summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| | * | | | | | | | | implemented wildcards inside certificate name check authenticationRainer Gerhards2008-05-274-7/+311
| | | | | | | | | | |
| | * | | | | | | | | client now provides cert even if it is not signed by one of the server's ↵Rainer Gerhards2008-05-273-10/+170
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | trusted CAs (gtls)
| | * | | | | | | | | protected gtls error string function by a mutex.Rainer Gerhards2008-05-262-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Without it, we could have a race condition in extreme cases. This was very remote, but now can no longer happen.
| | * | | | | | | | | fixed fingerprint generatorRainer Gerhards2008-05-261-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fixed problem introduced earlier today
| | * | | | | | | | | fixed wrong cert expiration date checkRainer Gerhards2008-05-261-1/+1
| | | | | | | | | | |
| | * | | | | | | | | added certificate validity date check (gtls)Rainer Gerhards2008-05-262-10/+58
| | | | | | | | | | |
| | * | | | | | | | | added gtls name authentication based on common name (inside DN)Rainer Gerhards2008-05-263-7/+101
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | also changed fingerprint gtls auth mode to new format fingerprint
| | * | | | | | | | | added capability to auto-configure tls auth rule for client connecting to serverRainer Gerhards2008-05-262-13/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | must match hostname in send action
| | * | | | | | | | | improved gtls error reportingRainer Gerhards2008-05-262-7/+26
| | | | | | | | | | |
| | * | | | | | | | | checking if client provided a cert and complain if notRainer Gerhards2008-05-231-1/+3
| | | | | | | | | | |
| | * | | | | | | | | updated TLS documentation with HOWTO on certificate generationRainer Gerhards2008-05-231-11/+113
| | | | | | | | | | |
| | * | | | | | | | | changed config directive name to reflect different useRainer Gerhards2008-05-223-25/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | $ActionSendStreamDriverCertFingerprint is now $ActionSendStreamDriverPermittedPeer and can be used both for fingerprint and name authentication (similar to the input side)
| | * | | | | | | | | added x509/name authentication (so far based on dnsName only)Rainer Gerhards2008-05-221-58/+137
| | | | | | | | | | |
| | * | | | | | | | | added code to pull the subjectAltName - dNSNameRainer Gerhards2008-05-212-3/+23
| | | | | | | | | | |
| | * | | | | | | | | fixed invalid prototypeRainer Gerhards2008-05-211-1/+1
| | | | | | | | | | |
| | * | | | | | | | | implemented x509/certvalid "authentication"Rainer Gerhards2008-05-215-7/+286
| | | | | | | | | | |
| * | | | | | | | | | bugfix: sender information (fromhost et al) was missing in imudpRainer Gerhards2008-05-212-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | thanks to sandiso for reporting this bug
| * | | | | | | | | | Merge branch 'beta'Rainer Gerhards2008-05-212-1/+5
| |\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ChangeLog
| * | | | | | | | | | | bumping version numberRainer Gerhards2008-05-213-2/+4
| | | | | | | | | | | |
| * | | | | | | | | | | finalizing v3.19.3v3.19.3Rainer Gerhards2008-05-212-2/+2
| | | | | | | | | | | |
| * | | | | | | | | | | Merge branch 'ietf-tls'Rainer Gerhards2008-05-2126-112/+742
| |\ \ \ \ \ \ \ \ \ \ \ | | | |/ / / / / / / / / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ChangeLog
| | * | | | | | | | | | added some forgotten docRainer Gerhards2008-05-212-12/+27
| | | | | | | | | | | |
| | * | | | | | | | | | added new transport auth methods to doc setRainer Gerhards2008-05-215-9/+86
| | | | | | | | | | | |
| | * | | | | | | | | | re-enabled anon mode (failed if client did not provide cert)Rainer Gerhards2008-05-212-4/+7
| | | | | | | | | | | |
| | * | | | | | | | | | changed default GnuTLS key material to more reasonable valuesRainer Gerhards2008-05-205-57/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now also provide everything to sign with a common CA. NOTE: none of this is for production use!
| | * | | | | | | | | | first implementation of TLS server client authentication checkRainer Gerhards2008-05-1916-58/+347
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The TLS server now checks the client fingerprint. This works, but is highly experimental. Needs to be refined for practice. Also: - implemented permittedPeers helper construct to store names - changed omfwd implementation to use new permittedPeers
| | * | | | | | | | | | improved error messages and corrected fingerprint formatRainer Gerhards2008-05-194-13/+32
| | | | | | | | | | | |
| | * | | | | | | | | | regained netstream driver genericity; improved driversRainer Gerhards2008-05-173-6/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - made action logic pass optional auth params only if they are actually configured - added new authMode and Fingerprint methods to ptcp netstream driver (keeping them once again generic) - added diagnostics messages when invalid auth modes were configured
| | * | | | | | | | | | added first rough ability to authenticate the server against its certificateRainer Gerhards2008-05-168-23/+174
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is very experimental and needs some more work. It probably even segfaults - but the base code is there and running. The rest is refinement. While working on this, I did these two bugfixes: - bugfix: small mem leak in omfwd on exit (strmdriver name was not freed) - bugfix: $ActionSendStreamDriver had no effect
| | * | | | | | | | | | Merge branch 'master' into ietf-tlsRainer Gerhards2008-05-1630-81/+257
| | |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | | client provides x.509 and server prints fingerprintRainer Gerhards2008-05-152-6/+34
| | | | | | | | | | | | |
| * | | | | | | | | | | | bugfix: missing linker options caused build to fail on some systems.Tiziano Mueller2008-05-212-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
| * | | | | | | | | | | | bugfix: default syslog port was no longer used if none was configured.varmojfekoj2008-05-212-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
| * | | | | | | | | | | | added some more info to project status pageRainer Gerhards2008-05-161-5/+5
| | |/ / / / / / / / / / | |/| | | | | | | | | |
| * | | | | | | | | | | bumped version numberRainer Gerhards2008-05-162-1/+3
| | | | | | | | | | | |
| * | | | | | | | | | | removed references to deleted filesv3.19.2Rainer Gerhards2008-05-161-4/+0
| | | | | | | | | | | |
| * | | | | | | | | | | fixed potential uninitialzed var access (highly improbable)Rainer Gerhards2008-05-161-0/+2
| | | | | | | | | | | |
| * | | | | | | | | | | preparing for 3.19.2Rainer Gerhards2008-05-163-19/+50
| | | | | | | | | | | |
| * | | | | | | | | | | Merge branch 'beta'Rainer Gerhards2008-05-163-3/+23
| |\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: ChangeLog rfc3195d.c
| * | | | | | | | | | | | added fromhost-ip properties and some bugfixesRainer Gerhards2008-05-1619-32/+149
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - bugfix: TCP input modules did incorrectly set fromhost property (always blank) - bugfix: imklog did not set fromhost property - added "fromhost-ip" property - added "RSYSLOG_DebugFormat" canned template - bugfix: hostname and fromhost were swapped when a persisted message (in queued mode) was read in
| * | | | | | | | | | | | bumped version numberRainer Gerhards2008-05-152-4/+2
| | | | | | | | | | | | |
| * | | | | | | | | | | | added TODO itemRainer Gerhards2008-05-151-1/+1
| | | | | | | | | | | | |
| * | | | | | | | | | | | bugfix: TLS server went into an endless loop in some situations.Rainer Gerhards2008-05-154-13/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Thanks to Michael Biebl for reporting the problem.
| * | | | | | | | | | | | ugfix: lmtcpclt, lmtcpsrv and lmgssutil did all link to the static runtime ↵Rainer Gerhards2008-05-142-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | library, resulting in a large size increase (and potential "interesting" effects). Thanks to Michael Biebel for reporting the size issue.
| * | | | | | | | | | | | fixed potential segfault due to invalid call to cfsyslinevarmojfekoj2008-05-144-7/+11
| | |/ / / / / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | thanks to varmojfekoj for the patch Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
| * | | | | | | | | | | server's X509 cert fingerprint is obtained by client on connectRainer Gerhards2008-05-083-189/+50
| | | | | | | | | | | |
| * | | | | | | | | | | added a bit of doc (at least something...)Rainer Gerhards2008-05-085-1/+245
| | | | | | | | | | | |
| * | | | | | | | | | | added tool to show fingerprintsRainer Gerhards2008-05-081-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this is required for IETF I-D syslog-transport-tls-12. This is a very rough first prototype
| * | | | | | | | | | | added simple shell script to support creating self-signed certsRainer Gerhards2008-05-081-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this is necessary to comply to IETF I-D -syslog-transport-tls-12
| * | | | | | | | | | | bugfix: gtls netstram driver did not specify threading modelRainer Gerhards2008-05-081-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (could possibly lead to "interesting effects" ;))
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-06 14:38:51 +0000