GitLab

Conflicts:
	ChangeLog

Patch by Stephen Röttger.

Patch by Stephen Röttger.

Patch by Stephen Röttger.

Patch by Stephen Röttger.

Patch by Christian Hesse.

Conflicts:
	radsecproxy.c

Conflicts:
	radmsg.h

Conflicts:
	ChangeLog

Also when copying of the first attribute fails.

Doh!

Closes RADSECPROXY-53.

Closes RADSECPROXY-52.

Some of these were revived in 4c163b1e bc they were supposedly not
generated when running autogen.sh. That's not the case (any more) so
let's avoid checking in generated files.

Note that these files will be included in tar balls made from make
dist.

Patch by Fabian Mauchle.

Also signal the "client writer" (clientwr()).
Together, this should result in TLS connections being cleaned up properly.

Patch by Fabian Mauchle.

Also, don't select() at all if SSL_pending() says there's data to
read.

Patch by Fabian Mauchle.

They are pointers into static struct hash *rewriteconfs and should
live forever.

Patch by Fabian Mauchle.

Also, in a lame attempt att giving credit for last commit where I
failed at doing that:

  4920ff44 is a patch from Fabian Mauchle.

Have free(3) call sbrk(2) when there's 4 MB to free (default on Linux
seems to be 128).

Patch by Fabian Mauchle.

Conflicts:
	configure.ac

On Linux, the default stack size is typically 8 MB.

Patch by Fabian Mauchle.

Closes RADSECPROXY-51.

Spotted by Simon Lundström.

Bug found by Simon Lundström and jocar.

Conflicts:
	radsecproxy-hash.c

That interface is a bit surprising. radsecproxy-hash(1) was indeed
bitten by it.

Also, make _format_hash() behave consistently even when out_len < 3.

Conflicts:
	fticks_hashmac.c

1.6.2 is already released but correct ChangeLog info is good.

Commit db965c9b addressed TLS clients only.

When verifying DTLS clients, don't consider config blocks with CA
settings ('tls') which differ from the one used for verifying the
certificate chain.

Original issue reported and analysed by Ralf Paffrath. DTLS being
vulnerable reported by Raphael Geisser.

Addresses issue RADSECPROXY-43, CVE-2012-4523.