summaryrefslogtreecommitdiffstats
path: root/usr.sbin/syslogd/evbuffer_tls.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* If syslogd is started with -S, it accepts TLS connections to receivebluhm2015-10-091-1/+14
| | | | | | encrypted messages. The server certificates are taken from /etc/ssl like relayd does. OK benno@ beck@ deraadt@
* Misuse of libevent in TLS read and write might have caused strangebluhm2015-09-201-56/+39
| | | | | | | | | | | | | | | event loss in syslogd. The ev_read and ev_write event structures were used for both EV_READ and EV_WRITE events intermixedly. The correct way is to use each event for its read and write purpose and instead switch the handler. Then libevent is no longer confused. When doing TLS read and a TLS_WANT_POLLOUT occures, call event_set() for the write event to change the callback to read. As there might be an event scheduled on the event, call event_del() before event_set(). After a successful TLS read, change back the write event. Add analog code for TLS write and handshake. OK beck@
* Convert syslogd TLS connect to use handshake callback. The bt_hostnamebluhm2015-09-101-10/+9
| | | | | | | | | | can go away as the callback does not need the hostname anymore. Call tls_handshake() until successful. Remove the function tls_socket() as it has a bad prefix. Just call tls_client(), tls_configure() and tls_connect_socket() after the TCP socket has been created. There is no need to wait until TCP connect has finished. OK beck@ jsing@
* Make syslogd compile again after recent libtls changes. Adapt tobluhm2015-09-101-18/+16
| | | | | | new tls_read() and tls_write() calling semantics, adapt to TLS_WANT_POLLIN and TLS_WANT_POLLOUT renaming. OK beck@
* As libtls previously did not set SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER,bluhm2015-07-181-4/+1
| | | | | | | | syslogd had to drop messages after tls_write() returned TLS_{READ,WRITE}_AGAIN. Now after libtls has been fixed, remove the workaround. Messages are stored in the libevent write buffer as we can safely do a realloc(3) now. OK reyk@
* Remove some unneeded includes. OK deraadt@millert2015-07-061-2/+1
|
* When syslogd is writing over TLS, the error "SSL3_WRITE_PENDING:badbluhm2015-02-201-1/+4
| | | | | | | | | | | | | | | write retry" may occur. Unfortunately libtls tls_write() has inherited the strange semantics regarding partial writes and buffer movement from SSL_write(). This will be investigated after unlock, the goal is to have the behavior of write(2) in libtls. For now add a workaround in syslogd. If tls_write() indicates that it needs a read or write again, stop modifying the output buffer. Instead drop and count the syslog messages. After writing over TLS was successful, continue to queue the messages. This solution has minimum inpact and will be improved after 5.7 release. discussed with tedu@ reyk@ jsing@; OK tedu@
* Start TLS after the TCP connect has finished. Call the TLS connectbluhm2015-01-301-2/+3
| | | | | | callback when the connected socket is writable. This avoids calling a NULL error callback. OK deraadt@
* Implement sending syslog messages over TLS.bluhm2015-01-181-0/+357
OK reyk@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.