he
976380d183
When casting to/from a pointer to an integral type (a bad practice,
...
if you ask me), you need to cast via intptr_t for portability.
2009-03-12 23:05:27 +00:00
wiz
2df943f931
New sentence, new line. Avoid marking up punctuation.
2009-03-12 15:18:57 +00:00
wiz
0d4480d10a
Bump date for previous. Sort options to establish-sa.
...
Stop using Xo/Xc.
2009-03-12 14:01:09 +00:00
tteras
983cc8fecf
Support multiple anonymous remotes and decide remoteconf based on identity,
...
received certificates and other information. General code clean up.
2009-03-12 10:57:26 +00:00
joerg
997634fe14
Fix preamble to match order set out by mdoc(7). Discussed with wiz.
2009-03-09 19:24:26 +00:00
tteras
e3372d2f8f
setkey: fix deleteall in Linux
...
Linux requires SADB_DELETE message to have SPI. So send
a SADB_DELETE message for each matching SA. Trac #284 .
From: Gabriel Somlo <somlo@cmu.edu>
2009-03-06 11:45:03 +00:00
christos
ce563f1b55
CID 4960: Plug memory leak.
2009-02-18 20:10:23 +00:00
uebayasi
aa58ef4867
Revert previous for now. The hidden intent was to rewrite duplicate rules
...
of ${TOOL_COMPILE_ET} seen in lib/*/Makefile, using make(1) suffix rule.
But I have not figured out the best way yet.
(The reason why I want to rewrite them is to strip absolute paths embedded in
/usr/include/krb5/*.h.)
2009-02-18 01:18:57 +00:00
dogcow
0d280a6b94
sig_atomic_t is long on alpha (?!); use %ld and cast to long.
2009-02-17 05:28:32 +00:00
uebayasi
5b1f280b89
To name output files, replace only suffix part exactly.
2009-02-17 05:24:14 +00:00
christos
79290a1b6f
remove extra args.
2009-02-16 22:50:17 +00:00
christos
9341d6b102
put back deleted files
2009-02-16 20:55:22 +00:00
christos
abbe9cc1c0
merge changes
2009-02-16 20:53:54 +00:00
tteras
b1ab726a1a
From Paul Moore: Fix a heap corruption bug (yacc return non-null terminated
...
buffer and sprintf writes over bounds).
2009-02-16 18:36:21 +00:00
christos
9d3c9d9c55
from ftp.openbsd.org
2009-02-16 17:14:22 +00:00
jmmv
44d668a632
Fix build; need to constify the return value of a function.
2009-02-13 22:01:05 +00:00
vanhu
3723c0b8cf
trac#301: fixed IPsec SAs flush in purge_remote() when NAT-T enabled but no NAT-T on tunnel
2009-02-11 15:18:59 +00:00
tteras
ee2923bc73
From: Phil Sutter. Fix script environment variables with IPv6 addresses.
2009-02-03 20:21:45 +00:00
tteras
98b638ac57
Argument parsing needs lcconf initialized.
2009-01-26 18:13:06 +00:00
wiz
58b2161948
Sort options in usage.
2009-01-24 10:43:47 +00:00
wiz
a8e14ecee0
Sort options. New sentence, new line.
2009-01-24 10:43:38 +00:00
wiz
86a90d6c4e
Sort options.
2009-01-24 10:42:31 +00:00
tteras
e9d216a40d
Update usage and manpage for racoonctl.
2009-01-23 11:44:08 +00:00
tteras
c6d64c37e0
Racoon -v to print version and compilation information. Update usage
...
message.
2009-01-23 11:28:27 +00:00
tteras
1f949d3b6c
Update NEWS with major changes since 0.7 release.
2009-01-23 09:40:56 +00:00
tteras
731a29e03b
Fix monotonic scheduler change, to not refresh 'now' before exit. Otherwise
...
we can return negative timeout after spending time handling other events.
2009-01-23 09:10:13 +00:00
tteras
7bc9f9e4ee
From Arnaud Ebalard:
...
Handle reception of MIGRATE message during Phase 1 and Phase 2 negotiation.
Also corrects some debugging statements.
2009-01-23 08:32:58 +00:00
tteras
b9ba86c968
From Arnaud Ebalard:
...
On the responder (for instance), there is a need to not only migrate local
and remote addresses of Phase 1 that match previous addresses but also
the local and remote addresses of a Phase 1 *associated* with a migrated
Phase 2. For instance, we have that need when receiving the first
MIGRATE/KMADDRESS message because the old addresses are still the HoA and
the address of the HA (while the peer has contacted us using the CoA and
we have negotiated this address as src attribute in Phase 2). The patch
fixes that by having migrate_ph1_ike_addresses() called from
migrate_ph2_ike_addresses() callback.
2009-01-23 08:29:34 +00:00
tteras
54bcc916f5
From Arnaud Ebalard: Set phase2 spid when acting as responder.
2009-01-23 08:27:24 +00:00
tteras
5d5e4e2fa3
Detect if monotonic system clock is available, and use it for relative
...
time measurements to avoid complite hang if time jumps backwards.
2009-01-23 08:25:06 +00:00
tteras
49c6438a45
Fix authentication method ambiguity by internally using unique ID and
...
setting/interpreting the wire format based on received vendor ID:s. Fixes
trac #280 .
2009-01-23 08:23:51 +00:00
tteras
69697b4655
Introduce vendorid bitmask that can be used otherwhere to detect peer
...
capabilities.
2009-01-23 08:06:56 +00:00
tteras
2b7d4cd554
Remove "fastquit" configure option and make it the default behaviour. The
...
previous normal behaviour is buggy, as after flush kernel can immediately
create larval SA:s which would prevent exit.
2009-01-23 08:05:58 +00:00
tteras
2b68c3a06a
Autogenerate ChangeLog from NetBSD CVS. Put sourceforge.net changes to
...
ChangeLog.old.
2009-01-20 14:36:07 +00:00
wiz
67cbe60826
Make ready for HTML output.
...
Use proper escape for backslash ('\e').
2009-01-10 21:58:38 +00:00
tteras
f7557f766d
From Cyrus Rahman:
...
Accept RFC2253 compliant escaped special characters for asn1dn identifier.
2009-01-10 19:08:40 +00:00
tteras
a0b1dc6be0
Fix a CPPLAGS typo to CPPFLAGS which was intended
2009-01-09 06:31:38 +00:00
tteras
9df0ec5c7e
Fix a CPPLAGS type to CPPFLAGS which was intended
2009-01-09 06:31:37 +00:00
christos
10c9b70baa
Correct error checking for DSA and ECDSA keys (from FreeBSD)
2009-01-07 23:05:07 +00:00
tteras
b264308e87
Remove obsolete configuration options, fix radius configuration block and
...
add GRE as recognized protocol.
2009-01-05 06:03:58 +00:00
tteras
328859aef7
Do not use counting in signal handling as it was unsafe by not using
...
atomic functions (post increment is not necessarily atomic).
Instead reap all children on SIGCHLD as that was the only signal needing
signal counting.
2009-01-05 06:00:27 +00:00
tteras
a3c1a92d23
schedular() call can now modify fd mask so make the working copy just
...
before calling select(); otherwise it can contain bad file descriptors
2008-12-30 15:50:24 +00:00
mlelstv
e5b90a2fc2
support icmp codes. Fixes PR 39056.
2008-12-29 12:54:33 +00:00
christos
aa3382cd31
remove sin{6,}_len linux does not have it. From Timo Teras.
2008-12-24 20:20:52 +00:00
christos
6c532322d2
I was wrong. addr is actually set.
2008-12-24 19:05:48 +00:00
christos
16b17fbeab
- make this compile by zeroing out the whole structure not just bogus fields.
...
- set length field of sockets appropriately.
- mark bogus no-op code (I don't understand what the author intended here).
2008-12-24 15:25:44 +00:00
wiz
c1e7a459ca
Bump date for identity configuration option removal.
2008-12-23 19:28:18 +00:00
tteras
535280aca9
Remove the obsoleted global identity configuration option.
2008-12-23 14:04:42 +00:00
tteras
bd378f6dda
rewrite local address detection
...
make some functions static that arr not needed globally
rework how fd_set is construction for the main loop select()
2008-12-23 14:03:12 +00:00
tteras
182f0b93be
From Arnaud Ebalard:
...
Delete larval ph2handles when expire with hard lifetime received
2008-12-18 07:20:25 +00:00
tteras
50a2f2e6d0
Update README
2008-12-16 06:48:38 +00:00
tteras
b2b7434a10
Fix transport mode address selection in acquire handling.
...
Some earlier fixes got lost on 2008-12-05 commit.
2008-12-16 06:08:46 +00:00
vanhu
a75f34b133
Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)
2008-12-11 15:45:24 +00:00
vanhu
cffd15164d
Fixed compilation when DPD support is disabled
2008-12-11 15:33:59 +00:00
bad
f140528153
Document my fix to src/racoon/privsep.c for the SIG_IGN typo on 2008-12-04.
2008-12-09 23:28:08 +00:00
tteras
dae665ff27
Do not cache pfkey sockets: it might cause to not handle some pfkey events
...
when select() has marked pfkey socket readable, but a timer callback first
calls pfkey_dump_sadb().
2008-12-08 06:00:53 +00:00
tteras
02f2a72861
From Arnaud Ebalard:
...
Improved Mobile IPv6 support per draft-ebalard-mext-pfkey-enhanced-migrate.
2008-12-05 06:02:20 +00:00
bad
3ef91ecea8
Fix typo in previous and use SIG_IGN as I intended.
2008-12-04 22:30:26 +00:00
tteras
22b0737f30
Explicitly ignore SIGPIPE. Default action on Linux is terminate.
2008-12-02 07:41:43 +00:00
wiz
659c30f2ba
Remove empty line. Fix typo. New sentence, new line.
2008-11-28 22:37:44 +00:00
vanhu
0b0a39b9f9
ModeConfig fixes
2008-11-27 15:04:34 +00:00
vanhu
3a74e20575
Set up a default value for Mode Config Pool size if pool address specified but pool size not specified
2008-11-27 15:04:21 +00:00
vanhu
054e0e851d
Fixed pool resizing
2008-11-27 15:04:16 +00:00
tteras
f863fa40c3
From Arnaud Ebalard:
...
Remove MAXNESTEDSA weirdness. It's probably meant for bundle support which
is not done. When someone actually writes bundle support, the nested SA
stuff would probably be reworked too anyway.
2008-11-27 11:08:48 +00:00
tteras
1c6c2a3356
From: Matthew Krenzer
...
Ability to set pfkey socket buffer size via configuration file directive.
(Indentation and minor fixes by me.)
2008-11-27 10:53:48 +00:00
bad
e564489300
Document my changes from 2008-11-08 and today.
2008-11-25 22:39:20 +00:00
bad
f798cbf18b
Avoid using MSG_NOSIGNAL as it is not available everywhere.
...
Ignore SIGPIPE instead.
2008-11-25 22:38:31 +00:00
bad
d9c51cbeae
Ignore unspecified and looback addresses. Ignoring unspecified addresses
...
prevents racoon from trying to bind to the wildcard address and specific
addresses simultaneously after e.g. dhclient has changed an interface's
address to 0.0.0.0.
2008-11-25 22:00:15 +00:00
bad
e7c2314bc8
RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses.
...
Ignore them silently.
2008-11-25 21:54:05 +00:00
bad
6db1040de3
Ignoring an unsuitable address is not an error. Therefore log it as
...
informational.
Make it clear from the log message that a route message is not interesting.
2008-11-25 21:50:47 +00:00
bad
220cbdde75
Use insmyaddr() instead of open coding it.
2008-11-25 21:46:12 +00:00
bad
b8d42d186b
Do not return erroneously from isakmp_open() when setting IPV6_USE_MIN_MTU
...
fails.
2008-11-25 21:42:36 +00:00
bad
667107700d
Keep myaddr.sock at -1 when no socket is opened.
2008-11-25 21:37:11 +00:00
bad
96020e15cb
Preserve owner and permissions of original /etc/resolv.conf.
...
Ensure that new /etc/resolv.conf isn't group or world writable.
2008-11-08 13:41:09 +00:00
bad
447613dc6a
Print and check INTERNAL_NETMASK4.
2008-11-08 13:38:46 +00:00
bad
aabe06ab2f
Make the handling of NAT-T SPD entries automatic.
2008-11-08 13:36:35 +00:00
bad
5a8370eefd
Ensure that the determination of the default gateway and the corresponding
...
interface don't get confused by multiple, possibly non-IPv4 default routes.
Bring the NetBSD case of deleting the VPN routes and address in line with
the Linux case and delete the address after deleting the VPN routes.
2008-11-08 13:31:23 +00:00
wiz
a4814aed6a
The escape sequence for a backslash is "\e".
2008-11-07 16:51:27 +00:00
reed
a455765d91
Use line continuation for an example. It was too wide for my output
...
so was cropped.
Already shared upstream and was told (in September) will be in next
major release.
2008-11-07 15:50:38 +00:00
vanhu
33dafe234f
fixed delsainfo() to avoid a crash when iddst's value is SAINFO_CLIENTADDR
2008-11-06 14:12:28 +00:00
tteras
66f152db75
Add ChangeLog entry about S.P.Zeidler's commit. Fix my name in one place.
2008-11-01 06:55:10 +00:00
spz
334414e667
Changes to ipsecdoi_id2str():
...
struct sockaddr -> struct sockaddr_storage fixes a stack overflow
For non-linklocal addresses the value in 'scope' is garbage and gets
set to zero instead.
2008-10-29 18:49:45 +00:00
tteras
0c1f013cc5
Fix commit dates to reflect reality.
2008-10-28 19:03:27 +00:00
hubertf
11236c9878
Make sshd find the xauth program, even with the new /usr/X11R7.
...
OK'd by christos@
2008-10-27 08:27:04 +00:00
tteras
ed890caaae
From Arnaud Ebalard:
...
Add missing return to error path
2008-10-27 06:27:05 +00:00
tteras
3ff331469e
From Francis Dupont (sent by Arnaud Ebalard):
...
recognize RTM_IFANNOUNCE
2008-10-27 06:24:27 +00:00
tteras
a06fc42a2e
From Arnaud Ebalard:
...
Fix indentation issues for readability
2008-10-27 06:21:29 +00:00
tteras
b186d55b63
From Arnaud Ebalard:
...
initfds() needs to be called only if monitored file descriptor numbers
have changed
2008-10-27 06:18:08 +00:00
tteras
38962f77a8
From Arnaud Ebalard:
...
Remove duplicate declaration
2008-10-27 06:14:04 +00:00
adrianp
1e802db977
Pull in a fix from the OpenSSL CVS:
...
http://cvs.openssl.org/filediff?f=openssl/crypto/x509/x509_att.c&v1=1.14&v2=1.15
This should fix PR #39767 opened by Wolfgang Solfrank
2008-10-25 12:11:47 +00:00
tteras
ede27c75ad
From Krzysztof Piotr Oledzki <olel@ans.pl>:
...
Revert parts of 2008-08-06 commit; the problem those changes address are
already handled in a sensible way by Cyrus Rahman's patch from 2008-03-06.
2008-10-23 10:56:10 +00:00
apb
96230fab84
Use ${TOOL_AWK} instead of ${AWK} or plain "awk" in make commands.
...
Pass AWK=${TOOL_AWK:Q} to shell scripts that use awk.
2008-10-19 22:05:19 +00:00
tteras
ab610e81be
Fix a spelling mistake in changelog
2008-10-09 16:44:31 +00:00
tteras
52d4b7db25
From Arnaud Ebalard: remove unnecessary unbindph12() call which is now done in remph2()
2008-10-09 15:53:12 +00:00
tteras
c724d51982
From Arnoud Ebalard <arno@natisbad.org>:
...
remove unnecessary unbindph12() call which is now done also in remph2()
2008-10-09 15:53:11 +00:00
vanhu
105e5049b7
Fixed resending mechanism to have non-ESP marker for retransmitted packets
2008-09-25 09:34:13 +00:00
wiz
e829b0a440
New sentence, new line.
2008-09-19 17:33:24 +00:00
tteras
d1a09d5477
Implement ISAKMP SA rekeying configurable with rekey {on|off|force} option
...
in remote conf.
2008-09-19 11:14:49 +00:00
tteras
fbf62026bb
Change struct sched to be allocated be the caller to avoid some memory
...
allocations. Optimize scheduling algorithm to not scan all entries in
the main loop.
2008-09-19 11:01:08 +00:00
christos
7a75c9a543
PR/39233: Taylor R Campbeel: OpenSSH fails to initialize tun(4) tunnels
...
correctly.
2008-09-17 15:45:50 +00:00
vanhu
b383a5b3e4
Fixed port match in purge_ipsec_spi() when NAT-T enabled and trying to purge non NAT-T SAs
2008-09-17 12:39:07 +00:00
vanhu
954f7757c0
Some calls to set_port() were not correctly updated in the previous commit
2008-09-09 11:50:42 +00:00
vanhu
a20b313ea8
From Tomas Mraz: Duplicate addresses in pk_sendxxx functions, as they may be altered for NAT-T stuff.
2008-09-03 16:08:26 +00:00
vanhu
4ead39ef24
Duplicate addresses in pk_sendxxx functions, as they may be altered for NAT-T stuff
2008-09-03 16:08:25 +00:00
tteras
dbd3f137ba
- Fix reloading of SPD (Linux satype check, handling of SPD dump responses)
...
- Remove some spurious error log message from extract_port()
2008-09-03 09:57:28 +00:00
lukem
b926b61a73
Comment out __RCSID; this is a host tool and we don't need the Id in the binary.
...
Fixes cross-build issue on RHEL5-like Linux.
Arguably we shouldn't even #include <config.h> because that's been created
for the NetBSD target and not the (possibly non-NetBSD) host system,
but that hasn't caused problems so far so I'll leave it for now.
2008-09-03 07:10:55 +00:00
gmcgarry
dc1f2ff2f9
Eliminate gcc-specific feature of empty structures.
2008-08-29 00:31:37 +00:00
gmcgarry
f3a85cb801
Eliminate superfluous semicolon.
2008-08-29 00:31:00 +00:00
gmcgarry
b4e2d1afdf
Eliminate gcc-specific feature of unnamed structures added recently.
2008-08-29 00:30:15 +00:00
vanhu
163d7169c0
From Krzysztof Piotr Oledzki: Remove ph1handler if we received an invalid first exchange from initiator.
2008-08-12 12:45:55 +00:00
vanhu
32468f64a1
Remove ph1handler if we received an invalid first exchange from initiator
2008-08-12 12:45:54 +00:00
tteras
191869cf2a
From Krzysztof Piotr Oledzki:
...
Make privileged process exit if unprivileged process is terminated and
some spelling fixes.
2008-08-06 19:14:28 +00:00
simonb
5a3c2f6809
Revert the HPN changes that added verbose "Max throughput" summary
...
after scp(1) finishes.
2008-08-05 14:13:34 +00:00
veego
cca63e16c3
Restore .hx support for avoiding unneeded regeneration of header files
...
Fix PR lib/39185
Partly restore the changes which were removed during the Heimdal 1.1 update:
src/lib/libasn1/Makefile 1.28 -> 1.29
src/lib/libhdb/Makefile 1.21 -> 1.22
src/crypto/dist/heimdal/lib/asn1/gen.c 1.8 -> 1.9
Add .hx support in 'new' heimdal libraries:
src/lib/libgssapi/Makefile
src/lib/libhx509/Makefile
Add a new entry in doc/HACKS for this changes.
2008-08-03 07:16:58 +00:00
mgrooms
9ef0a25aeb
Add some missing ifdefs required for non-radius enabled builds.
2008-07-23 17:36:00 +00:00
tteras
4521811287
Do not use GNU make specific extension.
2008-07-23 13:53:08 +00:00
tteras
28aa26f3de
Do flex/bison invocation in a more standard way, and keep the generated
...
files in the dist tarball.
2008-07-23 09:06:51 +00:00
vanhu
826c52702d
From Kohki Ohhira: fix some memory leaks, when malloc fails or when peer sends invalid proposal.
2008-07-22 13:25:18 +00:00
vanhu
754d7776f7
fixed some memory leaks, when malloc fails or when peer sends invalid proposals
2008-07-22 13:25:17 +00:00
mgrooms
fd9755072f
Add an optional radius configuration section to the racoon.conf file. This
...
is similar to the the LDAP configuration section and overrides settings in
the system radius configuration file.
2008-07-22 01:30:02 +00:00
tron
0cc0bec23e
Correct typo to fix the build.
2008-07-21 09:43:03 +00:00
tteras
ca3b7c5a9f
Separate generic vendor id handling to a new function and use it.
2008-07-21 06:26:06 +00:00
tteras
7a1c3cb1b8
Do not set default gss id if xauth is used, otherwise gss-id attribute
...
might be sent even if it was not requested.
2008-07-21 06:24:29 +00:00
mgrooms
879eeb1025
Fix an a typo that prevented racoon from building with hybrid enabled.
2008-07-15 02:16:58 +00:00
mgrooms
6353d50296
Update changelog which was missed in my previous commit.
2008-07-15 00:53:36 +00:00
mgrooms
8f0b3482bc
Fix a conflict with the FreeBSD 8 system hexdump function.
2008-07-15 00:47:09 +00:00
tteras
56a42db6a6
Handle RESPONDER-LIFETIME notification in quick mode.
2008-07-14 05:45:15 +00:00
tteras
583275a951
Clean up notification payload handling. Handle INITIAL-CONTACT notification
...
in last main mode exchange (delayed) and during quick mode exchanges.
2008-07-14 05:40:13 +00:00
tteras
75bc4bd6cd
Original patch from Atis Elsts:
...
Fix a double memory free and a memory corruption (LIST_REMOVE() on
an uninserted node) in some error handling paths.
2008-07-11 08:02:06 +00:00
tteras
7f51b6fe42
From Chong Peng:
...
fix a file descriptor and memory leak on configuration file reread
2008-07-09 12:16:50 +00:00
vanhu
d20c6ed916
From Timo Teras: fix some %d to %zu (size_t values)
2008-07-02 14:46:27 +00:00
vanhu
874968c865
fixed some %d to %zu (size_t values)
2008-07-02 14:46:26 +00:00
christos
a494eea816
Add an ifdef to disable the AES_CTR_MT cipher because static binaries don't
...
work with -pthread, and /rescue is linked against libssh.
2008-06-23 14:51:31 +00:00
christos
80a665de90
Add the HPN patch for ssh:
...
http://www.psc.edu/networking/projects/hpn-ssh/
2008-06-22 15:42:50 +00:00
wiz
bf3ddb193b
Bump date for previous.
2008-06-18 07:40:16 +00:00
mgrooms
93c1205f96
Add an admin port command to retrieve the peer certificate. Submitted by Timo Teras.
2008-06-18 07:12:04 +00:00
mgrooms
c47cb1615c
Add an admin port command to retrieve the peer certificate. Submitted by
...
Timmo Teras.
2008-06-18 07:12:03 +00:00
mgrooms
01e8cc1e5d
Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.
2008-06-18 07:04:23 +00:00
mgrooms
5d397c5ba5
Set sockets to be closed on exec to avoid potential file descriptor
...
inheritance issues. Submitted by Timmo Teras.
2008-06-18 07:04:22 +00:00
mgrooms
7598372e37
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
2008-06-18 06:47:25 +00:00
mgrooms
2c40396f3a
Use utility functions to evaluate or manipulate network port values. No
...
functional changes. Submitted by Timmo Teras.
2008-06-18 06:47:24 +00:00
mgrooms
7dac642960
Admin port code cleanup. No functional changes. Submitted by Timo Teras.
2008-06-18 06:27:49 +00:00
mgrooms
18fc645e9a
Admin port code cleanup. No functional changes. Submitted by Timmo Teras.
2008-06-18 06:27:48 +00:00
mgrooms
9345b05cc4
Correct a phase2 status event. Submitted by Timo Teras.
2008-06-18 06:11:38 +00:00
mgrooms
b163716d45
Correct a phase2 status event. Submitted by Timmo Teras.
2008-06-18 06:11:37 +00:00
tls
f5792c6ee8
Apply patch from Darryl Miles which adjusts SSL_shutdown's behavior for
...
non-blocking BIOs so that it is sane -- so that, in other words, -1 with
a meaningful library error code (WANT_READ or WANT_WRITE) is returned
when we would block for I/O. Without this change, you have to sleep or
spin -- you can't know how to put the underlying socket in your select
or poll set.
Patch from http://marc.info/?l=openssl-dev&m=115154030723033&w=2 and
rationale at http://marc.info/?l=openssl-dev&m=115153998821797&w=2 where
sadly they were overlooked by the OpenSSL team for some time. It is hoped
that now that we've brought this change to their attention they will
integrate it into their sources and we can lose the local change in
NetBSD.
2008-06-10 19:45:00 +00:00
tonnerre
31197b7671
Fix two Denial of Service vulnerabilities in OpenSSL:
...
- Fix flaw if server key exchange message is omitted from a TLS handshake
which could lead to a silent crash.
- Fix double free in TLS server name extensions which could lead to a
remote crash.
Fixes CVE-2008-1672.
2008-06-05 15:30:10 +00:00
christos
90318d80f4
PR/38728: Tomoyuki Okazaki: Enable Camellia
2008-05-26 16:39:45 +00:00
christos
a41e5a83be
Add coverity alloc comment.
2008-05-24 20:07:00 +00:00
christos
cfb67f710f
add a coverity alloc comment.
2008-05-24 20:05:52 +00:00