rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,054 Commits 2 Branches 28 Tags 5.5 MiB
Commit Graph

24 Commits

Author SHA1 Message Date
Omar Polo 86693a33ab add a privsep crypto engine 
Incorporate the OpenSMTPD' privsep crypto engine.  The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.

This currently compiles only on LibreSSL (portable fix is in the
way).
 2023-06-11 11:03:59 +00:00
Omar Polo 792f302ace use fatal/fatalx instead of err/errx in daemon code 2023-06-09 17:27:41 +00:00
Omar Polo deadd9e131 readd proxy certs and `require client ca' support 
Was temporarly disabled during the transition to real privsep.
While here, fix a memory leak when using `require client ca'.

Also, avoid leaking info about the parent address space layout to
server processes by not sending pointer values.
 2023-06-09 09:28:26 +00:00
Omar Polo fc9cc497e0 move some new_* functions from parse.y to utils.c 2023-06-08 15:59:53 +00:00
Omar Polo e69e1151f6 drop now unused dispatch_imsg 2023-06-08 15:57:11 +00:00
Omar Polo eae52ad493 switch to the more usual log.c 2023-06-06 11:46:40 +00:00
Omar Polo 281a8852b3 rename log.[ch] to logger.[ch] 2023-06-06 08:50:54 +00:00
Omar Polo df5058c919 provide a more usual fatal 
fatal usually appends the error string.  Add 'fatalx' that doesn't.
Fix callers and move the prototypes to log.h
 2023-06-05 17:07:52 +00:00
Omar Polo 7b27af8388 log when the certificate was successfully generated 2022-04-12 17:40:58 +00:00
Omar Polo 4842c72d9f fmt 2021-10-18 10:05:55 +00:00
Omar Polo 1eb3631d10 certificate generation (bugfix and improvement) 
don't add gmid as organisation when generating the certificate, and
set the version to 3, so it's compatible with java/android clients.

Found by Gnuserland, thanks!
 2021-05-12 17:37:22 +00:00
Omar Polo b8e64ccd44 list instead of fixed-size array for vhosts and locations 
saves some bytes of memory and removes the limit on the maximum number
of vhosts and location blocks.
 2021-03-31 16:32:18 +00:00
Omar Polo bc99d868bc refactoring: imsg everywhere 
use imsg to handle ALL kinds of IPC in gmid.  This simplifies and shorten the
code, and  makes everything more uniform too.
 2021-03-19 19:21:29 +00:00
Omar Polo 5b6dc93c8a kill debug printf 2021-02-12 12:51:47 +00:00
Omar Polo 52418c8d82 fix various compilation errors 
Include gmid.h as first header in every file, as it then includes
config.h (that defines _GNU_SOURCE for instance).

Fix also a warning about unsigned vs signed const char pointers in
openssl.
 2021-02-12 12:47:20 +00:00
Omar Polo 4283d65fc1 don't allocate BIGNUM on the stack 
on fedora 33 the BIGNUM type is opaque.  Allocate always to avoid headaches.
 2021-02-10 14:25:39 +00:00
Omar Polo 02be96c6dd add `require client ca' rule to require certs signed by a CA 2021-02-09 22:30:04 +00:00
Omar Polo 3abf91b0b4 improve logs management 2021-02-07 15:30:28 +00:00
Omar Polo ca21e10043 reload configuration on SIGHUP 2021-02-04 13:23:15 +00:00
Omar Polo 9b8f5ed2c0 revert commit 346f28eeaa 
keep mark_nonblock in utils.c, as otherwise the build for the regress
suite will fail (mark_nonblock needs fatal which is in gmid.c, and
we can't link gmid.o with the regress suite...)
 2021-02-03 14:16:39 +00:00
Omar Polo 346f28eeaa move mark_nonblock to utils.c 2021-02-02 23:03:33 +00:00
Omar Polo bcf5d929e6 ensure absolute paths in config-less mode 2021-02-01 11:07:57 +00:00
Omar Polo d2b941f34b correct copyright date 2021-01-28 16:24:03 +00:00
Omar Polo 44ee1bac8b use starts_with in puny.c 2021-01-27 15:35:09 +00:00