Hi, sorry for being a moron.
I realize it’s already optional by not specifying client ca… sorry about the
noise!
> On Dec 16, 2021, at 9:35 PM, Brian Brombacher wrote:
>
> Hi, not to interrupt development …
>
> Can you make this completely optional from the servers perspective? I don’t
>
Hi, not to interrupt development …
Can you make this completely optional from the servers perspective? I don’t
want my endpoints validating anonymous client certificates when I run a public
endpoint.
I’ll just hack it out otherwise, but I think this opens a vector that should be
completely op
Hi!
Here comes the support for relayd client certificate validation.
Full certificate chain, subject and issuer can be passed over in http headers.
It supports mandatory validation and optional validation(if client chooses to
provide certificate it will be validated).
Part of my sample config.
On Thu, Dec 16, 2021 at 11:48:58AM -0700, Theo de Raadt wrote:
> 'route sourceaddr' support is incomplete.
> In particular it does not work in ping or traceroute.
Thanks for the explanation.
> > On Thu, Dec 16, 2021 at 07:20:04PM +0100, Denis Fondras wrote:
> > > Raw sockets do not comply with ro
'route sourceaddr' support is incomplete.
In particular it does not work in ping or traceroute.
The original idea of this option is to replace the default src address
allocation algorithm, with a static default, particularily on routers.
It is only working for non-bound sockets, but it should als
On Thu, Dec 16, 2021 at 07:20:04PM +0100, Denis Fondras wrote:
> Raw sockets do not comply with route sourceaddr.
>
> Use set address if source is not set by the caller.
Which problem do you want to solve?
Which setups do you break?
bluhm
> Index: netinet/ip_output.c
> =
Raw sockets do not comply with route sourceaddr.
Use set address if source is not set by the caller.
Index: netinet/ip_output.c
===
RCS file: /cvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.377
diff -u -p -r1.377 ip_output.c