Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Wait for POLLIN to do client tls_handshake | June McEnroe | 2020-11-13 |
| | | | | | | | | | | | Otherwise a client could cause pounce to hang (since the sockets are left blocking) by opening a connection without handshaking! Oops, that's pretty bad. Since the sockets are still blocking, a hang can still be caused by a client sending a partial handshake then waiting. More fixes to follow. pounce is slightly protected from this when used with calico, as it applies a timeout to waiting for the ClientHello. | ||
* | Use a fixed size pollfd array in calico | June McEnroe | 2020-11-13 |
| | | | | | My thinking here is that it's better to not allocate in response to incoming connections. This also just makes the code a little simpler. | ||
* | Disallow / anywhere in server name | June McEnroe | 2020-11-13 |
| | |||
* | Check bounds of ClientHello extensions length | June McEnroe | 2020-11-12 |
| | |||
* | Report paths in unveil errors | June McEnroe | 2020-11-10 |
| | |||
* | contrib/palaver: Use open_memstream instead of fmemopen | June McEnroe | 2020-10-24 |
| | | | | | Somehow I never knew about this function. Much better than fmemopen with mode "w". | ||
* | Handle signals before the main loop | June McEnroe | 2020-10-11 |
| | | | | This is a long-standing issue I ignored. | ||
* | Fix possibliy uninitialized error 2.0 | June McEnroe | 2020-09-09 |
| | | | | It won't be, but gcc thinks it might. | ||
* | Refactor reserialization and client self-producing | June McEnroe | 2020-08-31 |
| | |||
* | Add chmod+chown to certbot example | June McEnroe | 2020-08-30 |
| | |||
* | Rearrange bounce.c, move non-main mains below main | June McEnroe | 2020-08-30 |
| | |||
* | Sandbox pounce with unveil(2) | June McEnroe | 2020-08-30 |
| | |||
* | Refactor certificate loading and load all certs from config paths | June McEnroe | 2020-08-28 |
| | |||
* | Sandbox pounce with pledge(2) | June McEnroe | 2020-08-27 |
| | | | | | unveil(2) is a bit complicated to apply to this, I'll have to think about it more. | ||
* | Sandbox calico with pledge(2) and unveil(2) | June McEnroe | 2020-08-27 |
| | |||
* | Add support for OpenBSD | June McEnroe | 2020-08-27 |
| | |||
* | Remove rc scripts | June McEnroe | 2020-08-27 |
| | |||
* | contrib/palaver: Fix documented database path | June McEnroe | 2020-08-27 |
| | |||
* | contrib/palaver: Remove rc script | June McEnroe | 2020-08-27 |
| | |||
* | contrib/palaver: Fix database search and creation | June McEnroe | 2020-08-27 |
| | |||
* | contrib/palaver: Use pounce's XDG directory | June McEnroe | 2020-08-27 |
| | |||
* | contrib/palaver: Only allow HTTPS | June McEnroe | 2020-08-27 |
| | |||
* | Support the pounce_env rc variable | June McEnroe | 2020-08-25 |
| | |||
* | Remove deprecated option names | June McEnroe | 2020-08-25 |
| | | | | The next release will be 2.0 so these can be removed now. | ||
* | Document configuration and data file search | June McEnroe | 2020-08-25 |
| | |||
* | Use dataOpen for save file | June McEnroe | 2020-08-24 |
| | |||
* | Use configOpen to load localCA | June McEnroe | 2020-08-24 |
| | |||
* | Use configPath to load client cert/priv | June McEnroe | 2020-08-24 |
| | |||
* | Use configOpen in getopt_config | June McEnroe | 2020-08-24 |
| | |||
* | Import xdg.c from catgirl | June McEnroe | 2020-08-24 |
| | |||
* | Replace “RAND_bytes” by “getentropy” | Issam E. Maghni | 2020-08-23 |
| | | | | | | This removes the dependency on libcrypto. Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org> | ||
* | contrib/palaver: Add no message preview flags | June McEnroe | 2020-08-16 |
| | |||
* | contrib/palaver: Don't set channel for PMs | June McEnroe | 2020-08-13 |
| | |||
* | Fix unintended interception of NICK after registration | June McEnroe | 2020-08-13 |
| | | | | Another bug caused by trying to support broken clients. I'm annoyed. | ||
* | Add Additional Components section to README | June McEnroe | 2020-08-12 |
| | |||
* | Document -L / palaver option | June McEnroe | 2020-08-12 |
| | |||
* | contrib/palaver: Document service configuration | June McEnroe | 2020-08-11 |
| | |||
* | contrib/palaver: Add install target and rc script | June McEnroe | 2020-08-11 |
| | |||
* | contrib/palaver: Implement command and notifications | June McEnroe | 2020-08-11 |
| | | | | | | | | | | Squashed commit: Ignore messages older than a minute If pounce-palaver has been down for a time and pounce is sending it a huge buffer, it shouldn't send a notification for everything in the buffer. | ||
* | contrib/palaver: Add prospective manual page | June McEnroe | 2020-08-11 |
| | |||
* | contrib/palaver: Add configure script | June McEnroe | 2020-08-11 |
| | |||
* | Implement stub of palaverapp.com capability | June McEnroe | 2020-08-11 |
| | | | | | | This needs to be documented! But the documentation won't make any sense until there's something that can implement the actual functionality of the capability. | ||
* | Refactor intercept to use Handlers and fix QUIT w/o message 1.4p1 | June McEnroe | 2020-08-10 |
| | | | | | | The change to support broken clients with bad line endings broke the interception of QUIT with no message parameter, because the CR is part of the length passed to intercept. | ||
* | Refactor clientCA and clientSTS as clientCaps | June McEnroe | 2020-08-10 |
| | |||
* | Use system libcrypto and openssl bin on FreeBSD 1.4 | June McEnroe | 2020-08-06 |
| | |||
* | Say "OpenSSL" in additional permission notices | June McEnroe | 2020-08-06 |
| | | | | LibreSSL is "a modified version of that library". | ||
* | Mention LibreTLS in README | June McEnroe | 2020-08-06 |
| | |||
* | Handle broken clients sending only \n | June McEnroe | 2020-08-06 |
| | | | | | Sigh. The robustness principle enables the proliferation of worse quality software. | ||
* | Document concatenating client certificates for auth | June McEnroe | 2020-08-01 |
| | | | | | This is actually the better approach since certificates can easily be removed from the file. | ||
* | Fix signing certificates with -A and -g | June McEnroe | 2020-08-01 |
| | | | | | Always generate a certificate request and pipe it to be signed, either by the CA or by itself. |