Terminate the s_server after n clients connected to it. This is
occasionally useful, matches OpenSSL's behavior and should help
simplifying regress/usr.bin/openssl/x509.
Index: openssl.1
===
RCS file:
On Sun, Aug 29, 2021 at 02:00:44PM +0200, Theo Buehler wrote:
> Terminate the s_server after n clients connected to it. This is
> occasionally useful, matches OpenSSL's behavior and should help
> simplifying regress/usr.bin/openssl/x509.
>
hi.
> Index: openssl.1
>
Hi,
I was wondering if anyone has wanted to implement DANE functions into OpenBSD?
And LibreSSL perhaps? I want this for syslogd with TLS, but not sure if I'd
be on someones toes here, if I start implementing...
With unwind we can make use of things such as DANE due to validation of DNSSEC.
Got some more positive feedback off-list, which reminded me that
there's a small piece missing:
Index: changelist
===
RCS file: /home/OpenBSD/cvs/src/etc/changelist,v
retrieving revision 1.128
diff -u -p -r1.128 changelist
---
Ingo Schwarze wrote:
> One - admittedly completely unUNIXy - way would be to invent a long,
> descriptive name like /etc/kernel.config.commands or even /bsd.config.cmd
> in the root rather than the /etc directory, which is more discoverable
> because it is right next to the kernel itself. The
> Date: Sun, 29 Aug 2021 11:20:06 +0100
> From: Stuart Henderson
>
> On 2021/08/28 22:28, Stuart Henderson wrote:
> > Spotted this at the end of a sysupgrade run. No issue with the reboot but
> > it doesn't look quite right, in particular the newfs_msdos is a bit scary.
> >
> > [...]
> >
man -k kernel, and man -k ukc, both suggest these are poor names
for different reasons.
maybe if you write some diffs to hint at the existance of this mechanism
in the config(8) and boot_config(8) manual pages, a better name will
sneak up on us.
Paul de Weerd wrote:
> Hi Theo,
>
> That's a
Is there a strong reason why this has to be in that specific library?
Peter J. Philipp wrote:
> Hi,
>
> I was wondering if anyone has wanted to implement DANE functions into OpenBSD?
> And LibreSSL perhaps? I want this for syslogd with TLS, but not sure if I'd
> be on someones toes here, if I
On Wed, Aug 18, 2021 at 04:28:13PM +0200, Alexander Bluhm wrote:
> Also more debug output for /etc/netstart -n is necessary to understand
> what is going on.
Not much feedback for my netstart rdomain diff. So let's split it
up and improve dubgging first.
- enable debugging in ifcreate
- add
Hi,
Theo de Raadt wrote on Sun, Aug 29, 2021 at 07:15:34AM -0600:
> I am not thrilled with the name "kernel.conf".
> It does not seem intuitively discoverable.
What would be a canonical name?
It is a command file for config(8).
Note that the "config-file" for config is something else, and
I am not thrilled with the name "kernel.conf".
It does not seem intuitively discoverable.
Paul de Weerd wrote:
> Got some more positive feedback off-list, which reminded me that
> there's a small piece missing:
>
> Index: changelist
>
Hi Theo,
That's a good point, but I have no better alternative. kernel.conf
was the best I could come up with, as it is a configuration file for
the (installed) kernel. I briefly considered:
- config.conf (after config(8), but seems hilariously worse to me)
- ukc.conf (has similar (perhaps
On Sun, Aug 29, 2021 at 03:24:26PM +0200, Alexander Bluhm wrote:
> Not much feedback for my netstart rdomain diff. So let's split it
> up and improve dubgging first.
>
> - enable debugging in ifcreate
> - add debugging output for ipv6 routes
> - make locahost and multicast code aware of print
This does look better.
I appreciate that you are fixing this underlying problem first, before
overlaying your timer diff.
Is this working for the vi crowd?
trondd wrote:
> "Theo de Raadt" wrote:
>
> > +h_alrm(int signo)
> > +{
> > + GLOBAL_CLP;
> > +
> > + F_SET(clp,
On 2021/08/28 22:28, Stuart Henderson wrote:
> Spotted this at the end of a sysupgrade run. No issue with the reboot but
> it doesn't look quite right, in particular the newfs_msdos is a bit scary.
>
> [...]
> Installing xshare70.tgz 100% |**| 4505 KB00:36
>
>
Mark Kettenis wrote:
> Should installboot(8) handle the case where the filesystem is already
> mounted?
Yes.
I guess now that fsck_msdos is on the media, it will be run against
a mounted partition, with is yet another weird problem
This builds fine and works good.
ok inoguchi@
I have one comment additionally what jmc@ mentioned.
On Sun, Aug 29, 2021 at 01:10:56PM +0100, Jason McIntyre wrote:
> On Sun, Aug 29, 2021 at 02:00:44PM +0200, Theo Buehler wrote:
> > Terminate the s_server after n clients connected to it. This is
>
I'll see if I can fit this one in in the next few days.
Feel free to remind me :-)
martijn@
On Sun, 2021-08-29 at 02:54 -0600, Theo de Raadt wrote:
> This does look better.
>
> I appreciate that you are fixing this underlying problem first, before
> overlaying your timer diff.
>
> Is this
Hi,
Theo de Raadt wrote on Sun, Aug 29, 2021 at 02:54:57AM -0600:
> This does look better.
>
> I appreciate that you are fixing this underlying problem first, before
> overlaying your timer diff.
Indeed.
> Is this working for the vi crowd?
*If* more than one GS object ever existed and/or the
On Sun, Aug 29, 2021, Peter J. Philipp wrote:
> I can stick to just rolling the needed functionality in the syslogd.
Maybe you can start with the code from Viktor Dukhovni
https://github.com/vdukhovni/ssl_dane
THIS CODE IS IN THE PUBLIC DOMAIN.
so it can be freely used.
It would be nice to
On Sun, Aug 29, 2021 at 07:16:20AM -0600, Theo de Raadt wrote:
> Is there a strong reason why this has to be in that specific library?
Not really. I did see gnutls has dane functions and openssl has them too.
I can stick to just rolling the needed functionality in the syslogd.
Noone out there
> *If* more than one GS object ever existed and/or the .gp pointers
> in different SCR objects could point to different GS objects, this
> patch might change behaviour.
If such multiple GS condition ever existed, since signals are (global),
the handler is only indicating a signal has happened.
Hi,
Tomasz Rola wrote on Sun, Aug 29, 2021 at 08:21:03PM +0200:
> On Sun, Aug 29, 2021 at 03:27:27AM +0200, mayur...@kathe.in wrote:
>> Would the core team consider including a minimalist lisp in the base?
>> e.g. http://t3x.org/klisp/index.html
[...]
> If I would want to propose any Lisp into
tech@,
I'm looking for testers for the following diff that's designed to
address race conditions in vmm(4)'s VMCS state handling.
In short, there exists a probability that when a guest migrates to
another CPU core that the VMCS state hasn't been persisted to memory and
what *is* in memory does
Hellow,
The K_STRING and K_REGEX lookup kinds are missing from table_db even though
nothing prevents
them from working technically. The following diff is enough to allow db tables
to be used on
regex or string contexts.
Index: table_db.c
Hi Theo,
Theo de Raadt wrote on Sun, Aug 29, 2021 at 11:38:18AM -0600:
> Ingo Schwarze wrote:
>> *If* more than one GS object ever existed and/or the .gp pointers
>> in different SCR objects could point to different GS objects, this
>> patch might change behaviour.
> If such multiple GS
> On 29 Aug 2021, at 16:14, Peter J. Philipp wrote:
>
> On Sun, Aug 29, 2021 at 07:16:20AM -0600, Theo de Raadt wrote:
>> Is there a strong reason why this has to be in that specific library?
>
> Not really. I did see gnutls has dane functions and openssl has them too.
> I can stick to just
On Sun, Aug 29, 2021 at 03:27:27AM +0200, mayur...@kathe.in wrote:
> Would the core team consider including a minimalist lisp in the base? e.g.
> http://t3x.org/klisp/index.html
Hi. I am not the one to decide about such things but I have two cents
to drop.
I have skimmed the manual page for
Hi,
RSA/SHA1, a.k.a the "ssh-rsa" signature type is now disabled by default
in OpenSSH.
While The SSH protocol confusingly uses overlapping names for key and
signature algorithms, this does not stop the use of RSA keys and there
is no need to regenerate "ssh-rsa" keys - most servers released in
29 matches
Mail list logo
