Re: httpd/libtls: TLS client certificate revocation checking

On Fri, Mar 31, 2017 at 01:03:44PM -0700, William Ahern wrote: > Basically, anything short of passing through the entire certificate is going > to be severely limiting and frustrating, to the point of uselessness. Passing down the common name is normally enough, but not doing that makes it nearly

Re: httpd/libtls: TLS client certificate revocation checking

On Thu, Mar 30, 2017 at 10:31:06PM +1030, Jack Burton wrote: > Personally, I'm leaning towards either local CRL file checking in > httpd (with minimal changes to libtls), or passing through enough data > to the let the fastcgi responders take whichever approach they want. In all my experience

umass: Enable KASSERTs

Since the dawn of umass(4) in OpenBSD, KASSERTs have been disabled in the driver. These were ported from NetBSD, but never enabled. I think it is a good idea to have them to spot potential coding mistakes. While there, convert some KASSERTs to CTASSERTs that can be catched during compile-time.

Re: sync root.mail

On Thu, Mar 30, 2017 at 09:00:41PM +0200, Jeremie Courreges-Anglas wrote: > Marc Espie writes: > > > On Wed, Mar 29, 2017 at 09:40:32PM +0200, Christian Weisgerber wrote: > >> Antoine Jacoutot: > >> > >> > Why not just: > >> > > >> > # pkg_add -v rsync chromium emacs--no_x11 >

cdce(4): replace CRC32 function with common ether_crc32_le

Hi, This patch removes the CRC32 function from the driver and uses the common function ether_crc32_le. Maybe worth noting is that by testing in userspace using gcc -O0 the specific cdce(4) CRC32 function is about twice as fast as ether_crc32_le. Apart from this no functional change is intended.

Re: usermod.8 patch

Am 31.03.2017 15:39 schrieb Jeremie Courreges-Anglas: I think the current wording is fine; no need for an option to set _default_ values. options are good - as long as they're optional --art -- pb

Re: usermod.8 patch

Sent from my iPhone > On Mar 31, 2017, at 8:44 AM, Matthew Martin wrote: > >> On Fri, Mar 31, 2017 at 08:03:44AM -0500, Edgar Pettijohn wrote: >> usermod(8) doesn't have an option for setting defaults. Here is a patch to >> correct the manual. > > I believe it's referring

Re: usermod.8 patch

On Fri, Mar 31, 2017 at 08:03:44AM -0500, Edgar Pettijohn wrote: > usermod(8) doesn't have an option for setting defaults. Here is a patch to > correct the manual. I believe it's referring to user.c read_defaults which calls setdefaults before reading the defaults.

Re: usermod.8 patch

Edgar Pettijohn writes: > usermod(8) doesn't have an option for setting defaults. Here is a patch > to correct the manual. I think the current wording is fine; no need for an option to set _default_ values. > Index: usermod.8 >

usermod.8 patch

usermod(8) doesn't have an option for setting defaults. Here is a patch to correct the manual. Index: usermod.8 === RCS file: /cvs/src/usr.sbin/user/usermod.8,v retrieving revision 1.35 diff -u -p -u -r1.35 usermod.8 --- usermod.8

Another arm64 pmap cleanup diff

On ARMv8, the translation table walk is fully coherent so there is no reason to explicitly flush the cache before invalidating the TLB. The barrier that is included in out TLB flushing code should be enough to guarantee that the TLB walking hardware sees the updated page table contents, so the

usage() in chpass(1)

Hi, The following patch makes chpass(1) fail even faster when the wrong options are provided and usage() would be printed. In other words, no point accessing environment variables before checking result of getopt(). - Michael Index: chpass.c

Re: httpd: proposed patch to add TLS client certificate support

On Thu, 30 Mar 2017 21:47:34 +0200 Jan Klemkow wrote: > I'm not a developer (just a contributor), but I worked on httpd client > certs a year ago, too. (https://marc.info/?t=14528592613=1=2) Interesting. Thanks Jan, I hadn't seen your earlier diffs before (my fault --