correctly itself now. At leat considering the end of life times of
OpenBSD releases and the speed at which the root key signing key (KSK)
rolls.
On the other hand, unbound-anchor assumes a certain network quality
which we cannot guarantee in places where we want to run unwind(8).
This in turn can lead to unbound-anchor stalling the boot process.
Note that unwind(8) works without a config file in many (most?) cases.
This provides an example on how to use the captive portal detection
feature.
Input benno
Input & OK sthen
Actually specify whether the certificate is not yet valid or has expired,
and log the actual time values to hopefully save some head scratching.
ok deraadt@ tb@
Given that we're getting a constraint so that we can validate time, if our
own time is out we can fail the automatic validity checking since it is
based on the wallclock. Instead, disable the automatic validity checking
and perform manual checks based on the time reported from the server via
the HTTP header.
Discussed at length with and ok deraadt@
sure pexp matches the process (i.e. doesn't include the quotes).
It's a bit hackish but it allows things like these in rc.conf.local:
relayd_flags=-D IPS="1.2.3.4 2.3.4.5"
And we properly end up with...
$ grep ^pexp /var/run/rc.d/relayd
pexp=/usr/sbin/relayd -D IPS=1.2.3.4 1.2.3.5
... which matches what is in the process list:
root 14217 <snip> 0:00.01 /usr/sbin/relayd -D IPS=1.2.3.4 1.2.3.5
There's always the possibility that we have introduced a regressions with hand
crafted functions in rc.d scripts (mostly from packags), so watch out.
reported by and debugged with claudio@
* mention LC_COLLATE;
* clarify that all these functions are infested, including the *_l() versions;
* avoid ENVIRONMENT, these functions don't inspect it;
* and point to the C library functions that change the locale.
OK millert@
clearly stating which arguments have to be avoided, and mention the
header files defining the constants required for the checks.
Feedback and OK guenther@, OK bluhm@.
CAVEATS pointing to the new CAVEATS section in setlocale(3).
Make those in wprintf(3) and wscanf(3) more concise
since duplicate information is a bad idea.
Incompleteness of information originally pointed out by millert@.
OK millert@
Many arm64 systems use device trees instead of ACPI and acpidump is
expectected to fail on those systems. And vmm(4) doesn't provide ACPI
information either.
ok deraadt@
making the number of pools variable. Do not document the malloc
conf settings atm, don't know yet if they will stay. Thanks to all
the testers. ok deraadt@