Commits
- Commit:
b8d68fc8e49b3eeac2ba3106e9694ef463a646e1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fixes for -Wpointer-sign
- Commit:
86693a33abd5e8c31530adb3045c9f4664d4d6c9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a privsep crypto engine
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.
This currently compiles only on LibreSSL (portable fix is in the
way).
- Commit:
792f302acee3122ed0f9469d8676dbb271f60849
- From:
- Omar Polo <op@omarpolo.com>
- Date:
use fatal/fatalx instead of err/errx in daemon code
- Commit:
deadd9e1311204415754dcfa404bec4bf3cd557c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
readd proxy certs and `require client ca' support
Was temporarly disabled during the transition to real privsep.
While here, fix a memory leak when using `require client ca'.
Also, avoid leaking info about the parent address space layout to
server processes by not sending pointer values.
- Commit:
fc9cc497e075cf321fe0dcf4c6783e2eeb8b9d43
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move some new_* functions from parse.y to utils.c
- Commit:
e69e1151f696b01d1fe80570901d21bc78ed5ab1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
drop now unused dispatch_imsg
- Commit:
eae52ad493f582222b4f2b748c0043c42bb851cb
- From:
- Omar Polo <op@omarpolo.com>
- Date:
switch to the more usual log.c
- Commit:
281a8852b3a2d76c10d2fb6476a706746d05509b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rename log.[ch] to logger.[ch]
- Commit:
df5058c919cbd1538d0a04cb2a4c179c0291566f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
provide a more usual fatal
fatal usually appends the error string. Add 'fatalx' that doesn't.
Fix callers and move the prototypes to log.h
- Commit:
7b27af838898f379a9140ddbcb07313f937c2f69
- From:
- Omar Polo <op@omarpolo.com>
- Date:
log when the certificate was successfully generated
- Commit:
4842c72d9f3f45478cb641e15a3272e541fb8a18
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fmt
- Commit:
1eb3631d10e20f089be8f5bb7b81505a068813a4
- From:
- Omar Polo <op@omarpolo.com>
- Date:
certificate generation (bugfix and improvement)
don't add gmid as organisation when generating the certificate, and
set the version to 3, so it's compatible with java/android clients.
Found by Gnuserland, thanks!
- Commit:
b8e64ccd44290cdd34bdcd3fd85fb1a9cb7486dd
- From:
- Omar Polo <op@omarpolo.com>
- Date:
list instead of fixed-size array for vhosts and locations
saves some bytes of memory and removes the limit on the maximum number
of vhosts and location blocks.
- Commit:
bc99d868bc3745dcc65add06cd3f9b9ec3575cb5
- From:
- Omar Polo <op@omarpolo.com>
- Date:
refactoring: imsg everywhere
use imsg to handle ALL kinds of IPC in gmid. This simplifies and shorten the
code, and makes everything more uniform too.
- Commit:
5b6dc93c8ab63f36382ea02336b172a3632cab30
- From:
- Omar Polo <op@omarpolo.com>
- Date:
kill debug printf