Commits · 3682c935facf5ccd7fa600644bbb76957155c680 · eduroam / radsecproxy

22 Oct, 2012 3 commits

Don't mix up pre- and post-handshake verification of DTLS clients. · 3682c935

Linus Nordberg authored Oct 19, 2012

Commit db965c9b addressed TLS clients only.

When verifying DTLS clients, don't consider config blocks with CA
settings ('tls') which differ from the one used for verifying the
certificate chain.

Original issue reported and analysed by Ralf Paffrath. DTLS being
vulnerable reported by Raphael Geisser.

Addresses issue RADSECPROXY-43, CVE-2012-4523.

3682c935

Update documentation on default secret for TLS and DTLS. · b04eb90f
Linus Nordberg authored Oct 19, 2012
```
The change was done in radsecproxy-1.6 (2012-04-27) but wasn't
documented properly.
```
b04eb90f
Bump version. · 7393c837
Linus Nordberg authored Oct 19, 2012

7393c837

18 Oct, 2012 1 commit
- Update ChangeLog with CVE id for RADSECPROXY-43. · c0b177d0
  Linus Nordberg authored Oct 18, 2012
  
  c0b177d0
14 Sep, 2012 3 commits
- Bump version in configure.ac too. · de6618b9
  Linus Nordberg authored Sep 14, 2012
  
  de6618b9
- radsecproxy-1.6.1 · 90348a43
  Linus Nordberg authored Sep 14, 2012
  
  90348a43
- Document the effects of RADSECPROXY-43. · 98856495
  Linus Nordberg authored Sep 14, 2012
```
https://project.nordu.net/browse/RADSECPROXY-43
```
  98856495
13 Sep, 2012 1 commit

Don't mix up pre- and post-handshake verification of clients. · db965c9b

Linus Nordberg authored Sep 13, 2012

When verifying clients, don't consider config blocks with CA
settings ('tls') which differ from the one used for verifying the
certificate chain. Reported by Ralf Paffrath.

Reported and analysed by Ralf Paffrath.

Addresses issue RADSECPROXY-43.

db965c9b

13 Aug, 2012 2 commits
- Make naptr-eduroam.sh check NAPTR type case insensitively. · 8d287300
  Linus Nordberg authored Aug 13, 2012
```
Fix by Adam Osuchowski.
```
  8d287300
- Fix typo in ChangeLog. · 972e0b78
  Linus Nordberg authored Aug 13, 2012
  
  972e0b78
23 May, 2012 4 commits

New versions of generated files from the Autotools. · 556e9e11
Linus Nordberg authored May 18, 2012

556e9e11
Bump version to 1.6.1-dev. · b6f78c90
Linus Nordberg authored May 18, 2012

b6f78c90

manpage fix: use minus signs instead of hyphens · 65ae0b37

Faidon Liambotis authored May 23, 2012

To: radsecproxy@uninett.no
Cc: Faidon Liambotis <paravoid@debian.org>
Date: Wed, 23 May 2012 01:50:26 +0300

groff interprets "-" as hyphens (U+2010) and not as minus signs
(U+002D). Process arguments are clearly being done with minus signs, so
escape them properly and make copy/paste work again.

65ae0b37

Tiny spelling fix on radsecproxy.conf.5.xml · 0a15fe00

Faidon Liambotis authored May 23, 2012

To: radsecproxy@uninett.no
Cc: Faidon Liambotis <paravoid@debian.org>
Date: Wed, 23 May 2012 01:50:27 +0300

s/specifed/specified/

0a15fe00

27 Apr, 2012 3 commits
- radsecproxy-1.6. · 40e8d53c
  Linus Nordberg authored Apr 27, 2012
  
  40e8d53c
- radsecproxy-1.6-rc2. · 54531600
  Linus Nordberg authored Apr 27, 2012
  
  54531600
- Release a lock. · a23b7119
  Linus Nordberg authored Apr 27, 2012
```
Patch from Ralf Paffrath <paffrath@dfn.de>.
```
  a23b7119
26 Apr, 2012 3 commits
- radsecproxy-1.6-rc1. · 9ce22579
  Linus Nordberg authored Apr 26, 2012
  
  9ce22579
- Add experimental code for dynamic discovery (only if ENABLE_EXPERIMENTAL_DYNDISC). · 07238516
  Linus Nordberg authored Apr 26, 2012
```
Patch from Ralf Paffrath <paffrath@dfn.de>.
```
  07238516
- Add configure option --enable-experimental-dyndisc. · c6d33673
  Linus Nordberg authored Apr 26, 2012
  
  c6d33673
17 Apr, 2012 5 commits
- Ready for radsecproxy-1.6-rc0. · 8c8d6467
  Linus Nordberg authored Apr 17, 2012
  
  8c8d6467
- Document the IPv4Only and IPv6Only options. · 54e88b00
  Linus Nordberg authored Apr 17, 2012
```
RADSECPROXY-37.
```
  54e88b00
- Initialize ipv4only and ipv6only. · ddd985a9
  Linus Nordberg authored Apr 16, 2012
  
  ddd985a9
- Add top-level config options IPv4Only and IPv6Only. · 2feba60a
  Linus Nordberg authored Apr 13, 2012
```
Related to RADSECPROXY-37.

TODO: Add documentation.
```
  2feba60a
- Add client and server config options IPv4Only and IPv6Only. · 883992d8
  Linus Nordberg authored Apr 13, 2012
```
Related to RADSECPROXY-37.

TODO: Add documentation.
```
  883992d8
16 Apr, 2012 5 commits
- Use printf(1) instead of 'echo -e' in tools/ scripts. · 2f7eb5a9
  Linus Nordberg authored Apr 16, 2012
```
Closes RADSECPROXY-40.
```
  2f7eb5a9
- Update documentation to reflect the change of the default place to look for radsecproxy.conf. · 9e391efe
  Linus Nordberg authored Apr 16, 2012
  
  9e391efe
- Add a note about the change of default place to look for radsecproxy.conf. · a1e93638
  Linus Nordberg authored Apr 16, 2012
  
  a1e93638
- Correct changelog entry for RADSECPROXY-33. · f4457a2f
  Linus Nordberg authored Apr 16, 2012
  
  f4457a2f
- Block a dynamic server for 15 minutes if it's not working. · e506e1b1
  Linus Nordberg authored Apr 16, 2012
```
This is the old number.  We used 1 minute during testing.
```
  e506e1b1
12 Apr, 2012 10 commits
- Document the DynamicLookupCommand option. · c807e7de
  Linus Nordberg authored Apr 12, 2012
```
Closes RADSECPROXY-36.
```
  c807e7de
- Merge branch 'master' into dynconf2 · 0b229b06
  Linus Nordberg authored Apr 12, 2012
  
  0b229b06
- Revert "Document the DynamicLookupCommand option." · 28e1381a
  Linus Nordberg authored Apr 12, 2012
```
This goes in branch dynconf2.

This reverts commit dbcc9977.
```
  28e1381a
- Add a blurb on dynamic lookup in ChangeLog. · d293d8bf
  Linus Nordberg authored Apr 11, 2012
  
  d293d8bf
- Add dynamic config updates to ChangeLog. · 5fad8c33
  Linus Nordberg authored Apr 10, 2012
  
  5fad8c33
- Assert that the conf has at least one host in addserverextraudp(). · 872de3db
  Linus Nordberg authored Apr 10, 2012
```
Dynamic servers has clearly never been run on UDP servers.
We should probably do something less evil than crashing here.
Closes RADSECPROXY-26.
```
  872de3db
- Don't treat exit 10 from dynamic scripts differently from any other non-zero code. · 8b7224cf
  Linus Nordberg authored Apr 10, 2012
```
clientwr() should treat the dynamic lookup as a failure and will not
be any happier to know that the exact error was that it didn't resolv.
The script can do whatever logging is wanted.

That said, this commit also makes the scripts exit with 10 in order to
signal failure.
```
  8b7224cf
- Keep track of a failing dynamic server and don't use it while failing. · 39e90a8c
  Linus Nordberg authored Apr 03, 2012
```
Also, sleep less than 15 minutes (900s), mainly for testing.  This
number will change.

Also, die hard and explicitly if freeing an already freed config in
freeclsrvconf().

This is part of fixing RADSECPROXY-33.
```
  39e90a8c
- Use /bin/sh rather than /bin/bash in scripts. · 688e7b73
  Linus Nordberg authored Apr 12, 2012
```
Using /bin/bash isn't portable.
```
  688e7b73
- Use built-in echo rather than /bin/echo. · 81c711a7
  Linus Nordberg authored Apr 12, 2012
```
`-e' to /bin/echo isn't portable.  The BSD's lacks it for instance.
```
  81c711a7