summary refs log tree commit diff
path: root/local.c (follow)
Commit message (Collapse)AuthorAge
* Load and reload local certificates like normalJune McEnroe2021-10-05
|
* Delete local-path socket like normalJune McEnroe2021-10-05
|
* FreeBSD: Remove capsicum supportJune McEnroe2021-10-05
| | | | | capsicum is too impractical and removing it will allow much more straightforward code.
* Remove TCP keepalive settingsJune McEnroe2021-10-03
| | | | | | | | | | | | | | | TCP keepalives were originally enabled to solve the problem of client connections staying idle for long periods of time, due to pounce not relaying PINGs from the server. Long-idle TCP connections are likely to be dropped by NAT routers, causing timeouts. Unfortunately, the TCP_KEEPIDLE socket option is not available on OpenBSD, so this was useless for pounce running there. The default timeout before sending keepalives is 2 hours, which is far longer than the timeout used by NAT routers, which seems to be 30 minutes. Now that pounce sends its own PINGs to idle clients approximately every 15 minutes, these TCP keepalive settings are unnecessary.
* Don't create new tls_server(3), just reconfigureJune McEnroe2021-08-21
|
* Zero local-key memory before freeing itJune McEnroe2021-08-21
|
* Unlink existing UNIX socket if it can't be connected to 2.1June McEnroe2020-11-23
| | | | | | I think this emulates SO_REUSEADDR, which for some reason doesn't work on PF_UNIX. If the socket exists, check if connect(2) works, rather than clobbering the socket being used by a still-running instance.
* Swap localAccept parameter orderJune McEnroe2020-11-14
|
* Add support for OpenBSDJune McEnroe2020-08-27
|
* Say "OpenSSL" in additional permission noticesJune McEnroe2020-08-06
| | | | LibreSSL is "a modified version of that library".
* Remove compat.hJune McEnroe2020-08-01
|
* Use snprintf instead of strlcpyJune McEnroe2020-07-31
|
* Add additional permission for linking with LibreSSLJune McEnroe2020-06-08
| | | | https://www.gnu.org/licenses/gpl-faq.en.html#GPLIncompatibleLibs
* Don't bother setting SO_NOSIGPIPEJune McEnroe2020-05-18
| | | | We need to ignore SIGPIPE anyway for other platforms.
* Enable TCP keepalive with half-hour idleJune McEnroe2020-05-18
| | | | | | Since we swallow IRC PINGs, a client connection can go hours idle on a quiet network. On my home internet, at least, these connections seem to get silently dropped.
* Do not crash on error from acceptJune McEnroe2020-04-02
|
* Add option to set local client CAJune McEnroe2020-01-12
| | | | | | | | | This is a little bit messy. Allows setting either -A or -W or both. Implements SASL EXTERNAL for clients that expect that when connecting with a client certificate. Need to test that reloading still works inside capsicum, since I suspect that rewind call may be blocked.
* Avoid a couple VLAs with constant sizeMichael Forney2019-11-20
| | | | These are really just regular arrays masquerading as VLAs.
* Use strlcpy for sun_pathsJune McEnroe2019-11-20
| | | | | | | | | | | | My understanding is that sun_path need not be nul-terminated, but I didn't notice that SUN_LEN actually requires it. > The length of UNIX-domain address, required by bind(2) and connect(2), > can be calculated by the macro SUN_LEN() defined in <sys/un.h>. The > sun_path field must be terminated by a NUL character to be used with > SUN_LEN(), but the terminating NUL is not part of the address. Thanks to Duncan Overbruck <mail@duncano.de> for the report.
* Rename listen to localJune McEnroe2019-11-10