summaryrefslogtreecommitdiff
path: root/ChangeLog
Commit message (Collapse)AuthorAgeFilesLines
* Ready for radsecproxy-1.6.9.radsecproxy-1.6.9maint-1.6Linus Nordberg2017-08-021-1/+1
|
* Don't follow the NULL pointer, not even in debug printouts.Linus Nordberg2017-08-021-0/+1
| | | | | | Bug reported by Leonhard Knauff. Closes RADSECPROXY-68.
* Use a listen(2) backlog of 128.Linus Nordberg2017-08-021-0/+3
| | | | | | | | | | | | | | | | | | | | There's a chance that incoming (legitimate) connections arrive faster than what it takes to spawn a new thread and get back to listen(). Therefore we should ask the stack to queue at least one entry, i.e. use a backlog value of at least 1. There's arguable also a chance of more than two concurrent incoming connections, which would make a case for a backlog value greater than one. A reasonable high value seems to be 128, which also is what SOMAXCONN is on many unix systems. In the choice between 1 and 128, an argument against the higher value is that it may mask the potential problem of spending a long time serving incoming connections. Being reasonably confident that radsecproxy is efficient when it comes to serving incoming connections, by handing them off to a newly spawned thread, I think that 128 is a fine choice. Closes RADSECPROXY-72.
* Update ChangeLog with -77.Linus Nordberg2017-08-021-0/+1
|
* Update ChangeLog.Linus Nordberg2017-08-011-0/+1
|
* add msg-id to debug log outputFabian Mauchle2017-08-011-0/+1
|
* create new cert_store before reloading CAs and CRLsFabian Mauchle2017-08-011-0/+4
| | | | | Conflicts: ChangeLog
* Revert partial fix for RADSECPROXY-69 (47ccc9f).Linus Nordberg2016-11-011-5/+0
| | | | This was potentially making things worse.
* Look at servers->dynamiclookuparg for deciding if a server is dynamic.Linus Nordberg2016-11-011-0/+5
| | | | | | | | | | The dynamiclookupcommand member of the _config_ of the server is being set to NULL when it's copied in confserver_cb(), resulting in dynamic discovery being done for realms that already have a server. Patch from Fabian Mauchle. Addresses RADSECPROXY-69.
* radsecproxy-1.6.8.radsecproxy-1.6.8Linus Nordberg2016-09-211-0/+5
|
* radsecproxy-1.6.7radsecproxy-1.6.7Linus Nordberg2016-03-141-1/+1
|
* Update ChangeLog for upcoming radsecproxy-1.6.7.Linus Nordberg2016-03-111-0/+8
|
* Install radsecproxy.conf.5 unconditionally.radsecproxy-1.6.6Linus Nordberg2015-01-191-0/+2
| | | | Keep regeneration of it dependent on configure finding docbook2x-man(1).
* radsecproxy-1.6.6Linus Nordberg2015-01-191-1/+1
|
* ChangeLog for the four security patches.Linus Nordberg2015-01-161-0/+4
| | | | | Conflicts: ChangeLog
* When CHAP-Password, copy Request Authenticator to CHAP-Challenge.Linus Nordberg2015-01-161-0/+2
| | | | | Conflicts: radmsg.h
* Have rewriteIn for servers use the correct config section.Linus Nordberg2015-01-141-0/+7
| | | | | Conflicts: ChangeLog
* radsecproxy-1.6.5.radsecproxy-1.6.5Linus Nordberg2013-09-061-1/+1
|
* Make a _copy_ of the attributes when copying them.Linus Nordberg2013-09-061-0/+5
| | | | | | Doh! Closes RADSECPROXY-53.
* Keep Proxy-State attributes in all replies to clients.Linus Nordberg2013-09-051-0/+5
| | | | Closes RADSECPROXY-52.
* radsecproxy-1.6.3radsecproxy-1.6.3Linus Nordberg2013-09-041-1/+1
|
* radsecproxy-1.6.3-rc0radsecproxy-1.6.3-rc0Linus Nordberg2013-09-021-1/+1
|
* Update ChangeLog with two older bug fixes.Linus Nordberg2013-09-021-0/+4
|
* Time out on TLS clients not closing the connection properly.Linus Nordberg2013-09-021-0/+2
| | | | Patch by Fabian Mauchle.
* When timing out while reading from a TLS server, shutdown the socket properly.Linus Nordberg2013-09-021-0/+2
| | | | | | | Also signal the "client writer" (clientwr()). Together, this should result in TLS connections being cleaned up properly. Patch by Fabian Mauchle.
* Don't free struct clsrvconf members rewritein and rewriteout.Linus Nordberg2013-09-021-0/+2
| | | | | | | They are pointers into static struct hash *rewriteconfs and should live forever. Patch by Fabian Mauchle.
* Update ChangeLog with the last three bug fixes/ehancements.Linus Nordberg2013-09-021-0/+11
| | | | | | | Also, in a lame attempt att giving credit for last commit where I failed at doing that: 4920ff44 is a patch from Fabian Mauchle.
* Update ChangeLog entry for 1.6.2 with correct CVE id.Linus Nordberg2013-09-021-1/+2
| | | | 1.6.2 is already released but correct ChangeLog info is good.
* Mention CVE number in ChangeLog.radsecproxy-1.6.2Linus Nordberg2012-10-251-2/+2
|
* radsecproxy-1.6.2Linus Nordberg2012-10-251-1/+1
|
* Don't mix up pre- and post-handshake verification of DTLS clients.Linus Nordberg2012-10-221-0/+6
| | | | | | | | | | | | | Commit db965c9b addressed TLS clients only. When verifying DTLS clients, don't consider config blocks with CA settings ('tls') which differ from the one used for verifying the certificate chain. Original issue reported and analysed by Ralf Paffrath. DTLS being vulnerable reported by Raphael Geisser. Addresses issue RADSECPROXY-43, CVE-2012-4523.
* Update ChangeLog with CVE id for RADSECPROXY-43.Linus Nordberg2012-10-181-1/+2
|
* radsecproxy-1.6.1Linus Nordberg2012-09-141-1/+1
|
* Don't mix up pre- and post-handshake verification of clients.Linus Nordberg2012-09-131-0/+10
| | | | | | | | | | When verifying clients, don't consider config blocks with CA settings ('tls') which differ from the one used for verifying the certificate chain. Reported by Ralf Paffrath. Reported and analysed by Ralf Paffrath. Addresses issue RADSECPROXY-43.
* Fix typo in ChangeLog.Linus Nordberg2012-08-131-1/+1
|
* radsecproxy-1.6.radsecproxy-1.6Linus Nordberg2012-04-271-1/+1
|
* radsecproxy-1.6-rc2.radsecproxy-1.6-rc2Linus Nordberg2012-04-271-1/+1
|
* radsecproxy-1.6-rc1.radsecproxy-1.6-rc1Linus Nordberg2012-04-261-1/+1
|
* Add configure option --enable-experimental-dyndisc.Linus Nordberg2012-04-261-2/+5
|
* Ready for radsecproxy-1.6-rc0.radsecproxy-1.6-rc0Linus Nordberg2012-04-171-7/+7
|
* Document the IPv4Only and IPv6Only options.Linus Nordberg2012-04-171-1/+3
| | | | RADSECPROXY-37.
* Use printf(1) instead of 'echo -e' in tools/ scripts.Linus Nordberg2012-04-161-1/+1
| | | | Closes RADSECPROXY-40.
* Add a note about the change of default place to look for radsecproxy.conf.Linus Nordberg2012-04-161-1/+6
|
* Correct changelog entry for RADSECPROXY-33.Linus Nordberg2012-04-161-1/+2
|
* Add a blurb on dynamic lookup in ChangeLog.Linus Nordberg2012-04-121-0/+3
|
* Add dynamic config updates to ChangeLog.Linus Nordberg2012-04-121-0/+4
|
* Make dynamic-resolve scripts in tools/ sort numerically.Linus Nordberg2012-04-121-1/+1
| | | | Spotted by Paul Dekkers. Closes RADSECPROXY-39.
* Minor ChangeLog changes.Linus Nordberg2012-04-121-2/+1
|
* Update ChangeLog.Linus Nordberg2012-04-111-2/+8
|
* Update date in ChangeLog.Linus Nordberg2012-04-111-1/+1
|
generated by cgit v1.1 at 2024-10-07 23:36:55 +0000