rsyslog/rsyslog
1
0
Fork 0
mirror of https://github.com/rsyslog/rsyslog.git synced 2025-12-19 23:10:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,817 Commits 67 Branches 505 Tags
Commit Graph

1817 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rainer Gerhards
cd2cee6de2 Merge branch 'ietf-tls' 2008-05-27 14:51:04 +02:00
Rainer Gerhards
531f27a8c3 implemented wildcards inside certificate name check authentication 2008-05-27 14:49:45 +02:00
Rainer Gerhards
ae387d6900 client now provides cert even if it is not signed by one of the server's trusted CAs (gtls) 2008-05-27 09:46:30 +02:00
Rainer Gerhards
331a644202 protected gtls error string function by a mutex. 
Without it, we could have a race condition in extreme cases.
This was very remote, but now can no longer happen.
 2008-05-26 15:49:32 +02:00
Rainer Gerhards
fce6ddc99f fixed fingerprint generator 
fixed problem introduced earlier today
 2008-05-26 15:31:41 +02:00
Rainer Gerhards
7918bbe7fc fixed wrong cert expiration date check 2008-05-26 15:11:00 +02:00
Rainer Gerhards
bc5eb93e40 added certificate validity date check (gtls) 2008-05-26 14:47:36 +02:00
Rainer Gerhards
b674dd69bd added gtls name authentication based on common name (inside DN) 
also changed fingerprint gtls auth mode to new format fingerprint
 2008-05-26 12:53:49 +02:00
Rainer Gerhards
7b604269c7 added capability to auto-configure tls auth rule for client connecting to server 
must match hostname in send action
 2008-05-26 11:01:42 +02:00
Rainer Gerhards
f31a0537c6 improved gtls error reporting 2008-05-26 10:15:49 +02:00
Rainer Gerhards
3b5c252784 checking if client provided a cert and complain if not 2008-05-23 11:39:37 +02:00
Rainer Gerhards
b4baf2bda0 updated TLS documentation with HOWTO on certificate generation 2008-05-23 11:28:31 +02:00
Rainer Gerhards
492fb2ffe2 changed config directive name to reflect different use 
$ActionSendStreamDriverCertFingerprint is now
$ActionSendStreamDriverPermittedPeer and can be used both for
fingerprint and name authentication (similar to the input side)
 2008-05-22 18:58:04 +02:00
Rainer Gerhards
57b2032235 added x509/name authentication (so far based on dnsName only) 2008-05-22 18:48:09 +02:00
Rainer Gerhards
0b2e858a42 added code to pull the subjectAltName - dNSName 2008-05-21 18:18:20 +02:00
Rainer Gerhards
8c927a854e fixed invalid prototype 2008-05-21 18:04:54 +02:00
Rainer Gerhards
76877065f6 bugfix: sender information (fromhost et al) was missing in imudp 
thanks to sandiso for reporting this bug
 2008-05-21 17:37:58 +02:00
Rainer Gerhards
d25586126f Merge branch 'beta' 
Conflicts:

	ChangeLog
 2008-05-21 16:55:11 +02:00
Rainer Gerhards
8f53b0f4d5 bugfix: imklog went into an endless loop if a PRI value was inside 
a kernel log message

This is an unusual case under Linux, and a frequent one under BSD
 2008-05-21 16:53:57 +02:00
Rainer Gerhards
68a2c3d512 implemented x509/certvalid "authentication" 2008-05-21 14:59:24 +02:00
Rainer Gerhards
297384275f bumping version number 2008-05-21 12:46:07 +02:00
Rainer Gerhards
d7ae85c4ed finalizing v3.19.3 v3.19.3 2008-05-21 12:44:43 +02:00
Rainer Gerhards
ff446070be Merge branch 'ietf-tls' 
Conflicts:

	ChangeLog
 2008-05-21 12:23:41 +02:00
Tiziano Mueller
275595cdf8 bugfix: missing linker options caused build to fail on some systems. 
Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
 2008-05-21 12:19:38 +02:00
varmojfekoj
6e97513eea bugfix: default syslog port was no longer used if none was configured. 
Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
 2008-05-21 12:08:23 +02:00
Rainer Gerhards
8cb6ec4cee added some forgotten doc 2008-05-21 11:45:40 +02:00
Rainer Gerhards
350f28efd9 added new transport auth methods to doc set 2008-05-21 11:41:15 +02:00
Rainer Gerhards
cb8188da16 re-enabled anon mode (failed if client did not provide cert) 2008-05-21 11:04:01 +02:00
Rainer Gerhards
2b90fa41fd changed default GnuTLS key material to more reasonable values 
We now also provide everything to sign with a common CA.
NOTE: none of this is for production use!
 2008-05-20 15:13:17 +02:00
Rainer Gerhards
85b587f93d first implementation of TLS server client authentication check 
The TLS server now checks the client fingerprint. This works, but
is highly experimental. Needs to be refined for practice. Also:
- implemented permittedPeers helper construct to store names
- changed omfwd implementation to use new permittedPeers
 2008-05-19 18:52:44 +02:00
Rainer Gerhards
48684ceac5 improved error messages and corrected fingerprint format 2008-05-19 09:43:37 +02:00
Rainer Gerhards
edf41396ef regained netstream driver genericity; improved drivers 
- made action logic pass optional auth params only if they are
  actually configured
- added new authMode and Fingerprint methods to ptcp netstream
  driver (keeping them once again generic)
- added diagnostics messages when invalid auth modes were
  configured
 2008-05-17 11:19:12 +02:00
Rainer Gerhards
6ea98ec5ff added first rough ability to authenticate the server against its certificate 
This is very experimental and needs some more work. It probably even
segfaults - but the base code is there and running. The rest is
refinement.

While working on this, I did these two bugfixes:
- bugfix: small mem leak in omfwd on exit (strmdriver name was not freed)
- bugfix: $ActionSendStreamDriver had no effect
 2008-05-16 18:26:25 +02:00
Rainer Gerhards
e59b833743 added some more info to project status page 2008-05-16 15:17:05 +02:00
Rainer Gerhards
29ebd4ab3e Merge branch 'master' into ietf-tls 2008-05-16 15:11:24 +02:00
Rainer Gerhards
dfb1f20ce7 bumped version number 2008-05-16 15:11:14 +02:00
Rainer Gerhards
7b69ee0ff8 removed references to deleted files v3.19.2 2008-05-16 15:05:07 +02:00
Rainer Gerhards
770b709654 fixed potential uninitialzed var access (highly improbable) 2008-05-16 14:53:12 +02:00
Rainer Gerhards
c70d3cec69 preparing for 3.19.2 2008-05-16 14:46:03 +02:00
Rainer Gerhards
ed96dda644 Merge branch 'beta' 
Conflicts:

	ChangeLog
	rfc3195d.c
 2008-05-16 13:46:09 +02:00
Rainer Gerhards
09a3d4ef12 Merge branch 'v3-stable' into beta 2008-05-16 13:40:53 +02:00
Rainer Gerhards
09afe64f29 added fromhost-ip properties and some bugfixes 
- bugfix: TCP input modules did incorrectly set fromhost property
  (always blank)
- bugfix: imklog did not set fromhost property
- added "fromhost-ip" property
- added "RSYSLOG_DebugFormat" canned template
- bugfix: hostname and fromhost were swapped when a persisted message
  (in queued mode) was read in
 2008-05-16 13:36:41 +02:00
Rainer Gerhards
ffa17a25d2 client provides x.509 and server prints fingerprint 2008-05-15 16:58:25 +02:00
Rainer Gerhards
a58ad72051 bumped version number 2008-05-15 15:42:52 +02:00
Rainer Gerhards
07b447fcba Merge branch 'v2-stable' into v3-stable 
Conflicts:

	ChangeLog
	configure.ac
 2008-05-15 14:18:18 +02:00
Rainer Gerhards
5674b8ef46 bumped version number 2008-05-15 12:40:48 +02:00
Rainer Gerhards
3daa227bdd finalizing 2.0.5 release v2.0.5 2008-05-15 12:38:35 +02:00
Rainer Gerhards
e623b1a06b added TODO item 2008-05-15 11:57:18 +02:00
Rainer Gerhards
d8b191a1f3 bugfix: TLS server went into an endless loop in some situations. 
Thanks to Michael Biebl for reporting the problem.
 2008-05-15 07:58:01 +02:00
Rainer Gerhards
ce0569ec3e ugfix: lmtcpclt, lmtcpsrv and lmgssutil did all link to the static runtime library, 
resulting in a large size increase (and potential "interesting"
effects). Thanks to Michael Biebel for reporting the size issue.
 2008-05-14 18:52:53 +02:00