On Wed, Dec 16, 2020 at 04:42:59PM +0100, Alexander Bluhm wrote:
> When debugging tests, it is useful to see the target name and which
> output belongs to it. A lot of my tests have echo lines, but I
> think this is better done in the framework. Then all tests behave
> simmilar. I would remove t
On Thu, Dec 17, 2020 at 12:01:25PM +0100, Alexander Bluhm wrote:
> On Wed, Dec 16, 2020 at 04:42:59PM +0100, Alexander Bluhm wrote:
> > When debugging tests, it is useful to see the target name and which
> > output belongs to it.
>
> A small addition:
>
> Run setup_once targets in a sepearate blo
On Fri, Dec 18, 2020 at 11:42:38AM +0100, Claudio Jeker wrote:
> On Thu, Dec 03, 2020 at 02:33:03PM +0100, Claudio Jeker wrote:
> > Use asprintf with %.*s to construct the path based on the mft file
> > location and the filename of the referenced file.
> >
> > Since the * field in printf(3) is exp
On Fri, Dec 18, 2020 at 11:43:40AM +0100, Claudio Jeker wrote:
> On Wed, Dec 02, 2020 at 05:06:28PM +0100, Claudio Jeker wrote:
> > rpki-client passes both empty strings and NULL strings as zero length
> > objects. The unmarshal code then allocates memory in any case and so a
> > NULL string is unm
On Fri, Dec 18, 2020 at 05:45:01PM +0100, Claudio Jeker wrote:
> On Fri, Dec 18, 2020 at 01:46:49PM +0100, Theo Buehler wrote:
> > On Fri, Dec 18, 2020 at 11:43:40AM +0100, Claudio Jeker wrote:
> > > On Wed, Dec 02, 2020 at 05:06:28PM +0100, Claudio Jeker wrote:
> > >
> This is the next step. I added asserts for strings that must be set and
> removed some of complications around optional strings. Especially cert.c
> and some of the entityq code benefits from this.
Looks good and works for me.
ok tb
On Wed, Dec 30, 2020 at 07:05:47AM +, Jason McIntyre wrote:
> On Wed, Dec 30, 2020 at 02:02:44AM +0100, Klemens Nanni wrote:
> > Manuals like httpd.conf(5) refer to tls_config_parse_protocols(3) the
> > list of supported protocols.
> >
> > Sentences with inlined elements are generally harder t
On Tue, Dec 29, 2020 at 06:03:36AM -0700, Todd C. Miller wrote:
> On Tue, 29 Dec 2020 10:33:26 +, Miod Vallat wrote:
>
> > regcomp.c uses the "start + count < end" idiom to check that there are
> > "count" bytes available in an array of char "start" and "end" both point
> > to.
> >
> > This is
The access and error logs are never freed. They are leaked on sending
USR1 to the parent, for example.
Index: logger.c
===
RCS file: /cvs/src/usr.sbin/httpd/logger.c,v
retrieving revision 1.22
diff -u -p -r1.22 logger.c
--- logger.c
msg is allocated by vasprintf, and is leaked on return of server_sendlog.
vasprintf calculates the length of the string, so we can zap a needless
call to strlen while there.
Index: server.c
===
RCS file: /cvs/src/usr.sbin/httpd/server
httpd(8) leaks resources when clients connect via TLS. The reason for
this is that server_close() closes the socket underlying the TLS
connection before calling tls_close().
The currently unchecked tls_close() call fails with EBADF when trying to
write out the close_notify in SSL_shutdown(). That
On Fri, Jan 01, 2021 at 11:38:32PM +0100, Claudio Jeker wrote:
> On Fri, Jan 01, 2021 at 09:06:34PM +0100, Theo Buehler wrote:
> > httpd(8) leaks resources when clients connect via TLS. The reason for
> > this is that server_close() closes the socket underlying the TLS
> &
On Sat, Jan 02, 2021 at 08:31:39PM +, Miod Vallat wrote:
> The removal of the categories code made these two functions unused, so
> remove them as well.
ok tb
On Sat, Jan 02, 2021 at 08:33:51PM +, Miod Vallat wrote:
> That code was written before inline functions were supported by
> compilers; now that they are even part of the language standard, turn
> macros into inline functions so that there is no need to document in
> comments that they will eva
On Sun, Jan 03, 2021 at 04:45:30PM +, Miod Vallat wrote:
> > Is there a reason not to do
> >
> > return (cs->ptr[(uch)c] & cs->mask) != 0;
> >
> > This would allow us to get rid of the !! construct in regcomp.c
>
> Why not. What about that?
Thanks. Here's the diff rebased on top of -cur
Pointed out by llvm scan-build. mrt_config is much larger (> 10x). As
far as I can tell, this isn't bad. It just overallocates and copies a
lot of zeroes thanks to the calloc() in parse.y.
Perhaps it would be better to use sizeof(*xm) instead.
Regress passes with the Makefile diff at the end (is
On Mon, Jan 04, 2021 at 10:46:39AM +0100, Claudio Jeker wrote:
> In bgpd most prefixes and addresses are stored as struct bgpd_addr. When
> it is printed it uses inet_ntop() which is not ideal since it does not
> handle IPv6 scoped_id. Instead convert to a struct sockaddr and use
> log_sockaddr() w
On Mon, Jan 04, 2021 at 12:23:35PM +0100, Claudio Jeker wrote:
> On Mon, Jan 04, 2021 at 12:09:46PM +0100, Theo Buehler wrote:
> > Pointed out by llvm scan-build. mrt_config is much larger (> 10x). As
> > far as I can tell, this isn't bad. It just overallocates and cop
> > + return log_sockaddr(addr2sa(addr, 0, &len), len);
>
> Perhaps I haven't yet had enough coffee this year, but I'm unsure
> whether it is actually guaranteed that addr2sa() is called before the
> second len in this line is passed to log_sockaddr().
Answering my own question: C99 and
On Mon, Jan 04, 2021 at 08:48:55PM +0100, Otto Moerbeek wrote:
> On Mon, Jan 04, 2021 at 05:50:53PM +0100, Otto Moerbeek wrote:
>
> > tOn Mon, Jan 04, 2021 at 01:42:48PM +0100, Theo Buehler wrote:
> >
> > > > > + return log_soc
On Thu, Jan 07, 2021 at 11:16:16PM +, Adam Barth wrote:
> Previously, this code was passing string constants to functions that did
> not declare their parameters as const. After this patch, the functions now
> declare that they do not modify these arguments, making it safe to pass
> string cons
On Thu, Jan 07, 2021 at 11:30:43PM +, Adam Barth wrote:
> Thanks so much! This is my first patch for OpenBSD, and I don't quite have
> the workflow debugged yet.
Committed, thank you!
Probably easiest and safest way is to use git format-patch and to send
the patch file as an attachment. This
On Sat, Jan 09, 2021 at 08:00:42AM +0100, Otto Moerbeek wrote:
> As reported on misc@
>
> https://marc.info/?l=openbsd-misc&m=161016188503894&w=2
ok tb
>
> -Otto
>
> Index: regular.c
> ===
> RCS file: /cvs/src/usr.bin/cmp/re
On Thu, Jan 14, 2021 at 01:32:41PM +0100, Matthieu Herrb wrote:
> Hi,
>
> I'm trying to debug strange beahaviour changes with certificates on a
> systemc after upgrading it from 6.7 to 6.8...
>
> On 6.7, If I run :
>
> openssl s_server -cert mycert.pem -key mykey.pem -CAfile CA.pem
>
> then ope
On Thu, Jan 14, 2021 at 02:37:20PM +0100, Robert Nagy wrote:
> On 14/01/21 14:27 +0100, Robert Nagy wrote:
> > On 14/01/21 14:20 +0100, Theo Buehler wrote:
> > > On Thu, Jan 14, 2021 at 01:32:41PM +0100, Matthieu Herrb wrote:
> > > > Hi,
> > > >
>
On Mon, Jan 18, 2021 at 06:41:26PM +0100, Florian Obser wrote:
>
>
> This is not an api that seems to have caught on (especially the
> AF_INET6 variant), maybe we can get rid of it entirely.
>
> (I also suspect that the AF_INET6 version is broken on FreeBSD and
> NetBSD as well as mac osx.)
> We should just ignore any of the special curses keys returned by
> getch() since canfield is not prepared to deal with them.
ok tb
On Sun, Jan 24, 2021 at 12:44:39PM +0100, Klemens Nanni wrote:
> unwind/libunbound always tries to connect to nameservers using both
> address families, even if only one is configured on the local machine.
>
> So on IPv6 only boxes for example syslog gets spammed with these
>
> Jan 24 12:23:06 er
On Thu, Jan 28, 2021 at 04:42:00PM +0100, Claudio Jeker wrote:
> Initially rpki-client checked the file hash while parsing the file (.roa,
> .cert or .crl) but since a while rpki-client does the hash check early
> during the .mft parsing with mft_check(). After that all files in the
> fileandhash a
On Wed, Feb 03, 2021 at 08:08:20PM +0100, Claudio Jeker wrote:
> This is just shuffling code around and adds a few definitions to extern.h.
> The goal is to reduce the amount of code in main.c. I constantly get lost
> in all the parsing and parent functions also I want to extend the
> repository co
On Thu, Feb 04, 2021 at 11:37:08AM +0100, Claudio Jeker wrote:
> Instead of passing around variables all the way down to entity_write_req()
> and repo_lookup() use global variables. Especially for the repository
> handling this will become more complex with the introduction of RRDP.
> Also shuffle
On Thu, Feb 04, 2021 at 03:09:33PM +0100, Claudio Jeker wrote:
> The uri field in the entity queue struct is never a URI but always a local
> path to the file in the repo. Rename the field so I'm less confused.
> Compiler agrees with my change.
Agreed. Some of the functions you need to touch also
On Thu, Feb 04, 2021 at 06:56:05PM +0100, Claudio Jeker wrote:
> This bit of debug code to understand the progress of rpki-client is no
> longer helpful. Most of the time this is a stuck rsync that causes delays
> and those are now nicely handled by an internal timeout.
> I propose to remove this.
On Fri, Feb 05, 2021 at 02:45:41PM +0100, Claudio Jeker wrote:
> RPKI certificates have 3 possible Subject Information Access URI that we
> may be interested in:
> - 1.3.6.1.5.5.7.48.5 (caRepository)
> - 1.3.6.1.5.5.7.48.10 (rpkiManifest)
> - 1.3.6.1.5.5.7.48.13 (rpkiNotify)
>
> rpkiMa
On Thu, Feb 11, 2021 at 08:55:55PM +, Stuart Henderson wrote:
> acme-client works with ecdsa certificates, but if there's no existing
> key, it has no way to tell whether you want ec or rsa so it can't
> actually generate a new ec key. (even if it did, acme-client's default
> secp384r1 isn't ac
On Sat, Feb 13, 2021 at 11:58:04AM +0100, Jan Klemkow wrote:
> Hi,
>
> A coworker of mine has made tests with LibreSSL [1] and found some
> regressions. I took his test descriptions and created the following
> automated regression test. In the repository he described his findings
> in detail. I
On Mon, Feb 15, 2021 at 12:41:31PM +0100, Claudio Jeker wrote:
> For SNI all TLS servers need to run with the same config. The config
> parser has an extra step for this. The problem is it also compares the
> TLS config params with non-TLS servers when a server block has both
> listen * port 80 and
On Fri, Feb 12, 2021 at 10:01:38AM +0100, Claudio Jeker wrote:
> On Mon, Feb 08, 2021 at 05:15:40PM +0100, Claudio Jeker wrote:
> > Split the repository code into two parts:
> >
> > - fetch of the trust anchors (the certs referenced by TAL files)
> > - fetch of the MFT files of a repository
> >
>
> > > rt.repos = reallocarray(rt.repos,
> > > rt.reposz + 1, sizeof(struct repo));
> >
> > This line could be unwrapped. The code could also be simplified by using
> > recallocarray() (it looks like the -portable update.sh is prepared for
> > that).
>
> I leave that for later. There a
On Tue, Feb 16, 2021 at 04:36:59AM +1100, Joel Sing wrote:
> On 21-02-15 14:49:46, Jan Klemkow wrote:
> > On Sat, Feb 13, 2021 at 03:53:48PM +0100, Theo Buehler wrote:
> > > On Sat, Feb 13, 2021 at 11:58:04AM +0100, Jan Klemkow wrote:
> > > > A coworker of mine has ma
On Tue, Feb 16, 2021 at 01:16:21PM +0100, Jan Klemkow wrote:
> On Tue, Feb 16, 2021 at 04:36:59AM +1100, Joel Sing wrote:
> > On 21-02-15 14:49:46, Jan Klemkow wrote:
> > > On Sat, Feb 13, 2021 at 03:53:48PM +0100, Theo Buehler wrote:
> > > > On Sat, Feb 13, 2021 at
Hi
On Thu, Oct 15, 2020 at 05:52:40PM +1100, Ashe Connor wrote:
> Hi there,
>
> A year or two ago I submitted a patch for adding TLS client certificate
> validation to relayd. At the time it didn't make it in, and I stopped
> pursuing it further.
> (https://marc.info/?l=openbsd-tech&m=154509
On Thu, Feb 18, 2021 at 11:57:52AM +0100, Claudio Jeker wrote:
> This diff moves the mkpath() call from the rsync child to the parent.
> As a result the rsync process no longer needs cpath. It will also simplify
> integration of RRDP since that will be another process.
ok tb
>
> --
> :wq Claudi
On Thu, Feb 18, 2021 at 02:41:39PM +0100, Claudio Jeker wrote:
> Instead of iterating over all x509 extension and look for SKI and AKI use
> X509_get_ext_d2i(). This reduces the complexity a fair bit. Also add
> additional checks (e.g. make sure the extensions are non-critical).
> More cleanup in c
As discussed a few days ago, there are a few reallocarray + memset that
can be directly handled by recallocarray.
Index: main.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.101
diff -u -p -r1.101 main.c
-
On Mon, Feb 15, 2021 at 12:03:42PM +1000, Jonathan Matthew wrote:
> It's fairly easy to accidentally configure relayd to try to run check scripts
> faster than they finish, for example if you have a check interval of one
> second and the check script makes a tcp connection to a host that doesn't
>
On Fri, Feb 19, 2021 at 10:54:29AM +0100, Claudio Jeker wrote:
> Better to make sure that all URI we ingest are sensitive. Similar check
> is already done in cert.c so also do it for the TAL files (even though
> these are normally controled by the user).
>
> OK?
ok
> --
> :wq Claudio
>
> Index
On Wed, Feb 24, 2021 at 06:47:00AM +0100, Jan Klemkow wrote:
> Hi,
>
> another co-worker of mine has found an other regress in the LibreSSL
> legacy verifier. I took his diff and made a test for our regression
> framework.
>
> The legacy verifier seems not to check the certificate if no root CA
On Wed, Feb 24, 2021 at 09:00:05PM +0100, Theo Buehler wrote:
> On Wed, Feb 24, 2021 at 06:47:00AM +0100, Jan Klemkow wrote:
> > Hi,
> >
> > another co-worker of mine has found an other regress in the LibreSSL
> > legacy verifier. I took his diff and made a test for o
On Sat, Feb 27, 2021 at 12:21:35AM +1100, Jonathan Gray wrote:
> Bring in a change which was backported to Mesa 20.1 but not 20.0.
> This is for inteldrm with >= gen8/broadwell hardware.
> /var/log/Xorg.0.log with 'DRI driver: iris' and 'xdriinfo' will
> show 'Screen 0: iris' if you are using the i
> Following the advice in the FAQ I added my user to the wobj group. I
> suppose I could "make obj" and have the objs written to /usr/obj? Is
> this a workflow the developers recommend or follow? Thanks!
Yes. More precisely, by default 'make obj' in /usr/src/usr.bin/systat
will create a symlink ob
On Thu, Feb 25, 2021 at 05:03:19PM +0100, Claudio Jeker wrote:
> On Fri, Feb 19, 2021 at 07:10:02PM +0100, Claudio Jeker wrote:
> > Some TAL files now include an https URI where the TA can be fetched from.
> > With this diff rpki-client will download the TA from https unless that
> > fails and then
On Sun, Feb 28, 2021 at 09:09:05AM +0100, Theo Buehler wrote:
> > + if (error == EAI_SERVICE)
> > + error = getaddrinfo(host, "443", &hints, &conn->res0);
> > + if (error) {
>
> error != NULL
Apologies, forgot to delete that.
On Tue, Mar 02, 2021 at 11:45:22AM +0100, Claudio Jeker wrote:
> On Mon, Mar 01, 2021 at 11:57:03AM +0100, Claudio Jeker wrote:
> > On Sun, Feb 28, 2021 at 09:09:05AM +0100, Theo Buehler wrote:
> > > On Thu, Feb 25, 2021 at 05:03:19PM +0100, Claudio Jeker wrote:
> > > &
On Tue, Mar 02, 2021 at 02:09:37PM +0100, Claudio Jeker wrote:
> This diff just brings all err(3) calls for out of memory situations to one
> form: err(1, NULL);
> It is not very helpful to tell if malloc, strdup or asprintf failed with no
> mem. Just one common idiom.
>
> OK?
ok.
The https diff
On Sat, Feb 13, 2021 at 06:26:02PM +0100, Eric Faurot wrote:
> Hi.
>
> The diff seems to work for the few people who tested it (thanks).
> Anyone wants to ok this?
I read through the diff several times, but I'm not familiar with smtpd
so cannot claim a thorough review. Nothing really stood out as
On Thu, Feb 25, 2021 at 09:34:30PM +0100, Tobias Heider wrote:
> Hi,
>
> while testing different x509 validator corner cases i found that a bunch of
> errors are currently not handled in libcrypto.
>
> In particular duplicate or undecodable extensions are ignored.
> The diff below sets EXFLAG_INV
The first two seem obvious oversights. The ones in rsync_base_uri()
would end up silently ignored:
queue_add_from_cert
repo_lookup
rsync_base_uri
Index: http.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v
retrieving revisi
On Thu, Mar 04, 2021 at 04:10:12PM +0100, Claudio Jeker wrote:
> On Thu, Mar 04, 2021 at 03:53:44PM +0100, Theo Buehler wrote:
> > The first two seem obvious oversights. The ones in rsync_base_uri()
> > would end up silently ignored:
> > queue_add_from_cert
> > repo_
On Fri, Mar 05, 2021 at 01:48:43PM +0100, Claudio Jeker wrote:
> Instead of adding similar checks all over the place introduce a
> valid_uri() function that checks if a URI is valid enough for rpki-client.
> rpki-client does not accept files or directories starting with ., bails on
> URI that have
On Sun, Feb 21, 2021 at 10:04:07PM +0300, Vadim Zhukov wrote:
> Hello all.
>
> This continues the 'Another potential ksh bug?' thread on misc@:
> https://marc.info/?l=openbsd-misc&m=160736700220621&w=2
> This present is a bit too late for Christmas, but at least the Day of
> Red Army is coming soo
On Fri, Mar 05, 2021 at 03:15:48PM +0100, Claudio Jeker wrote:
> RRDP also uses SHA256 hashes to validate files (before withdraws and
> updates). Again move this from the implementation in mft.c to validate.c
> this way it can be reused.
>
> OK?
ok tb
> --
> :wq Claudio
>
> Index: extern.h
> =
On Fri, Mar 05, 2021 at 05:36:53PM +0100, Claudio Jeker wrote:
[...]
> Here we go. This should be better.
ok tb
On Sun, Mar 07, 2021 at 04:58:02PM +, Raf Czlonka wrote:
> Hello,
>
> Ordinal (intercardinal) directions are swapped in hack(6)'s help.
>
> For a second there, I though that no one else noticed since the 80s ;^)
> ...not the case[0] :^P
>
> While there, I'm tempted to capitalise both cardina
On Sun, Mar 07, 2021 at 09:47:45PM +0100, Eric Faurot wrote:
> As spotted by krw@, the mta should use the mx hostname for sni, not
> the reverse dns for the peer address.
ok tb
>
> Eric.
>
>
> Index: mta_session.c
> ===
> RCS file
On Wed, Mar 10, 2021 at 10:12:51AM +0100, Claudio Jeker wrote:
> The entity queue is per repository. It is a queue of files that depend on
> this repository and need to wait until the repository finished its sync.
> There is no benefit of a global queue.
>
> In my opinion this is more understandab
On Tue, Mar 09, 2021 at 10:03:56AM -0700, Todd C. Miller wrote:
> I think that in do_clear_screen() full should not be set unless
> neednl is 0. That is, we should only print the entire prompt if
> the screen was actually cleared. Otherwise looks good to me.
ok tb
On Thu, Jan 21, 2021 at 11:06:05AM -0700, Todd C. Miller wrote:
> This is a backport of the ncurses 5.9 20120707 patch.
> https://github.com/mirror/ncurses/commit/471bc007361fd4bc8d2fae060c7d5b09828ed541
ok tb
On Wed, Mar 10, 2021 at 01:10:55PM -0700, Todd C. Miller wrote:
> Now the the clear screen change has been committed, here's the
> insert mode ^R (redraw) diff again with a man page update. Note
> that ^R is already supported in command mode.
>
ok
On Thu, Mar 11, 2021 at 08:40:46PM -0800, Mike Larkin wrote:
> On Thu, Mar 11, 2021 at 06:11:03PM -0500, Dave Voutila wrote:
> > tl;dr: tedu vmboot.{c,h}, ufs.c from vmd(8) to remove broken ability to
> > exract and boot a kernel image from a raw or qcow2 disk image
> >
> > The following diff remov
On Sat, Mar 13, 2021 at 11:11:00PM +0200, Maxim Vuets wrote:
> A minor patch that makes canonical links match their actual page URLs.
Committed, thanks
On Sat, Mar 13, 2021 at 09:20:32PM +0100, Tobias Heider wrote:
> On Wed, Mar 03, 2021 at 05:36:12PM +0100, Theo Buehler wrote:
> > On Thu, Feb 25, 2021 at 09:34:30PM +0100, Tobias Heider wrote:
> > > Hi,
> > >
> > > while testing different x509 validat
On Thu, Mar 18, 2021 at 11:25:25AM +0100, Claudio Jeker wrote:
> This diff aims at removing some warnings seen in -portable.
>
> - gcc has a hard time to realize when a variable like noop ensures that
> an other variable is not used.
>
> - Similar the switch () statements in http.c include all po
A malformed URI such as "https://[::1/index.html"; causes a NULL access
in the hosttail[1] == ":" check.
Index: http.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v
retrieving revision 1.6
diff -u -p -r1.6 http.c
--- http.c
The port number starts after the ':'.
Index: http.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v
retrieving revision 1.7
diff -u -p -r1.7 http.c
--- http.c 18 Mar 2021 15:40:45 - 1.7
+++ http.c 18 Mar 2021
On Thu, Mar 18, 2021 at 05:06:53PM -0400, Dave Voutila wrote:
>
> Preben Guldberg writes:
>
> > In "vmctl status", VMs that are being stopped but are still running
> > will simply show up as "running".
> >
> > The diff below gives preference to showing the stopping state akin to
> > how a paused
On Fri, Mar 19, 2021 at 10:02:26AM +0100, Claudio Jeker wrote:
> rpki-client is currently not able to to load relative tal files via -t
> option. The problem is that the chdir to the cache directory happens
> before the tal files are loaded. Move the fchdir down so relative path
> work when queue_a
On Fri, Mar 19, 2021 at 11:01:27AM +0100, Claudio Jeker wrote:
> This is mostly for -portable but also the native version should be able to
> mention that it is not the -portable version.
> This is a compromise I can live with, hope everyone else agrees.
Yes. Let's keep the diff in portable as sim
On Wed, Mar 24, 2021 at 11:09:41AM +0100, Martin Vahlensieck wrote:
> Hi
>
> This fixes mangled output from the openssl(1) -debug option:
>
> Before:
> $ openssl aes-256-cbc -out test -debug
> BIO[0x9102a7e5ctrl(106) - FILE pointer
> BIO[0x9102a7e5ctrl return 1
> BIO[0x9102a801ctrl(108) - FILE po
On Thu, Mar 25, 2021 at 09:57:51AM +0100, Claudio Jeker wrote:
> RRDP has a lot of base64 strings to handle. Because of this adjust the
> base64_decode function in tal.c to take a regular string as input.
> For now keep the function static, will change that once RRDP is ready.
>
> OK?
Since you t
On Thu, Mar 25, 2021 at 10:46:18AM +0100, Claudio Jeker wrote:
> This diff is mostly cleanup and adding the missing bits needed for RRDP.
> Instead of a simple bool ok use an enum to report the state back.
> Can be fail, ok or not-modified (the last is used for 304 Not Modified
> answers (if a If-
On Thu, Mar 25, 2021 at 08:07:53PM +0100, Preben Guldberg wrote:
> Dave Voutila wrote:
> > Preben Guldberg writes:
> > > The patch below addresses an off-by-one error reading argv when
> > > generating the error message.
>
> > > I personally find it clearer if the condition of mixing -a with an id
On Fri, Mar 26, 2021 at 09:52:04AM +0100, Claudio Jeker wrote:
> This diff replaces mostly the same code in the poll loop with a for loop.
> It also gives a hint which process closed a connection.
This is much nicer. Would the msgbuf_write() errors not benefit from the
same hint?
ok tb
>
> --
On Fri, Mar 26, 2021 at 07:24:32AM -0400, Dave Voutila wrote:
>
> Theo Buehler writes:
>
> > On Thu, Mar 25, 2021 at 08:07:53PM +0100, Preben Guldberg wrote:
> >> Dave Voutila wrote:
> >> > Preben Guldberg writes:
> >> > > The patch be
On Fri, Mar 26, 2021 at 03:38:54PM +0100, Claudio Jeker wrote:
> Not sure on what I was tripping when writing filepathcmp() but it makes no
> sense to use strcasecmp() there. It compares paths in the filesystem and
> these are case-sensitive.
ok
>
> --
> :wq Claudio
>
> Index: main.c
> ===
On Thu, Mar 25, 2021 at 06:52:13PM +0100, Eric Faurot wrote:
> Hi.
>
> This diff allows to specify the protocol versions and ciphers
> to use for outgoing TLS sessions on a per relay basis.
Yes, I think we need this.
ok tb
On Mon, Mar 29, 2021 at 10:38:54AM +0200, Claudio Jeker wrote:
> Replace a super strange way to translate some binary blob into a hex string.
> The code drops the : from the string but this is fine, the : is just
> visual fluff. I used the same function in the not yet finished RRDP
> codebase and
On Mon, Mar 29, 2021 at 01:22:20PM +0200, Claudio Jeker wrote:
> On Mon, Mar 29, 2021 at 01:19:21PM +0200, Claudio Jeker wrote:
> > On Mon, Mar 29, 2021 at 12:42:02PM +0200, Theo Buehler wrote:
> > > On Mon, Mar 29, 2021 at 10:38:54AM +0200, Claudio Jeker wrote:
> > > &g
On Tue, Mar 30, 2021 at 05:30:19PM +0200, Claudio Jeker wrote:
> Found the hard way. http_new() call http_free() if http_resolv() failes.
> http_free() call http_fail() in that case since the state is not
> STATE_DONE. In the main poll loop another http_fail() call is made. This
> results in bad ba
On Tue, Mar 30, 2021 at 05:51:38PM +0200, Claudio Jeker wrote:
> On Tue, Mar 30, 2021 at 05:45:39PM +0200, Theo Buehler wrote:
> > On Tue, Mar 30, 2021 at 05:30:19PM +0200, Claudio Jeker wrote:
> > > Found the hard way. http_new() call http_free() if http_resolv() failes.
>
On Wed, Mar 31, 2021 at 01:13:08PM +0200, Claudio Jeker wrote:
> As mentioned before move the base64 and hex encoding / decoding functions
> into one file. This is just minor cleanup.
ok tb
>
> --
> :wq Claudio
>
> PS: I know this will break regress and I will fix that once this goes in.
>
>
d->uri was allocated by xstrdup(), so needs to be freed. Was going back
and forth between the below and adding free(d->uri).
Index: rrdp_notification.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/rrdp_notification.c,v
retrieving revis
On Tue, Apr 06, 2021 at 06:08:04PM +0200, Claudio Jeker wrote:
> When an rrdp request fails because the hash of a delta or snapshot is
> incorrect the repo never finishes because the setting of
> RRDP_STATE_PARSE_DONE and the call to rrdp_finished() is skipped.
> The result is a hanging rpki-client
On Wed, Apr 07, 2021 at 12:50:15PM +0200, Claudio Jeker wrote:
> In some cases unlink reports 'no such file or directory' when the RRDP
> repository is merged at the end of a RRDP sync.
> The problem is that some deleted files are in the temporary location and
> not part of the real repo. Because o
On Wed, Apr 07, 2021 at 12:55:50PM +0200, Claudio Jeker wrote:
> When -b is used rpki-client should bind to that address for outgoing
> connections. The http code does that but only warns if a bind call fails
> but try the connect none the less. This is different from other network
> tools (nc, ftp
On Thu, Apr 08, 2021 at 10:56:26AM +0200, Claudio Jeker wrote:
> Currently when a pipe to some child is closed the main process errors out
> hard. This is not great since the exit reason is not shown.
> Change this to break out of the poll loop and also restructure the wait
> code to use a loop whi
On Thu, Apr 08, 2021 at 04:47:15PM +0200, Claudio Jeker wrote:
> This diff is a first step in tightening the code in http.c
> It should cleanup the poll handling and make adds some code to ensure that
> only expected results are returned. The goal is that http_handle() only
> does IO processing and
On Thu, Apr 08, 2021 at 07:18:39PM +0200, Claudio Jeker wrote:
> On Thu, Apr 08, 2021 at 06:22:16PM +0200, Theo Buehler wrote:
> > On Thu, Apr 08, 2021 at 04:47:15PM +0200, Claudio Jeker wrote:
> > > This diff is a first step in tightening the code in http.c
> > >
On Thu, Apr 08, 2021 at 08:43:25PM +0200, Claudio Jeker wrote:
> Also here is the last bit of the http work. This changes http_handle() and
> ensures that http_nextstep() never returns 0. For http_tls_connect() this
> requires a fall through to the next stage in case it returns 0.
> Also http_redir
On Fri, Apr 09, 2021 at 07:36:35AM +0200, Otto Moerbeek wrote:
> On Thu, Apr 01, 2021 at 11:23:58AM +0200, Otto Moerbeek wrote:
>
> > Hi,
> >
> > here's a small malloc diff. Most important part is an extra internal
> > consistency check. I have been running this for a few week already,
>
> ping?
1 - 100 of 1578 matches
Mail list logo