May 20, 2010
View 258cc03113

tls: safer destroy_cfg

Andrei Pelinescu-Onciul authored on 20/05/2010 14:18:16
March 19, 2010
View 0c5b835259

tls: new parameters for advanced openssl options

Andrei Pelinescu-Onciul authored on 19/03/2010 14:11:49
February 23, 2010
View 51ee5da9eb

tls: disable kerberos more thoroughly [fix]

Andrei Pelinescu-Onciul authored on 23/02/2010 15:10:21
October 10, 2009
View beeb174767

Changing license template

oej authored on 10/10/2009 12:10:43
View 9accd256fd

Adding doxygen documentation

oej authored on 10/10/2009 11:48:00
June 6, 2008
View d037bb9db0

- Use the new configuration file parser

Jan Janak authored on 06/06/2008 00:03:06
February 10, 2007
View 6a8994c40b

- use the new tls hooks api (the core patch is no longer necessary) - renamed some of tls_.* functions to tls_h_.* to avoid name conflicts with the core - fixed shutdown tls before tcp bug (if ser was stopped while tls connections were still active, the tls module was destroyed before tcp => crash when tcp tried to close the tls connections). Now all the destroy operation are moved into the new destroy_tls hook and the module destroy function is empty.

Andrei Pelinescu-Onciul authored on 10/02/2007 19:02:04
February 1, 2007
View fc660aae7d

- openssl compression bug detect/workaround enabled at runtime (if zlib compression is detected, we replace openssl version with ours). The previous version had this fix but it was enabled only at compile-time. - SSL_OP_TLS_BLOCK_PADDING_BUG option disabled if 0.9.8 <= openssl < 0.9.8c and compresion is used (check at runtime) - more start-up sanity checks: - check if openssl used library version is close enough to the library with which the tls module was compiled (header files) For now it checks for the same major, minor and fix level (e.g. 0.9.8a && 0.9.8c are ok, 0.9.7b and 0.9.8a are not) - try to auto-detect (using the compile flags) if the used library was compiled with kerberos support and if the tls module was compiled with the same setting (or else we won't be able to enable the kerberos bug workarround). - more verbose start-up messages and errors - warning fixes - 2 new module parameters: tls_disable_compression (default 0) tls_force_run (default 0) -- will ignore the start-up sanity checks and continue running even if the library version/options are different References: openssl bugs #1468, #1467 & #1204 (http://rt.openssl.org)

Andrei Pelinescu-Onciul authored on 01/02/2007 04:24:06
November 15, 2006
View b5c9bd68c5

- tls init updated to the new get_max_procs() use (not allowed from mod_init()) - tls-core.patch updated to the latest tcp changes - lots of warnings and/or small errors fixed

Andrei Pelinescu-Onciul authored on 15/11/2006 19:55:13
September 19, 2006
View 079850e2ba

- applied patch from Dragos Vingarzan <vingarzan@fokus.fraunhofer.de> which moves all the forking part into 2 functions in pt.c (fork_process and fork_tcp_process). - added PROC_NOCHLDINIT rank value for Dragos's fork_process (if this value is used as child_id/rank_value the mod_child functions will not be called) - added register_procs(processes_no), used from mod_init when a module knows that it will fork some children (replaces the old process_count++ / the patch's estimated_process_count++) - added get_max_procs(): returns the maximum (estimated) number of processes

Andrei Pelinescu-Onciul authored on 19/09/2006 16:13:27
March 3, 2006
View 31c1662eab

- fixed file comments - added missing defines in header files - added missing Id tags

Jan Janak authored on 03/03/2006 15:52:11
View 38a664796d

- Support for external TLS configuration file - support for relative path names (CFG_DIR will be added automaticaly) - Support for run-time configuration re-load - tls.reload management command implemented

Jan Janak authored on 03/03/2006 11:26:53
February 22, 2006
View ca552cbb63

- by default don't require a certificate

Andrei Pelinescu-Onciul authored on 22/02/2006 13:34:00
View f875827d43

- by default don't verify any certs (server or client)

Andrei Pelinescu-Onciul authored on 22/02/2006 13:10:27
View e6526a6476

- applied Klaus Darilion patches (closes SER-98): - updated tls-core.patch - allow configuration of the default TLS-client-domain - more TLS logging during TLS initalisation and when TLS verification fails - use TLSv1 as default method - debian build: libradius-ng-dev as another alternative to the various libradius*

Andrei Pelinescu-Onciul authored on 22/02/2006 13:00:36