log ip address and port when tls_handshake fails These connection are not otherwise logged and it could be helpful to track down the bad ip.

tweak log_request() comment gg -> gemexp and better wording.

don't let crypto_dispatch_server handle IMSG_CRYPTO_ECDSA_SIGN in this codepath. otherwise we end up with a mismatch where we expect a request but were sent a response.

pre-increment reqid otherwise we send the request id N and expect to receive N+1

typo; was filling the wrong iov_len...

plug a leak all other rules are freeing the value of `listen_addr'

fix automatic guessing of `listen on' default_host needs to be NULL for getaddrinfo(3) to listen on everything.

ignore some errors from socket(2) There's no much we can do if we resolv an IPv6 address but its support is disabled in the current kernel, so ignore and go ahead. Spotted while testing gmid i n a FreeBSD jail without IPv6.

we're in public alpha right now!

remove configure.local{,.example} unused, un-updated and ignored for quite some time now.

tweak readme

don't leave HAVE_GETENTROPY undefined

resurrect openlog() + tzset() in the logger They're not needed on OpenBSD nor in other systems... except under sandbox. These were added for capsicum() if I remember correctly, but also with landlock it's better to initialize these things earlier.

resurrect landlock support this time targetting ABI level 3; partially based on how claudio@ handled it in rpki-client. Fun how this bit of code has come full circle (gmid inspired what I wrote for got, which inspired what was written for rpki-client, which has come back.)

fix build of regress