June 7, 2007
View 30b49d1717

- updated all the child_init users to ignore or treat specially the PROC_INIT rank

Andrei Pelinescu-Onciul authored on 07/06/2007 21:46:56
February 28, 2007
View 66fff017aa

- added low_mem_threshold1 & low_mem_threshold2 (the ammount of free memory from which tls operations will start to fail preemptively is now configurable; by default the value depends on the number of processes) - doc update

Andrei Pelinescu-Onciul authored on 28/02/2007 01:38:47
February 10, 2007
View 6a8994c40b

- use the new tls hooks api (the core patch is no longer necessary) - renamed some of tls_.* functions to tls_h_.* to avoid name conflicts with the core - fixed shutdown tls before tcp bug (if ser was stopped while tls connections were still active, the tls module was destroyed before tcp => crash when tcp tried to close the tls connections). Now all the destroy operation are moved into the new destroy_tls hook and the module destroy function is empty.

Andrei Pelinescu-Onciul authored on 10/02/2007 19:02:04
February 1, 2007
View fc660aae7d

- openssl compression bug detect/workaround enabled at runtime (if zlib compression is detected, we replace openssl version with ours). The previous version had this fix but it was enabled only at compile-time. - SSL_OP_TLS_BLOCK_PADDING_BUG option disabled if 0.9.8 <= openssl < 0.9.8c and compresion is used (check at runtime) - more start-up sanity checks: - check if openssl used library version is close enough to the library with which the tls module was compiled (header files) For now it checks for the same major, minor and fix level (e.g. 0.9.8a && 0.9.8c are ok, 0.9.7b and 0.9.8a are not) - try to auto-detect (using the compile flags) if the used library was compiled with kerberos support and if the tls module was compiled with the same setting (or else we won't be able to enable the kerberos bug workarround). - more verbose start-up messages and errors - warning fixes - 2 new module parameters: tls_disable_compression (default 0) tls_force_run (default 0) -- will ignore the start-up sanity checks and continue running even if the library version/options are different References: openssl bugs #1468, #1467 & #1204 (http://rt.openssl.org)

Andrei Pelinescu-Onciul authored on 01/02/2007 04:24:06
January 17, 2007
View b2aa9fd79c

- timeouts fixed (all the tcp timeouts use now ticks and not seconds)

Andrei Pelinescu-Onciul authored on 17/01/2007 20:24:05
November 15, 2006
View b5c9bd68c5

- tls init updated to the new get_max_procs() use (not allowed from mod_init()) - tls-core.patch updated to the latest tcp changes - lots of warnings and/or small errors fixed

Andrei Pelinescu-Onciul authored on 15/11/2006 19:55:13
March 3, 2006
View e618d0eac5

- deallocate lock only if it was really allocated - implemented tls.init (lists all existing TLS connections)

Jan Janak authored on 03/03/2006 18:23:47
View 31c1662eab

- fixed file comments - added missing defines in header files - added missing Id tags

Jan Janak authored on 03/03/2006 15:52:11
View 5303a64387

- make sure tls modparams do not overview defaults for the external configuration file

Jan Janak authored on 03/03/2006 12:26:07
View 38a664796d

- Support for external TLS configuration file - support for relative path names (CFG_DIR will be added automaticaly) - Support for run-time configuration re-load - tls.reload management command implemented

Jan Janak authored on 03/03/2006 11:26:53
February 22, 2006
View f1eadbe56e

- TLS configuration file parser (not yet integrated with rest of tls module)

Jan Janak authored on 22/02/2006 23:37:19
View e6526a6476

- applied Klaus Darilion patches (closes SER-98): - updated tls-core.patch - allow configuration of the default TLS-client-domain - more TLS logging during TLS initalisation and when TLS verification fails - use TLSv1 as default method - debian build: libradius-ng-dev as another alternative to the various libradius*

Andrei Pelinescu-Onciul authored on 22/02/2006 13:00:36
January 28, 2006
View dd0647fba0

Preliminary TLS module (requires core patch which is attached), the module contains: - Many bugfixes and better implementation of tls_write and tls_read by Andrei - openssl compression fix by Andrei - extended tls multi-domain support (most parameters can be configured to different values in different domains) - support for outgoing domains (not complete) - support for certificate based authentication through selects ( if @tls.peer == "Bob") ... - the tls code is merge of experimental/tls and Andrei's tls to get best of both

Jan Janak authored on 28/01/2006 12:34:31