Up to [local] / src / usr.sbin / syslogd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.5 / (download) - annotate - [select for diffs], Fri Oct 9 16:58:25 2015 UTC (8 years, 8 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
HEAD
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)
If syslogd is started with -S, it accepts TLS connections to receive encrypted messages. The server certificates are taken from /etc/ssl like relayd does. OK benno@ beck@ deraadt@
Revision 1.4 / (download) - annotate - [select for diffs], Thu Sep 10 18:32:06 2015 UTC (8 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.3: +3 -4 lines
Diff to previous 1.3 (colored)
Convert syslogd TLS connect to use handshake callback. The bt_hostname can go away as the callback does not need the hostname anymore. Call tls_handshake() until successful. Remove the function tls_socket() as it has a bad prefix. Just call tls_client(), tls_configure() and tls_connect_socket() after the TCP socket has been created. There is no need to wait until TCP connect has finished. OK beck@ jsing@
Revision 1.3 / (download) - annotate - [select for diffs], Sat Jul 18 22:33:46 2015 UTC (8 years, 10 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.2: +1 -3 lines
Diff to previous 1.2 (colored)
As libtls previously did not set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, syslogd had to drop messages after tls_write() returned TLS_{READ,WRITE}_AGAIN. Now after libtls has been fixed, remove the workaround. Messages are stored in the libevent write buffer as we can safely do a realloc(3) now. OK reyk@
Revision 1.2 / (download) - annotate - [select for diffs], Fri Feb 20 00:56:32 2015 UTC (9 years, 3 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.1: +3 -1 lines
Diff to previous 1.1 (colored)
When syslogd is writing over TLS, the error "SSL3_WRITE_PENDING:bad write retry" may occur. Unfortunately libtls tls_write() has inherited the strange semantics regarding partial writes and buffer movement from SSL_write(). This will be investigated after unlock, the goal is to have the behavior of write(2) in libtls. For now add a workaround in syslogd. If tls_write() indicates that it needs a read or write again, stop modifying the output buffer. Instead drop and count the syslog messages. After writing over TLS was successful, continue to queue the messages. This solution has minimum inpact and will be improved after 5.7 release. discussed with tedu@ reyk@ jsing@; OK tedu@
Revision 1.1 / (download) - annotate - [select for diffs], Sun Jan 18 19:37:59 2015 UTC (9 years, 4 months ago) by bluhm
Branch: MAIN
Implement sending syslog messages over TLS. OK reyk@