This maps to bugzilla bug 83: http://bugzilla.adiscon.com/show_bug.cgi?id=83
This is the first test version, posted to user for repro of the problem.
It contains code to handle the case, HOWEVER, I have not been able to test it
in a scenario where a retry actually happens while receiving (I dont't get this
in my environment). So I assume it is buggy and will probably not work.
It is now iRet based. This enables us to communicate
more in-depth information to the upper peers. This is needed
to handle the EGAIN case on rcv (not yet implemented)
This is a debug aid, only. Note that it may reveal sensitive
information, so it should never be active in production code.
Currently, this is a compile-time switch and requires code changes
to (de)activate.
... in gnutls code, resulting in some hard too
understand error messages. Also genereally improved certificate
error messages a bit.
Also, added GnuTLS debugging support.
The TLS server now checks the client fingerprint. This works, but
is highly experimental. Needs to be refined for practice. Also:
- implemented permittedPeers helper construct to store names
- changed omfwd implementation to use new permittedPeers
- made action logic pass optional auth params only if they are
actually configured
- added new authMode and Fingerprint methods to ptcp netstream
driver (keeping them once again generic)
- added diagnostics messages when invalid auth modes were
configured
This is very experimental and needs some more work. It probably even
segfaults - but the base code is there and running. The rest is
refinement.
While working on this, I did these two bugfixes:
- bugfix: small mem leak in omfwd on exit (strmdriver name was not freed)
- bugfix: $ActionSendStreamDriver had no effect
- bugfix: TCP input modules did incorrectly set fromhost property
(always blank)
- bugfix: imklog did not set fromhost property
- added "fromhost-ip" property
- added "RSYSLOG_DebugFormat" canned template
- bugfix: hostname and fromhost were swapped when a persisted message
(in queued mode) was read in
there were a couple of things where imgssapi was not compatible
with the new encapsulation. I did a somewhat dirty fix. The real
solution would be to turn gssapi functionality into a netstream
driver, which is too much for now (after all, we want to release
some time AND we need to have the code mature in practice
before we go for the next target...).
the new structure prevents repetitive loads and unloads of
driver files; it also has less overhead
The "select" and regular driver are now contained in a single
file.
