The TLS server now checks the client fingerprint. This works, but
is highly experimental. Needs to be refined for practice. Also:
- implemented permittedPeers helper construct to store names
- changed omfwd implementation to use new permittedPeers
This is very experimental and needs some more work. It probably even
segfaults - but the base code is there and running. The rest is
refinement.
While working on this, I did these two bugfixes:
- bugfix: small mem leak in omfwd on exit (strmdriver name was not freed)
- bugfix: $ActionSendStreamDriver had no effect
there were a couple of things where imgssapi was not compatible
with the new encapsulation. I did a somewhat dirty fix. The real
solution would be to turn gssapi functionality into a netstream
driver, which is too much for now (after all, we want to release
some time AND we need to have the code mature in practice
before we go for the next target...).
... at least in some cases ;) I assume there are still a couple
of bugs inside the code. But at least we have something from
where we can continue to work on.
The objects for receiver-side socket abstraction have now be
specified. The project as whole does not yet compile and
definitely not run, but I'd like to commit some milestones along
this way.
