Commits · ae2819597fcd50eea01f7429032fef24c3492228 · Fabian Mauchle / radsecproxy

02 Sep, 2013 14 commits
- Don't wait for _writable_ when _reading_ an SSL socket. · ae281959
  Linus Nordberg authored Aug 26, 2013
```
Also, don't select() at all if SSL_pending() says there's data to
read.

Patch by Fabian Mauchle.
```
  ae281959
- Don't free struct clsrvconf members rewritein and rewriteout. · edaa77bc
  Linus Nordberg authored Aug 26, 2013
```
They are pointers into static struct hash *rewriteconfs and should
live forever.

Patch by Fabian Mauchle.
```
  edaa77bc
- Update ChangeLog with the last three bug fixes/ehancements. · 6fe53399
  Linus Nordberg authored Aug 26, 2013
```
Also, in a lame attempt att giving credit for last commit where I
failed at doing that:

  4920ff44 is a patch from Fabian Mauchle.
```
  6fe53399
- Purge the duplication cache once per received packet. · 536fbcd6
  Linus Nordberg authored Aug 26, 2013
  
  536fbcd6
- Add Fabian Mauchle to AUTHORS. · 1931a0d5
  Linus Nordberg authored Aug 26, 2013
  
  1931a0d5
- Return free memory more aggressively. · dbff4652
  Linus Nordberg authored Aug 26, 2013
```
Have free(3) call sbrk(2) when there's 4 MB to free (default on Linux
seems to be 128).

Patch by Fabian Mauchle.

Conflicts:
	configure.ac
```
  dbff4652
- Create threads with a 32 KB stack rather than what happens to be the default. · 55ca280f
  Linus Nordberg authored Aug 26, 2013
```
On Linux, the default stack size is typically 8 MB.

Patch by Fabian Mauchle.
```
  55ca280f
- Honour escaped slashes in regular expressions. · 05b36061
  Linus Nordberg authored May 31, 2013
```
Closes RADSECPROXY-51.
```
  05b36061
- Verify a single hash/hmac in the tests, not two. · 5fd15c12
  Linus Nordberg authored May 06, 2013
  
  5fd15c12
- Add Simon Lundström to AUTHORS. · 6146c490
  Linus Nordberg authored Apr 23, 2013
  
  6146c490
- Fix a help string in radsecproxy-hash(1) (-h). · 2606ff02
  Linus Nordberg authored Apr 23, 2013
```
Spotted by Simon Lundström.
```
  2606ff02
- Make radsecproxy-hash(1) not print the hash four times. · d22a7952
  Linus Nordberg authored Apr 23, 2013
```
Bug found by Simon Lundström and jocar.

Conflicts:
	radsecproxy-hash.c
```
  d22a7952
- Improve the documentation for the fticks_hashmac() interface. · e205daa6
  Linus Nordberg authored Apr 23, 2013
```
That interface is a bit surprising. radsecproxy-hash(1) was indeed
bitten by it.

Also, make _format_hash() behave consistently even when out_len < 3.

Conflicts:
	fticks_hashmac.c
```
  e205daa6
- Update ChangeLog entry for 1.6.2 with correct CVE id. · 0bab4d61
  Linus Nordberg authored Nov 01, 2012
```
1.6.2 is already released but correct ChangeLog info is good.
```
  0bab4d61
25 Oct, 2012 2 commits
- Mention CVE number in ChangeLog. · 2f452345
  Linus Nordberg authored Oct 25, 2012
  
  2f452345
- radsecproxy-1.6.2 · 73f53fee
  Linus Nordberg authored Oct 25, 2012
  
  73f53fee
22 Oct, 2012 3 commits

Don't mix up pre- and post-handshake verification of DTLS clients. · 3682c935

Linus Nordberg authored Oct 19, 2012

Commit db965c9b addressed TLS clients only.

When verifying DTLS clients, don't consider config blocks with CA
settings ('tls') which differ from the one used for verifying the
certificate chain.

Original issue reported and analysed by Ralf Paffrath. DTLS being
vulnerable reported by Raphael Geisser.

Addresses issue RADSECPROXY-43, CVE-2012-4523.

3682c935

Update documentation on default secret for TLS and DTLS. · b04eb90f
Linus Nordberg authored Oct 19, 2012
```
The change was done in radsecproxy-1.6 (2012-04-27) but wasn't
documented properly.
```
b04eb90f
Bump version. · 7393c837
Linus Nordberg authored Oct 19, 2012

7393c837

18 Oct, 2012 1 commit
- Update ChangeLog with CVE id for RADSECPROXY-43. · c0b177d0
  Linus Nordberg authored Oct 18, 2012
  
  c0b177d0
14 Sep, 2012 3 commits
- Bump version in configure.ac too. · de6618b9
  Linus Nordberg authored Sep 14, 2012
  
  de6618b9
- radsecproxy-1.6.1 · 90348a43
  Linus Nordberg authored Sep 14, 2012
  
  90348a43
- Document the effects of RADSECPROXY-43. · 98856495
  Linus Nordberg authored Sep 14, 2012
```
https://project.nordu.net/browse/RADSECPROXY-43
```
  98856495
13 Sep, 2012 1 commit

Don't mix up pre- and post-handshake verification of clients. · db965c9b

Linus Nordberg authored Sep 13, 2012

When verifying clients, don't consider config blocks with CA
settings ('tls') which differ from the one used for verifying the
certificate chain. Reported by Ralf Paffrath.

Reported and analysed by Ralf Paffrath.

Addresses issue RADSECPROXY-43.

db965c9b

13 Aug, 2012 2 commits
- Make naptr-eduroam.sh check NAPTR type case insensitively. · 8d287300
  Linus Nordberg authored Aug 13, 2012
```
Fix by Adam Osuchowski.
```
  8d287300
- Fix typo in ChangeLog. · 972e0b78
  Linus Nordberg authored Aug 13, 2012
  
  972e0b78
23 May, 2012 4 commits

New versions of generated files from the Autotools. · 556e9e11
Linus Nordberg authored May 18, 2012

556e9e11
Bump version to 1.6.1-dev. · b6f78c90
Linus Nordberg authored May 18, 2012

b6f78c90

manpage fix: use minus signs instead of hyphens · 65ae0b37

Faidon Liambotis authored May 23, 2012

To: radsecproxy@uninett.no
Cc: Faidon Liambotis <paravoid@debian.org>
Date: Wed, 23 May 2012 01:50:26 +0300

groff interprets "-" as hyphens (U+2010) and not as minus signs
(U+002D). Process arguments are clearly being done with minus signs, so
escape them properly and make copy/paste work again.

65ae0b37

Tiny spelling fix on radsecproxy.conf.5.xml · 0a15fe00

Faidon Liambotis authored May 23, 2012

To: radsecproxy@uninett.no
Cc: Faidon Liambotis <paravoid@debian.org>
Date: Wed, 23 May 2012 01:50:27 +0300

s/specifed/specified/

0a15fe00

27 Apr, 2012 3 commits
- radsecproxy-1.6. · 40e8d53c
  Linus Nordberg authored Apr 27, 2012
  
  40e8d53c
- radsecproxy-1.6-rc2. · 54531600
  Linus Nordberg authored Apr 27, 2012
  
  54531600
- Release a lock. · a23b7119
  Linus Nordberg authored Apr 27, 2012
```
Patch from Ralf Paffrath <paffrath@dfn.de>.
```
  a23b7119
26 Apr, 2012 3 commits
- radsecproxy-1.6-rc1. · 9ce22579
  Linus Nordberg authored Apr 26, 2012
  
  9ce22579
- Add experimental code for dynamic discovery (only if ENABLE_EXPERIMENTAL_DYNDISC). · 07238516
  Linus Nordberg authored Apr 26, 2012
```
Patch from Ralf Paffrath <paffrath@dfn.de>.
```
  07238516
- Add configure option --enable-experimental-dyndisc. · c6d33673
  Linus Nordberg authored Apr 26, 2012
  
  c6d33673
17 Apr, 2012 4 commits
- Ready for radsecproxy-1.6-rc0. · 8c8d6467
  Linus Nordberg authored Apr 17, 2012
  
  8c8d6467
- Document the IPv4Only and IPv6Only options. · 54e88b00
  Linus Nordberg authored Apr 17, 2012
```
RADSECPROXY-37.
```
  54e88b00
- Initialize ipv4only and ipv6only. · ddd985a9
  Linus Nordberg authored Apr 16, 2012
  
  ddd985a9
- Add top-level config options IPv4Only and IPv6Only. · 2feba60a
  Linus Nordberg authored Apr 13, 2012
```
Related to RADSECPROXY-37.

TODO: Add documentation.
```
  2feba60a