Eric,
On Tue, Sep 10, 2019 at 05:38:30PM +0200, Eric Faurot wrote:
> On Fri, Sep 06, 2019 at 08:41:21AM +0200, Eric Faurot wrote:
> > Hi,
> >
> > This patch adds the missing bits for verifying the server certificate
> > in smtp(1).
>
> Take two: now check the name(s) of the server certificate.
this makes it easier to call at least.
it also brings it in line with bpf_tap_hdr. otherwise there's no
functional change.
ok?
Index: sys/net/bpf.c
===
RCS file: /cvs/src/sys/net/bpf.c,v
retrieving revision 1.177
diff -u -p -r1.177
Hi Stefan,
* Stefan Sperling wrote:
>
> I think I see why. I forgot to convert some existing ieee80211_input()
> calls to ieee80211_inputm(), in ieee80211_input.c.
> These calls are related to buffered aggregated frames, so aggregated
> frames triggered multiple if_input() calls per interrupt
On Tue, Sep 10, 2019 at 07:08:14PM +0200, Matthias Schmidt wrote:
> Hi Stefan,
>
> * Stefan Sperling wrote:
> >
> > New diff with above changes:
>
> I tested your new diff with two different systems:
>
> * Thinkpad T450s with iwm (8265, same as yesterday)
> * Thinkpad X220 with iwn (6205)
>
>
On Tue, Sep 10, 2019 at 06:12:12PM +0100, Stuart Henderson wrote:
> > + if (!SSL_CTX_load_verify_locations(ssl_ctx, "/etc/ssl/cert.pem", NULL))
>
> shouldn't that use X509_get_default_cert_file()?
Yes, that looks better.
Updated locally.
Eric.
> + if (!SSL_CTX_load_verify_locations(ssl_ctx, "/etc/ssl/cert.pem", NULL))
shouldn't that use X509_get_default_cert_file()?
Hi Stefan,
* Stefan Sperling wrote:
>
> New diff with above changes:
I tested your new diff with two different systems:
* Thinkpad T450s with iwm (8265, same as yesterday)
* Thinkpad X220 with iwn (6205)
and on both systems I see a drastic regression compared to yesterday's
patch. The
On Fri, Sep 06, 2019 at 08:41:21AM +0200, Eric Faurot wrote:
> Hi,
>
> This patch adds the missing bits for verifying the server certificate
> in smtp(1).
Take two: now check the name(s) of the server certificate.
I borrowed code from libtls for now. This will be cleaned up when the
daemon is
On Tue, 10 Sep 2019 12:59:51 +0200, Solene Rapenne wrote:
> I looked at /etc/examples/sysctl.conf on an amd64 system and found 2
> things:
>
> - file refers to sysctl(3) and sysctl(8). sysctl(3) doesn't exists but
> sysctl(2) exists, I think we want a 2
Yes, sysctl(3) was renamed to sysctl(2)
On Mon, Sep 09, 2019 at 06:17:34PM -0300, Martin Pieuchot wrote:
> On 09/09/19(Mon) 16:37, Stefan Sperling wrote:
> > On Mon, Sep 09, 2019 at 03:10:04PM +0200, Stefan Sperling wrote:
> > > The wifi stack currently calls if_input once per packet instead of once
> > > per interrupt. To make the wifi
Hi
I looked at /etc/examples/sysctl.conf on an amd64 system and found 2
things:
- file refers to sysctl(3) and sysctl(8). sysctl(3) doesn't exists but
sysctl(2) exists, I think we want a 2
Index: sysctl.conf
===
RCS file:
On 2019/09/10 10:21, Renaud Allard wrote:
> Hello,
>
> I saw the subject over disabling by default DoH on firefox, which is a great
> idea.
> But in the same vein, shouldn't we enable qname-minimisation in unbound by
> default?
>
> Regards
>
That has been the default since unbound 1.7.3 in
Hello,
I saw the subject over disabling by default DoH on firefox, which is a
great idea.
But in the same vein, shouldn't we enable qname-minimisation in unbound
by default?
Regards
smime.p7s
Description: S/MIME Cryptographic Signature
13 matches
Mail list logo