-5462/+0
| | | | | | | | | Some of these were revived in 4c163b1e bc they were supposedly not generated when running autogen.sh. That's not the case (any more) so let's avoid checking in generated files. Note that these files will be included in tar balls made from make dist.
* radsecproxy-1.6.3-rc0radsecproxy-1.6.3-rc0Linus Nordberg2013-09-024-4/+4
|
* Update ChangeLog with two older bug fixes.Linus Nordberg2013-09-021-0/+4
|
* Improve warning message when failing to resolve a dynamic server config.Linus Nordberg2013-09-021-2/+2
|
* Time out on TLS clients not closing the connection properly.Linus Nordberg2013-09-022-1/+3
| | | | Patch by Fabian Mauchle.
* When timing out while reading from a TLS server, shutdown the socket properly.Linus Nordberg2013-09-022-0/+11
| | | | | | | Also signal the "client writer" (clientwr()). Together, this should result in TLS connections being cleaned up properly. Patch by Fabian Mauchle.
* Don't wait for _writable_ when _reading_ an SSL socket.Linus Nordberg2013-09-021-10/+11
| | | | | | | Also, don't select() at all if SSL_pending() says there's data to read. Patch by Fabian Mauchle.
* Don't free struct clsrvconf members rewritein and rewriteout.Linus Nordberg2013-09-022-2/+4
| | | | | | | They are pointers into static struct hash *rewriteconfs and should live forever. Patch by Fabian Mauchle.
* Update ChangeLog with the last three bug fixes/ehancements.Linus Nordberg2013-09-021-0/+11
| | | | | | | Also, in a lame attempt att giving credit for last commit where I failed at doing that: 4920ff44 is a patch from Fabian Mauchle.
* Purge the duplication cache once per received packet.Linus Nordberg2013-09-021-0/+17
|
* Add Fabian Mauchle to AUTHORS.Linus Nordberg2013-09-021-0/+1
|
* Return free memory more aggressively.Linus Nordberg2013-09-022-0/+9
| | | | | | | | | | Have free(3) call sbrk(2) when there's 4 MB to free (default on Linux seems to be 128). Patch by Fabian Mauchle. Conflicts: configure.ac
* Create threads with a 32 KB stack rather than what happens to be the default.Linus Nordberg2013-09-026-16/+23
| | | | | | On Linux, the default stack size is typically 8 MB. Patch by Fabian Mauchle.
* Honour escaped slashes in regular expressions.Linus Nordberg2013-09-021-1/+3
| | | | Closes RADSECPROXY-51.
* Verify a single hash/hmac in the tests, not two.Linus Nordberg2013-09-021-6/+5
|
* Add Simon Lundström to AUTHORS.Linus Nordberg2013-09-021-0/+1
|
* Fix a help string in radsecproxy-hash(1) (-h).Linus Nordberg2013-09-021-1/+1
| | | | Spotted by Simon Lundström.
* Make radsecproxy-hash(1) not print the hash four times.Linus Nordberg2013-09-021-2/+2
| | | | | | | Bug found by Simon Lundström and jocar. Conflicts: radsecproxy-hash.c
* Improve the documentation for the fticks_hashmac() interface.Linus Nordberg2013-09-021-3/+19
| | | | | | | | | | That interface is a bit surprising. radsecproxy-hash(1) was indeed bitten by it. Also, make _format_hash() behave consistently even when out_len < 3. Conflicts: fticks_hashmac.c
* Update ChangeLog entry for 1.6.2 with correct CVE id.Linus Nordberg2013-09-021-1/+2
| | | | 1.6.2 is already released but correct ChangeLog info is good.
* Mention CVE number in ChangeLog.radsecproxy-1.6.2Linus Nordberg2012-10-251-2/+2
|
* radsecproxy-1.6.2Linus Nordberg2012-10-254-5/+5
|
* Don't mix up pre- and post-handshake verification of DTLS clients.Linus Nordberg2012-10-222-1/+9
| | | | | | | | | | | | | Commit db965c9b addressed TLS clients only. When verifying DTLS clients, don't consider config blocks with CA settings ('tls') which differ from the one used for verifying the certificate chain. Original issue reported and analysed by Ralf Paffrath. DTLS being vulnerable reported by Raphael Geisser. Addresses issue RADSECPROXY-43, CVE-2012-4523.
* Update documentation on default secret for TLS and DTLS.Linus Nordberg2012-10-221-3/+5
| | | | | The change was done in radsecproxy-1.6 (2012-04-27) but wasn't documented properly.
* Bump version.Linus Nordberg2012-10-223-3/+3
|
* Update ChangeLog with CVE id for RADSECPROXY-43.Linus Nordberg2012-10-181-1/+2
|
* Bump version in configure.ac too.radsecproxy-1.6.1Linus Nordberg2012-09-141-1/+1
|
* radsecproxy-1.6.1Linus Nordberg2012-09-143-4/+4
|
* Document the effects of RADSECPROXY-43.Linus Nordberg2012-09-141-0/+9
| | | | https://project.nordu.net/browse/RADSECPROXY-43
* Don't mix up pre- and post-handshake verification of clients.Linus Nordberg2012-09-132-13/+25
| | | | | | | | | | When verifying clients, don't consider config blocks with CA settings ('tls') which differ from the one used for verifying the certificate chain. Reported by Ralf Paffrath. Reported and analysed by Ralf Paffrath. Addresses issue RADSECPROXY-43.
* Make naptr-eduroam.sh check NAPTR type case insensitively.Linus Nordberg2012-08-132-2/+3
| | | | Fix by Adam Osuchowski.
* Fix typo in ChangeLog.Linus Nordberg2012-08-131-1/+1
|
* New versions of generated files from the Autotools.Linus Nordberg2012-05-234-301/+374
|
* Bump version to 1.6.1-dev.Linus Nordberg2012-05-233-4/+4
|
* manpage fix: use minus signs instead of hyphensFaidon Liambotis2012-05-232-11/+11
| | | | | | | | | | To: radsecproxy@uninett.no Cc: Faidon Liambotis <paravoid@debian.org> Date: Wed, 23 May 2012 01:50:26 +0300 groff interprets "-" as hyphens (U+2010) and not as minus signs (U+002D). Process arguments are clearly being done with minus signs, so escape them properly and make copy/paste work again.
* Tiny spelling fix on radsecproxy.conf.5.xmlFaidon Liambotis2012-05-231-1/+1
| | | | | | | | To: radsecproxy@uninett.no Cc: Faidon Liambotis <paravoid@debian.org> Date: Wed, 23 May 2012 01:50:27 +0300 s/specifed/specified/
* radsecproxy-1.6.radsecproxy-1.6Linus Nordberg2012-04-277-800/+460
|
* radsecproxy-1.6-rc2.radsecproxy-1.6-rc2Linus Nordberg2012-04-274-5/+5
|
* Release a lock.Linus Nordberg2012-04-271-0/+1
| | | | Patch from Ralf Paffrath <paffrath@dfn.de>.
* radsecproxy-1.6-rc1.radsecproxy-1.6-rc1Linus Nordberg2012-04-264-5/+5
|
* Add experimental code for dynamic discovery (only if ↵Linus Nordberg2012-04-262-4/+44
| | | | | | ENABLE_EXPERIMENTAL_DYNDISC). Patch from Ralf Paffrath <paffrath@dfn.de>.
* Add configure option --enable-experimental-dyndisc.Linus Nordberg2012-04-262-2/+21
|