628 Commits (9268532441b941fd01f247ebcf1907b8075373ff)

Author SHA1 Message Date
  deraadt 247cc87989 (unsigned) means (unsigned int) which on ptrdiff_t or size_t or other 5 years ago
  jsing 37b88a442e Improve logging for TLS certificate validity checking. 5 years ago
  jsing 64715c5af0 Explicitly check timegm() return value. 5 years ago
  jsing ec351717c5 Perform manual validity checking of the X.509 certificate for constraints. 5 years ago
  otto 7a31e61809 Don't use *a - *b as compare idiom, it does not work as expected for 5 years ago
  florian ea28228b66 Prevent multiple ntpds from tripping over each other. 5 years ago
  tedu b233898e51 log dns failures, even if temporary. ok benno 5 years ago
  tedu d1794e488e update for libtls default cert changes. 6 years ago
  jsing 3fab6cbb08 Use TLS_CA_CERT_FILE instead of a separate define. 6 years ago
  jsing cf2ba9bd55 Be stricter with TLS configuration for ntpd constraints. 6 years ago
  sashan 6d2498c22d - odd condition/test in PF lexer 6 years ago
  kn 183780a91b Make host_*() AF-agnostic 6 years ago
  deraadt 48ecc0761d the main process must chdir to /, since it cannot have daemon() do the 6 years ago
  deraadt a27b872488 ntpd unveils the cert.pem "r" file (which is passed-over-socket to the 6 years ago
  mestre 7b9d9ca1a6 Revert back previous commit, we have decided that socket files don't cause any 6 years ago
  mestre b448df251e ntpd(8) has logic in place to delete its control socket on shutdown, but it 6 years ago
  sthen 19c0bfe36b revert previous, something isn't quite right as clients see ntpd 6 years ago
  henning 8dc6551ff1 if we couldn't update the clock for ~1h due to lack of data from peers and 6 years ago
  krw b977896d36 No need to mention which memory allocation entry point failed (malloc, 6 years ago
  krw 81de90466c Be consistent in warn() and log_warn() usage when 6 years ago
  jmc a333c4129f ntpd has been on by default for over two years now, so rework 7 years ago
  naddy 8082e34065 zero out sockaddr_in before use; fixes use of stack garbage as port number 7 years ago
  job 90b075737d naddy@ reported confusion on why "query from" seemed to be ignored in 7 years ago
  jmc 20dd90153e tweak previous; 7 years ago
  benno 184c157e2f add option "query from <ip>" to ntpd.conf, to specify a local IP 7 years ago
  otto 9b92ee0342 don't manipulate hdr.len, it's used internally by libutil now; ok florian@ 7 years ago
  bluhm 21256fb318 From a syslog perspective it does not make sense to log fatal and 7 years ago
  gsoares ef079a5b2e *nargv[] holds an array of pointers, so it should be 7 years ago
  phessler af3e6c4339 add logging messages to distinguish which safty check failed 7 years ago
  reyk 99d11625c1 Stop accessing verbose and debug variables from log.c directly. 7 years ago
  krw 58841e22f6 Replace hand-rolled for(;;) traversal of ctl_conns TAILQ with 7 years ago
  reyk ccbed53971 Sync log.c with the latest version from vmd/log.c that preserves errno 7 years ago
  jmc e78f38adba markup from jan stary; 8 years ago
  rzalamena 19841ef136 Use the stack to hold the constraint child process variables instead of 8 years ago
  mestre 39fc6c9a98 Remove unused variable which was leaking memory, and while here remove 2 other 8 years ago
  rzalamena f8b06a2b6a Check for EAGAIN on imsg_flush() return otherwise we might be failing 8 years ago
  rzalamena f3735931aa Save the constraint process pid by getting the start_child() return value, 8 years ago
  reyk 138484b6d2 copy updated log.c from vmd: for correctness, save errno when doing 8 years ago
  rzalamena c82eb97e2b Fix a possible bug that will happen with dup2() when oldd == newd. In that 8 years ago
  rzalamena 4c66ab656c Teach ntpd(8) constraint process to use exec*() instead of just forking, 8 years ago
  rzalamena 4e462f2ebb Teach ntpd(8) how to use socket status to shutdown the daemon. While at 8 years ago
  rzalamena 1305c0d5de Teach ntpd(8) how to fork+exec. 8 years ago
  reyk 5ec8dcba4c Add clarifications ("comments") to three places where it wasn't 8 years ago
  reyk d7b0c49beb Fix copyright disclaimer in util.c. 8 years ago
  reyk 08ed721594 Remove the oh so funny "LOSS OF MIND" from the diclaimer that was not 8 years ago
  guenther 2f48ecaf36 Pull in <sys/time.h> for struct timespec, timeval, or clockrate 8 years ago
  jsing 9801e4d851 Adjust existing tls_config_set_cipher() callers for TLS cipher group 8 years ago
  deraadt 4bee7f5ac6 ntpd is too aggressive about retrying constraint connections. This 8 years ago
  jsing f819d84119 Harden TLS for ntpd constraints - stop disabling server name verification, 8 years ago
  jsing 74da5f732a Unconfuse things by renaming variables to match their contents. 8 years ago