I have now been running it for two days, I *thought * had one hang a day ago,
with chrome and local building churning away with me mashing on the editor..
but I’ve now been doing the same thing with witness on for a day and had no
issues. So I think whatever I might have seen is not
I keep reading these as "unused parts of dlg" and wondering
why he's not remoing them himself..
On Sat, Jun 25, 2022 at 08:48:48PM +1000, Jonathan Gray wrote:
> Index: lib/dns/gen.c
> RCS file:
yes makes sense
> On May 11, 2022, at 07:53, Theo Buehler wrote:
> Some funky libcrypto business ahead.
> X509 API functions such as X509_check_ca() or X509_get_extension_flags()
> cache X509v3 extensions internally if they're not already cached. They
> make decisions based on
On Thu, May 05, 2022 at 10:16:23AM -0600, Bob Beck wrote:
> Ugh. You???re digging in the most perilous parts of the pile.
> I will go look with you??? sigh. (This is not yet an ok for that.)
> > On May 5, 2022, at 7:53 AM, Martin Pieuchot wrote:
> > When
An ok beck@ from me with my usual curmudgeonly mutterings
about the people who made this necessary for isalnum(), walls,
> On May 5, 2022, at 7:57 AM, Florian Obser wrote:
> On 2022-05-04 13:21 +0430, Ali Farzanrad wrote:
>> OK, I've tested following diff on my own
I like that.. LGTM
On Fri, Jan 21, 2022 at 08:37:27PM +0100, Theo Buehler wrote:
> > Lets start with that and optimize this in tree. I think we can rename the
> > function to something like rtype_from_mftfile(). In that case I would move
> > the function as well...
> Like this?
> On Nov 23, 2021, at 21:14, Theo Buehler wrote:
> Two small diffs now that beck has linked the certificate transparency
> code to the build.
> The diff for ext_dat.h links the CT methods to the standard extensions.
> This replaces the gibberish from the CT extensions which are
> On Jun 10, 2021, at 05:05, Theo Buehler wrote:
> On Thu, Jun 10, 2021 at 11:39:46AM +0100, Stuart Henderson wrote:
>> I was just reminded of the Apple cert problem with GeoTrust Global CA
>> and checked and they're using better intermediates for api.push.apple.com
>> now. OK to sync up
Should be fixed. a bit of a pain because their new site has
an expired tls cert.
On Thu, Oct 28, 2021 at 07:30:56AM +0200, Jan Johansson wrote:
> I write to you because I beleive that you are running the NiX Spam
> mirroring script for OpenBSD. The feed has been broken for some
On Thu, Sep 09, 2021 at 09:35:51AM +0200, Claudio Jeker wrote:
> While Connection: keep-alive should be the default it seems that at least
> some of the CA repositories fail to behave like that. Adding back the
> Connection header seems to fix this and delta downloads go faster again.
> > This work has been started by art@ more than a decade ago and I'm
> > willing to finish it
This is possibly one of the scariest things you can say in OpenBSD.
I am now calling my doctor to get a giant bag of flintstones chewable
zoloft prescribed to me just so I can recover from seeing
On Sun, Oct 25, 2020 at 01:43:10PM -0600, Bob Beck wrote:
> On Fri, Oct 23, 2020 at 09:13:23AM +0200, Theo Buehler wrote:
> > On Thu, Oct 22, 2020 at 08:44:29PM -0700, Jeremy Evans wrote:
> > > I was trying to diagnose a certificate validation failure in Rub
On Fri, Oct 23, 2020 at 09:13:23AM +0200, Theo Buehler wrote:
> On Thu, Oct 22, 2020 at 08:44:29PM -0700, Jeremy Evans wrote:
> > I was trying to diagnose a certificate validation failure in Ruby's
> > openssl extension tests with LibreSSL 3.2.2, and it was made more
> > difficult because the
Yeah, it's just a number.
But it's been a pretty wild ride. Thanks everyone for 25 years.
On Sun, Sep 27, 2020 at 02:46:39PM +1000, Duncan Roe wrote:
> The motivation for this is to make debug logs less confusing.
What is this fixing and what behavior are you changing?
> All changed lines have previously demonstrated the problem.
> Signed-off-by: Duncan Roe
On Tue, Sep 15, 2020 at 11:08:04AM +0200, Martijn van Duren wrote:
> There are 3 things that actually look like valid complaints when running
> clang's static analyzer.
> 1) A dead store in agentx_recv.
> 2) sizeof(ipaddress) intead of sizeof(*ipaddress). Since this is ipv4,
>this is only a
But what if I like json and I am already set up to be a hipster and
feed all the untrusted inputs through jq..
On Mon, Sep 14, 2020 at 03:37:25PM +0200, Florian Obser wrote:
> not helpful:
> $ doas acme-client $(hostname)
On Mon, Sep 14, 2020 at 12:45:55PM +0200, Jasper Lievisse Adriaanse wrote:
> Whilst analyzing the cleaner I added tracepoints called 'cleaner' and
> 'bufcache_take' to
> track its behaviour.
> For the sake of symmetry I've added one in bufcache_release() too and moved
On Sat, Sep 12, 2020 at 05:42:39PM +0200, Claudio Jeker wrote:
> extern.h uses stuff from openssl/x509.h so put that include in there
> and remove all the various other openssl includes in other files that
> actually don't need x509 functions.
> :wq Claudio
> Index: as.c
In the spirit of be careful what sticks to you,
this has ok beck@
On Mon, Jul 13, 2020 at 11:56:18AM +0200, Gerhard Roth wrote:
> tmpfs_reclaim() has to make sure that the VFS cache has no more
> locks held for the vnode. Else vclean() could panic because v_holdcnt
> is non-zero.
> I know
On Mon, Jun 29, 2020 at 03:56:43PM -0400, sven falempin wrote:
> On Mon, Jun 29, 2020 at 12:58 PM sven falempin
> It works in the original problematic setup.
> Will it go to base ?
date: 2020/07/14 06:02:50; author: beck; state: Exp; lines: +9 -3;
> Awesome, thanks!
> I will test that, ASAP,
> do not hesitate to slay dragon,
> i heard the bathing in the blood pool is good for the skin
> Little concern, I did the test without the MFS and ran into issues ,
> anyway i get back to you (or list ?) when i have test report with patched
On Sun, Jun 28, 2020 at 12:18:06PM -0400, sven falempin wrote:
> On Sun, Jun 28, 2020 at 2:40 AM Bryan Linton wrote:
> > On 2020-06-27 19:29:31, Bob Beck wrote:
> > >
> > > No.
> > >
> > > I know *exactly* what needbuf is but to attempt to d
I know *exactly* what needbuf is but to attempt to diagnose what your
problem is we need exact details. especially:
1) The configuration of your system including all the details of the filesystems
you have mounted, all options used, etc.
2) The script you are using to generate the
On Mon, Jun 01, 2020 at 06:04:17PM +0100, Stuart Henderson wrote:
> OK to drop the expired AddTrust cert from cert.pem?
> I checked against the firefox set, there are no new/removed certs that
> work with libressl there. There are now two with GENERALIZEDTIME notAfter
On Mon, Jun 01, 2020 at 07:17:28PM +0200, Theo Buehler wrote:
> On Mon, Jun 01, 2020 at 06:04:17PM +0100, Stuart Henderson wrote:
> > OK to drop the expired AddTrust cert from cert.pem?
> Thanks for taking care of this (and for checking the firefox set). I see
> no reason to keep it.
looks good to me
On Sun, May 31, 2020 at 03:38:00PM +0200, Sebastien Marie wrote:
> updated diff after millert@ and beck@ remarks:
> - use union to collapse in_addr + in6_addr
> - doesn't allocate buffer and directly use s->relay->domain->name
On Sat, May 30, 2020 at 05:40:43PM +0200, Sebastien Marie wrote:
> I am looking to make smtpd to set SNI (SSL_set_tlsext_host_name) when
> to smarthost when relaying mail.
> After digging a bit in libtls (to stole the right code) and smtpd (to see
> to put the
> (iirc python does something strange)
On Fri, May 29, 2020 at 06:14:44PM +0200, Marc Espie wrote:
> In a trace:
> > > > #3 0x15e48c95459e in WebVfx::shutdown ()
> > > > at /usr/obj/ports/webvfx-1.2.0/webvfx-1.2.0/webvfx/webvfx.cpp:193
> Now, this is NOT the default location for WRKOBJDIR, but we are shipping
> On May 8, 2020, at 03:00, Stuart Henderson wrote:
> On 2020/05/08 06:58, Florian Obser wrote:
>> I'm running this for about 2 weeks or so.
>> Tests, OKs?
> Just off to look at a radio link in a church tower that I suspect a pigeon
> may have knocked out of alignment,
So, as some of you know the installer hits ftp.openbsd.org during the
install process to query a CGI to provide you with a list of nearby mirrors
and some other useful things.
I've recently made some changes to modernize and improve this after
the retirement of the GEO:IP
On Mon, Apr 13, 2020 at 09:23:23PM -0600, Todd C. Miller wrote:
> On Mon, 13 Apr 2020 20:27:30 -0600, Bob Beck wrote:
> > In my hearts desire I'd love for "R" to be chosen for each line once at
> > start
> > up. (so in
> > the above example the things
ally think this is only useful for hours and
On Mon, Apr 13, 2020 at 12:54:34PM -0600, Todd C. Miller wrote:
> On Mon, 13 Apr 2020 10:00:52 -0600, Bob Beck wrote:
> > +1000. a new random time chosen at cron start.
> > We see this all the time, and it wo
On Mon, Apr 13, 2020 at 09:56:52AM -0600, Todd C. Miller wrote:
> On Mon, 13 Apr 2020 09:37:14 -0600, "Theo de Raadt" wrote:
> > While I understand what RANDOM is trying to do, I am not a fan. I've
> > thought often of an improvement, where the minute marker in a crontab
> > file could be a
yes you are seeing the limitation of 6.4 unveil as mentioned at the bottom
of the man page. this should be fixed in current
On Sun, Feb 3, 2019 at 03:29 Kristaps Dzonsons wrote:
> When I unveil(2), fts doesn't behave well. But only in a subtle way.
> Enclosed is a demonstration. I found
ok beck@ as well
On Wed, Oct 24, 2018 at 06:13 Todd C. Miller wrote:
> On Wed, 24 Oct 2018 08:05:11 +0100, Ricardo Mestre wrote:
> > The only file that spamlogd needs to access after calling pledge is
> > PATH_SPAMD_DB, so unveil it with O_RDWR permissions.
> Looks good. OK millert@
works here and I like it. but probably for after unlock
On Sun, Oct 7, 2018 at 22:11 Mischa Peters wrote:
> No idea if the code works yet.
> Hopefully I can try later. But love the idea.
> > On 8 Oct 2018, at 04:31, Ori Bernstein wrote:
> > Keep a list of known vms, and reuse
So this gets rid of unveil's PLEDGE_STAT.
Instead we use UNVEIL_INSPECT which is set by the stat and access opeerations
that are needed for realpath() type traversals that effectively call stat/access
for each component of a pathname before doing a final operation on the end.
> Some examples that will need consideration for unveil(2):
> - mount(2)
> - unmount(2)
> - quotactl(2)
> - chroot(2)
> - getfh(2)
> - acct(2)
> - coredump()
> - loadfirmware() - I think ifconfig(1) could make the kernel loading a
> firmware for some network card
> so having ni_unveil
> On Sat, Aug 04, 2018 at 10:40:11AM -0600, Bob Beck wrote:
> > On Fri, Aug 03, 2018 at 06:31:00AM +0200, Sebastien Marie wrote:
> > > On Thu, Aug 02, 2018 at 03:42:03PM +0200, Sebastien Marie wrote:
> > > > On Mon, Jul 30, 2018 at 07:55:35AM -0600, Bob Beck wr
> > + nd.ni_unveil = 0; /* XXX No flags == allow it */
> see my comment about ni_unveil != 0.
> as you still have check on (ni_pledge & PLEDGE_STAT), it should be still
It doesn't actually do this yt.. this comment was a reminder for me
and should have had allow it? for my
On Fri, Aug 03, 2018 at 06:31:00AM +0200, Sebastien Marie wrote:
> On Thu, Aug 02, 2018 at 03:42:03PM +0200, Sebastien Marie wrote:
> > On Mon, Jul 30, 2018 at 07:55:35AM -0600, Bob Beck wrote:
> > > yeah the latter will be the way to go
> > >
yeah the latter will be the way to go
On Mon, Jul 30, 2018 at 06:02 Sebastien Marie wrote:
> I think unveil_flagmatch() isn't complete and/or has not the right
> A bit of internals for starting (I will speak about ni_pledge, people
> that know what it is and how it works
On Mon, Jul 16, 2018 at 15:53 Sebastien Marie wrote:
> While reviewing unveil(2) code, I found an incorrect type on
> unvname_new() function: flags argument should be uint64_t.
> It is called by unveil_add_name() which uses uint64_t for flags, and
> store the value in struct
On Sat, May 12, 2018 at 13:14 Theo Buehler wrote:
> Here's another straightforward batch. As usual, it's been tested in a
> bulk by sthen and there was no fallout.
> Index: lib/libcrypto/asn1/ameth_lib.c
So, related to this topic, Apparently BitPay has now fixed us up again.
I have put the button back on the web site, if anyone wants to try a
bitcoin donation is is supposed to be possible again
So, as some of you may know, the OpenBSD Foundation has accepted BitCoin
for some time via BitPay.com
BitPay was convenient for us since they will sell the BTC donations
convert to Canadian Dollars. We then periodically get bank transfers of
and this works
why AA? why not just choose two random ascii salt chars at that point? or
since this is effectively a failure case encrypt a random ascii salt and
using AA will produce a usable result based on the original string.
encrypting a random string with a random salt means the failure
On Wed, Nov 29, 2017 at 02:17:21AM +0100, Claudio Jeker wrote:
> On Wed, Nov 29, 2017 at 01:59:06AM +0100, Claudio Jeker wrote:
> > Seen in my log file:
> > Nov 28 17:47:22 dramaqueen iked: vfprintf %s NULL in "%s: %s %s from %s to
> > %s ms gid %u, %ld bytes%s"
> > and
> > Nov
So, the only 6.2 set to be produced is up for auction, featuring hand-drawn
artwork by Theo.
Artisanally Made in Canada!
All proceeds of the sale to fund OpenBSD development.
Go have a look at
effectivelyu providing a limitless OCSP staple is kind of stupid - you may
as well simply *not staple*
On Wed, Sep 6, 2017 at 8:23 AM, Bob Beck <b...@obtuse.com> wrote:
> I'm not super inclined to make this "flexible" unless we see this used int
> the wild, which I
I'm not super inclined to make this "flexible" unless we see this used int
the wild, which I have not. We are more restrictive than
OpenSSL in many areas.
On Wed, Sep 6, 2017 at 1:31 AM, Andreas Bartelt <o...@bartula.de> wrote:
> On 09/06/17 04:40, Bob Beck wrote:
Andreas where are you seeing this as being a real issue - who is shipping
out OCSP responses without a next update field?
On Sat, Sep 2, 2017 at 11:28 AM, Andreas Bartelt wrote:
> ocspcheck effectively treats a missing nextUpdate like an error, i.e., it
> always provides a
> With the new define (SMALL_TIME_T) enabled, a 32-bit time_t build
> using "openssl s_client -connect" can successfully connect to a server
> and verify its certificate chain when one or more notAfter dates after
> 2038 are present.
> However, using "nc -c" fails to connect to the
On Thu, May 18, 2017 at 7:31 AM, Kyle J. McKay wrote:
> RFC 5280 section 220.127.116.11 states:
> To indicate that a certificate has no well-defined expiration date,
> the notAfter SHOULD be assigned the GeneralizedTime value of
> As you all might have gathered by now Amit has jumped the gun
> but was wrong to do so. His setup is not affected by this change.
> That was expected so please don't get distracted by this as I'm
> still looking forward to replies to the original set of changes.
> > diff --git
- ok mike, I'm looking at it.. Allow me a short while to beat my
head against a wall for a bit to get it into readahead mode...
On Wed, Jun 14, 2017 at 3:56 AM, Mike Belopuhov wrote:
> On Thu, Jun 08, 2017 at 11:55 +0200, Mike Belopuhov wrote:
> > On Wed, Jun 07, 2017 at
You are correct.
Patch committed. Thanks!
On Mon, May 08, 2017 at 08:20:57PM +0200, Jonas 'Sortie' Termansen wrote:
> When upgrading to libressl-2.5.4 I noticed a couple -Wformat errors due
> to this code assuming size_t is of type long when it was actually int on
> this 32-bit
So. There *Is* an official OpenBSD 6.1 CD
If you are interested, please bid on ebay :
(It's a pretty cool little CD set!)
On Mon, May 01, 2017 at 04:07:27PM -0600, Theo de Raadt wrote:
> Let me stop here and ask if the pattern is: "always explicit_bzero
> a password field once it is used"? It might make sense, but some
> of these are heading straight to exit immediately. Is it too much
> to do it then, or is the
> Note that I have noatime on this FS.
then turn that off, or understand that things will not behave as you expect
them to with it on.
There will be some libtls api additions post 6.1 to get the peer cert in
In the meantime, testing snaps prior to 6.1 should be the priority. not a
On Sat, Apr 1, 2017 at 10:49 Joerg Sonnenberger wrote:
> On Sat, Apr 01, 2017 at 07:53:05PM +1030, Jack Burton
On Thu, Mar 23, 2017 at 17:48 Bob Beck <b...@obtuse.com> wrote:
> Honestly, anyone who gets one of these should say no
> what would you all think if people quietly took derived works of software
> licensed under one license and took silence as assent to relicense
Honestly, anyone who gets one of these should say no
what would you all think if people quietly took derived works of software
licensed under one license and took silence as assent to relicense
Does this mean that with an unanswered email i can now release my re
licensed as ISC version of gcc?
And as joel mentioned, a fix is already arriving for this - there was a bug
in SSLv2 compatible handshake initiation,
and Paypal still has it enabled... (yeeuch)
On Mon, Mar 6, 2017 at 3:48 PM, Bob Beck <b...@obtuse.com> wrote:
> Move it to tech@ from misc.. not libress
Move it to tech@ from misc.. not libressl.. libressl is not special ;)
On Mon, Mar 6, 2017 at 3:21 PM, Kirill Miazine wrote:
> Moving to libressl@ from misc@, as it's a LibreSSL issue.
> * Joel Sing [2017-03-05 23:01]:
> On Thursday 02 March 2017 13:28:08 Kirill Miazine
Go for it mpi.. move forward.
On Mon, Feb 6, 2017 at 7:48 AM, Martin Pieuchot wrote:
> On 24/01/17(Tue) 13:35, Martin Pieuchot wrote:
> > Userland threads are preempt()'d when hogging a CPU or when processing
> > an AST. Currently when such a thread is preempted the
On Sun, Feb 5, 2017 at 22:53 Theo Buehler wrote:
> On Sun, Feb 05, 2017 at 09:47:35PM -0800, Philip Guenther wrote:
> > On Sun, 5 Feb 2017, John McGuigan wrote:
> > > I've noticed something strange in adduser -- when attempting to add a
> > > user completely though
On Sun, Feb 05, 2017 at 12:27:19AM +0100, Jeremie Courreges-Anglas wrote:
> The colons used in IPv6 addresses conflicts with the proxy port
> specification. Do the right thing for -x ::1:8080, [::1] and
> Index: netcat.c
On Sat, Feb 04, 2017 at 01:52:14PM -0700, Bob Beck wrote:
> Presented without further comment.
Or maybe this is more appropriate:
RCS file: /cvs/src/usr.bin/cal
On Sat, Feb 04, 2017 at 12:59:53PM -0800, Philip Guenther wrote:
> On Sat, Feb 4, 2017 at 12:52 PM, Bob Beck <b...@obtuse.com> wrote:
> > Presented without further comment.
> > ok?
> NACK. Obsolete 32bit time_t OSes can track their own
Presented without further comment.
RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.usholiday,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 calendar.usholiday
--- calendar.usholiday 19
try connecting with openbsd nc rather than s-client
On Sat, Feb 4, 2017 at 09:13 Bob Beck <b...@obtuse.com> wrote:
> On Sat, Feb 4, 2017 at 07:51 Andreas Bartelt <o...@bartula.de> wrote:
> On 02/04/17 05:26, Joel Sing wrote:
> > On Wednesday 01 February 2017
An issue has been identified whereby httpd(8) could be subject to a denial
of service attack. Repeated crafted requests could be made from a client
using file-range requests, making the server consume excessive amounts of
This issue has been fixed in current. For 5.9 and 6.0 the following
Pretty sure mlucas has uncovered a problem with the ocsp interface.
Basically I didn't attach it to the keypair, (yes Joel, I think you
told me so) so it only works with the master keypair.. OK, but the
problem is that it also returns the staple for other keypairs which is
On Fri, Jan 27, 2017 at 15:23 Stuart Henderson <s...@spacehopper.org> wrote:
> On 2017/01/27 22:09, Bob Beck wrote:
> > I think you have more issues than ocsp. if thats the same host you can't
> > have two different tls certs on the same ip. and you h
27, 2017 at 09:53:25PM +0000, Bob Beck wrote:
> >On Fri, Jan 27, 2017 at 14:12 Michael W. Lucas
> > Or a misconfiguration. Â show configs
> Configs follow.
> # cat /etc/httpd.conf
> include "/etc/sites/www3.conf&q
On Fri, Jan 27, 2017 at 14:12 Michael W. Lucas
> On Fri, Jan 27, 2017 at 02:50:29PM -0500, Michael W. Lucas wrote:
> > On Fri, Jan 27, 2017 at 06:49:06PM +, Stuart Henderson wrote:
> > > That looks like a web server bug, it shouldn't return a staple
On Sat, Jan 07, 2017 at 03:52:04PM -0700, Theo de Raadt wrote:
> > What workarounds would be reasonable and approriate? and does it
> > make sense for OpenBSD to support such scenarios out-of-the-box to
> > promote wider adoption of better software?
> If you want buy the
On Sat, Jan 07, 2017 at 05:42:24PM -0500, Jacob L. Leifman wrote:
> Most of the time I agree with this particular attitude and it is indeed
> appropriate for the OP case. However, there some major networks such as
> various governments (or for example .mil) that do not participate in
On Fri, Jan 06, 2017 at 10:48:37AM -0500, RD Thrush wrote:
> On 01/06/17 06:28, Stuart Henderson wrote:
> > Related to this (and particularly thinking about autoinstalls),
> > would it make sense to allow explicit protocols in the hostname?
> > some.host -> https with http fallback
No objection in principle.. although since some of us depend on this we
might either need warning and/or a small period of overlap where the old
stuff works and then we can move to the new stuff without things blowing
On Sun, Jan 1, 2017 at 1:59 PM, Sebastian Benoit wrote:
> Or do not call tls_configure_ssl_verify() if verification is turned
This makes sense to me.
> Index: lib/libtls/tls_client.c
> RCS file: /data/mirror/openbsd/cvs/src/lib/libtls/tls_client.c,v
This is now working on www.openbsd.org. I upgraded my
6.0 system to current today off the latest snap and httpd would
not start, same problem.
This diff lets current httpd start again.
On Tue, Oct 04, 2016 at 11:54:37PM +0200, Rafael Zalamena wrote:
> On Tue, Oct 04, 2016 at
BTW I'm not picking on you.. my DNS setup blew up this week for local
resolution and I've been dealing with the fallout - so the topic
is relatively near and dear to my heart.
On Wed, Sep 14, 2016 at 10:07 PM, Bob Beck <b...@obtuse.com> wrote:
> Yep. and now you need to solve
then nothing changes at *all* when it's not there.
On Wed, Sep 14, 2016 at 8:39 PM, Ted Unangst <t...@tedunangst.com> wrote:
> Ted Unangst wrote:
> > Bob Beck wrote:
> > > how is rebound going to handle a change in resolv.conf? thats still a
> > > problem h
into rebound to make it useful and then
look at libc which might need slightly more cleverness than just adding
On Wednesday, 14 September 2016, Ted Unangst <t...@tedunangst.com> wrote:
> Bob Beck wrote:
> > how is rebound going to handle a change in resolv.co
how is rebound going to handle a change in resolv.conf? thats still a
On Wednesday, 14 September 2016, Ted Unangst wrote:
> So the plan is for rebound to be the 'system' resolver, with libc talking
> rbeound and rebound talking to the cloud. The main
I really dislike "CHEAP".
and it almost seems like these should actually be NOCACHE.. why the heck
can't they be?
On Thu, Sep 8, 2016 at 7:49 PM, Ted Unangst wrote:
> Currently, the bufcache doesn't know that mfs is backed by memory. All i/o
> mfs ends up being
I am in agreement in principle, but please coordinate with bcook@ and/or
jsing@ who were possibly doing
some related adjustments.
On Mon, Sep 5, 2016 at 4:44 AM, Ted Unangst <t...@tedunangst.com> wrote:
> Bob Beck wrote:
> > >
> > > Agreed, I was also a bit unclear
On Sun, Sep 4, 2016 at 9:54 AM, Theo Buehler wrote:
> use the libc interface instead of rolling it by hand.
> Index: parse.c
> RCS file: /var/cvs/src/usr.bin/hexdump/parse.c,v
On Sun, Sep 04, 2016 at 05:26:24AM -0500, Brent Cook wrote:
> On Sun, Sep 04, 2016 at 05:57:54AM -0400, Ted Unangst wrote:
> > Brent Cook wrote:
> > > @@ -246,14 +252,18 @@ An already existing socket can be upgrad
> > > .Fn tls_connect_socket .
> > > Alternatively, a secure connection can be
On Sun, Sep 04, 2016 at 05:57:54AM -0400, Ted Unangst wrote:
> Brent Cook wrote:
> > @@ -246,14 +252,18 @@ An already existing socket can be upgrad
> > .Fn tls_connect_socket .
> > Alternatively, a secure connection can be established over a pair of
> > existing
> > file descriptors by
committed. thanks Rob
On Sat, Sep 03, 2016 at 02:30:17PM -0400, Rob Pierce wrote:
> There is only one result mentioned: ready-to-install binary packages.
> Index: faq15.html
> RCS file: /cvs/www/faq/faq15.html,v
Yes, ok beck@
to be shortly followed by the ntfs code - don't we have a fuse version of
On Wed, Aug 31, 2016 at 3:34 PM, Martin Natano wrote:
> mount_ntfs forces the mount point to be MNT_RDONLY, so the write parts
> in ntfs are never used. OK to remove?
Quite Frankly, we're happy to support what's needed in relayd,
But first relayd needs to actually convert to use libtls instead of bare
Until then we're just making the problem worse.
IMO, we should convert relayd to use libtls - (add what we need to libtls
to support it)
I have no objections.. If I hear none by monday I can commit it for you
On Sat, Aug 27, 2016 at 11:53:14PM -0300, Henrique N. Lengler wrote:
> > Hi,
> > This is a tiny patch to enable the use of numpad Enter key on cwm menus.
> > Regards,
> > Henrique N. Lengler
> No intention
On Thursday, 25 August 2016, Ted Unangst wrote:
> Andreas Bartelt wrote:
> > On 08/25/16 15:58, Brent Cook wrote:
> > > No objection here. Anyone else?
> > >
> > in general, I personally would only add further cryptographic primitives
> > to a TLS configuration in case
On Tue, Jul 05, 2016 at 09:11:37PM -0600, Bob Beck wrote:
> Ok, so this work was done by Marko Kreen, all as the result of a very long
> discussion in:
> In a nutshell, I threw down a glove that libtls could have funct
1 - 100 of 443 matches
Mail list logo