summaryrefslogtreecommitdiffstats
path: root/runtime
Commit message (Collapse)AuthorAgeFilesLines
...
* somewhat improved plain tcp syslog reliabilityRainer Gerhards2008-06-095-1/+54
| | | | | | ...by doing a connection check before sending. Credits to Martin Schuette for providing the idea. Details are available at http://blog.gerhards.net/2008/06/reliable-plain-tcp-syslog-once-again.html
* fixed a bug with the new property replacer optionRainer Gerhards2008-06-071-1/+1
| | | | | there was a copy&paste error in the timereported property - thanks to Elizabeth for reporting it
* added new property replacer option "time-subseconds"Rainer Gerhards2008-06-064-1/+70
| | | | enables to query just the subsecond part of a high-precision timestamp
* preparing 3.19.6v3.19.6Rainer Gerhards2008-06-061-1/+1
|
* enhanced property replacer to support multiple regex matchesRainer Gerhards2008-06-041-5/+28
|
* bugfix: off-by-one bug during certificate checkRainer Gerhards2008-06-041-2/+4
|
* bugfix: part of permittedPeer structure was not correctly initializedRainer Gerhards2008-06-031-2/+1
| | | | thanks to varmojfekoj for spotting this
* capability for replacement text in no match regex case addedRainer Gerhards2008-05-301-13/+18
| | | | | | implemented in property replacer: if a regular expression does not match, it can now either return "**NO MATCH** (default, as before), a blank property or the full original property text
* enhanced property replacer's regex to support submatchesRainer Gerhards2008-05-291-7/+21
| | | | | | | - enabled Posix ERE expressions inside the property replacer (previously BRE was permitted only) - provided ability to specify that a regular expression submatch shall be used inside the property replacer
* Merge branch 'ietf-tls'Rainer Gerhards2008-05-277-57/+1088
|\
| * implemented wildcards inside certificate name check authenticationRainer Gerhards2008-05-274-7/+311
| |
| * client now provides cert even if it is not signed by one of the server's ↵Rainer Gerhards2008-05-273-10/+170
| | | | | | | | trusted CAs (gtls)
| * protected gtls error string function by a mutex.Rainer Gerhards2008-05-261-1/+7
| | | | | | | | | | Without it, we could have a race condition in extreme cases. This was very remote, but now can no longer happen.
| * fixed fingerprint generatorRainer Gerhards2008-05-261-2/+1
| | | | | | | | fixed problem introduced earlier today
| * fixed wrong cert expiration date checkRainer Gerhards2008-05-261-1/+1
| |
| * added certificate validity date check (gtls)Rainer Gerhards2008-05-262-10/+58
| |
| * added gtls name authentication based on common name (inside DN)Rainer Gerhards2008-05-262-7/+100
| | | | | | | | also changed fingerprint gtls auth mode to new format fingerprint
| * added capability to auto-configure tls auth rule for client connecting to serverRainer Gerhards2008-05-262-13/+52
| | | | | | | | must match hostname in send action
| * improved gtls error reportingRainer Gerhards2008-05-261-2/+11
| |
| * checking if client provided a cert and complain if notRainer Gerhards2008-05-231-1/+3
| |
| * added x509/name authentication (so far based on dnsName only)Rainer Gerhards2008-05-221-58/+137
| |
| * added code to pull the subjectAltName - dNSNameRainer Gerhards2008-05-212-3/+23
| |
| * fixed invalid prototypeRainer Gerhards2008-05-211-1/+1
| |
| * implemented x509/certvalid "authentication"Rainer Gerhards2008-05-214-4/+276
| |
* | bugfix: sender information (fromhost et al) was missing in imudpRainer Gerhards2008-05-211-1/+1
| | | | | | | | thanks to sandiso for reporting this bug
* | Merge branch 'ietf-tls'Rainer Gerhards2008-05-2112-23/+398
|\| | | | | | | | | | | Conflicts: ChangeLog
| * re-enabled anon mode (failed if client did not provide cert)Rainer Gerhards2008-05-211-3/+6
| |
| * changed default GnuTLS key material to more reasonable valuesRainer Gerhards2008-05-201-1/+0
| | | | | | | | | | We now also provide everything to sign with a common CA. NOTE: none of this is for production use!
| * first implementation of TLS server client authentication checkRainer Gerhards2008-05-1912-39/+209
| | | | | | | | | | | | | | The TLS server now checks the client fingerprint. This works, but is highly experimental. Needs to be refined for practice. Also: - implemented permittedPeers helper construct to store names - changed omfwd implementation to use new permittedPeers
| * improved error messages and corrected fingerprint formatRainer Gerhards2008-05-194-13/+32
| |
| * regained netstream driver genericity; improved driversRainer Gerhards2008-05-172-3/+47
| | | | | | | | | | | | | | | | | | - made action logic pass optional auth params only if they are actually configured - added new authMode and Fingerprint methods to ptcp netstream driver (keeping them once again generic) - added diagnostics messages when invalid auth modes were configured
| * added first rough ability to authenticate the server against its certificateRainer Gerhards2008-05-166-5/+117
| | | | | | | | | | | | | | | | | | | | This is very experimental and needs some more work. It probably even segfaults - but the base code is there and running. The rest is refinement. While working on this, I did these two bugfixes: - bugfix: small mem leak in omfwd on exit (strmdriver name was not freed) - bugfix: $ActionSendStreamDriver had no effect
| * Merge branch 'master' into ietf-tlsRainer Gerhards2008-05-168-11/+70
| |\
| * | client provides x.509 and server prints fingerprintRainer Gerhards2008-05-152-6/+34
| | |
* | | bugfix: missing linker options caused build to fail on some systems.Tiziano Mueller2008-05-211-1/+1
| |/ |/| | | | | Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
* | fixed potential uninitialzed var access (highly improbable)Rainer Gerhards2008-05-161-0/+2
| |
* | Merge branch 'beta'Rainer Gerhards2008-05-161-0/+2
| | | | | | | | | | | | | | Conflicts: ChangeLog rfc3195d.c
* | added fromhost-ip properties and some bugfixesRainer Gerhards2008-05-166-11/+56
| | | | | | | | | | | | | | | | | | | | - bugfix: TCP input modules did incorrectly set fromhost property (always blank) - bugfix: imklog did not set fromhost property - added "fromhost-ip" property - added "RSYSLOG_DebugFormat" canned template - bugfix: hostname and fromhost were swapped when a persisted message (in queued mode) was read in
* | added TODO itemRainer Gerhards2008-05-151-1/+1
| |
* | bugfix: TLS server went into an endless loop in some situations.Rainer Gerhards2008-05-152-0/+10
|/ | | | Thanks to Michael Biebl for reporting the problem.
* server's X509 cert fingerprint is obtained by client on connectRainer Gerhards2008-05-083-189/+50
|
* added a bit of doc (at least something...)Rainer Gerhards2008-05-083-1/+238
|
* bugfix: gtls netstram driver did not specify threading modelRainer Gerhards2008-05-081-3/+7
| | | | (could possibly lead to "interesting effects" ;))
* limited number of unavoidable compiler warnings when compiling with GnuTLSRainer Gerhards2008-05-071-2/+15
|
* added missing includes (noticed under SuSe Linux)Rainer Gerhards2008-05-062-0/+2
|
* final touches for 3.19.0v3.19.0Rainer Gerhards2008-05-061-1/+0
|
* Merge branch 'tls'Rainer Gerhards2008-05-0621-209/+550
|\
| * trying to remove compiler warningsRainer Gerhards2008-05-051-2/+2
| |
| * support for different forwarding stream drivers addedRainer Gerhards2008-05-053-3/+31
| | | | | | | | they can now be set on an action-by-action basis
| * made default certificate file locations configurableRainer Gerhards2008-05-053-7/+87
| | | | | | | | | | | | - added $DefaultNetstreamDriverCAFile config directive - added $DefaultNetstreamDriverCertFile config directive - added $DefaultNetstreamDriverKeyFile config directive
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-17 22:50:20 +0000