Commits
- Commit:
1ef09e6313e6a7656899f1ce5a98bddb16498934
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add -Wpointer-sign to the mix
It's not present in -W -Wall -Wextra on OpenBSD but it is enabled
on other systems.
- Commit:
b8d68fc8e49b3eeac2ba3106e9694ef463a646e1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fixes for -Wpointer-sign
- Commit:
d1739e3f03a014fa9baded61a49eeb49293c751f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
cast uint64_t to unsigned long long
- Commit:
ec96a0ad3b80dd46a4d68359807c0c09560100cb
- From:
- Omar Polo <op@omarpolo.com>
- Date:
work around different signature for ecdsae_compute_key
- Commit:
86693a33abd5e8c31530adb3045c9f4664d4d6c9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a privsep crypto engine
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.
This currently compiles only on LibreSSL (portable fix is in the
way).
- Commit:
f81a97b3569478a36e5cbe95229efd1b831b7a7b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
drop useless debug statement
- Commit:
725457a9e46a773f0fd5e18c9cf0f00b2347dcaf
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move setproctitle/privsep_process earlier
We don't always do privilege dropping (as we may start as unprivileged
user), so set these two beforehand so when we skip privdrop we don't
miss to set privsep_process and set the process' title.
- Commit:
4ad573d0d5675212b0b5719a0a5c1de22974dd0e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rework load_file to use pread()
avoids issues since the same file is sent to multiple processes
after being dup()'ed. Since these files are meant to be regular
files, I don't expect short reads.
- Commit:
1a99859b357957715fb62ced6ddef871ca9ab3a0
- From:
- Omar Polo <op@omarpolo.com>
- Date:
adjust how locations are received
- Commit:
15e60fdf0c1dadf79b319635c4b6fe6786f1d3d4
- From:
- Omar Polo <op@omarpolo.com>
- Date:
simplify ocsp sending using config_send_file
while here add an explicit flush to avoid a fd rampage.
- Commit:
2e880a57f8bd6f9e8b10f9fbdb9feea35523226d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
change config_send_file to take the process id as argument
i.e. not hardcode PROC_SERVER
- Commit:
892f3a5cf80f2aa3d5d2745396bf3c52c418c435
- From:
- Omar Polo <op@omarpolo.com>
- Date:
gencert: use secp384r1
prime256v1 should be perfectly fine for all I understand, but
OpenBSD' acme-client uses secp384r1 and who am I to disagree :)
- Commit:
7fff8aa6cb567a62113d9877af5bcb5bb4494111
- From:
- Omar Polo <op@omarpolo.com>
- Date:
parse the config file only once
Don't have all the processes read gmid.conf. The parent needs to do
that, and the will send the config to the children (already
happening.) The other processes were reading the config anyway to
figure out the user and the chroot (if enabled); make the parent pass
additional flag to propagate that info.
We dissociate a bit from the "usual" proc.c but it's a change worth
having.
- Commit:
5af19830c3bbec71b3db5c2c19335e5e0c7ff76f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move print_conf and make it take the config as argument
- Commit:
792f302acee3122ed0f9469d8676dbb271f60849
- From:
- Omar Polo <op@omarpolo.com>
- Date:
use fatal/fatalx instead of err/errx in daemon code