2023-12-09 20:10:12 by Amitai Schleier | Files touched by this commit (3) | |
Log message:
ucspi-ssl: update to 0.12.10. Changes:
0.12.8:
- Added new x509 certs and key material; all ECC now.
- Fixed wrong evaluation of peer cert in ssl_verify (none-critical).
0.12.9:
- Included IP info in sslserver's TLS error messages for a quick lookup.
- Fixed sslhandle's wrong if nesting.
- sslserver return FATAL (and not ERROR) in case TLS is requested but missing.
- Enhanced compatibility with OpenSSL 3.x.y.
0.12.10:
- Added argument '-y cdb' to sslserver in order to allow a rule checking
for IP addresses prior of the DNS/IDENT lookup (to cope with DDos attacks).
|
2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message:
*: bump for openssl 3
|
2023-07-06 11:43:03 by Thomas Klausner | Files touched by this commit (2483) |
Log message:
*: recursive bump for perl 5.38
|
2023-06-07 17:11:53 by Amitai Schleier | Files touched by this commit (2) |
Log message:
ucspi-ssl: remove non-meaningful 'inet6' option. Bump PKGREVISION.
The dependency was to ensure the runtime presence of tcprules(1),
described at HOMEPAGE thus:
Optional but indispensible: ucspi-tcp6 to build the cdb to control
incoming connections for sslserver using tcprules coming with the
ucspi-tcp6 package. Older versions of ucspi-tcp can be used as well,
but don't provide neither IPv4 CIDR nor IPv6 capabilities. The
generated cdb however, is binary compatible among all versions.
Depending on either of net/ucspi-tcp{,6} here was complicating the
dependency graph in exchange for... still getting in the way of other
packages installing what they need (e.g. mail/bincimap). Trust the
sysadmin to notice if they don't already have tcprules and decide what
to install in that case.
|
2023-05-29 13:52:59 by Amitai Schleier | Files touched by this commit (2) |
Log message:
Update to 0.12.7. From the changelog:
- sslserver MAXCONIP feature is working now from the cdb read by
the children.
- MAXCONIP works even the general limit is 0.
- Fixed wrong '-m' option for sslserver.
- Added ip and port information in case sslserver/sslclient can't bind
to local addresses.
- Tweaked rts to include external load libraries.
|
2023-04-04 20:47:29 by Amitai Schleier | Files touched by this commit (2) |
Log message:
Update to 0.12.6. From the changelog:
- ssl_io uses now two specific return codes under condition 'BOMB'
avoiding unnecessary error messages in case of TLS client termination.
- ssl_io.c closes TLS connection gracefully upon SSL_ERROR_SSL recognition and \
not continue looping.
- Included tests on tai_now in ssl_timeout.c and removed obsolete pollmax variables.
|
2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952) |
Log message:
*: recursive bump for perl 5.36
|
2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958) |
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
|
2021-10-22 00:29:57 by Amitai Schleier | Files touched by this commit (2) |
Log message:
Update to 0.12.3. From the changelog:
- sslhandle to bind to IPv4 sockets, if told so.
- Compatibility tests with OpenSSL 3.0. Still preliminary.
|
2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962) |
Log message:
net: Remove SHA1 hashes for distfiles
|