| #
4d65a7c6 |
|
24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
usr.sbin: Automated cleanup of cdefs and other formatting
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
|
| #
1d386b48 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
| #
88ea9628 |
|
01-Jun-2023 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tls[serv|clnt]d.c: Clean up code for OpenSSL3
There were several function calls that are deprecated for
OpenSSL1.1.1. These have been removed.
There was also a function call deprecated for OpenSSL3 and
that one has been #ifdef'd on OPENSSL_VERSION_NUMBER.
Reviewed by: emaste, ngie
Differential Revision: https://reviews.freebsd.org/D40275
|
| #
4d846d26 |
|
10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
|
| #
9630e237 |
|
27-Feb-2023 |
Vladimir Kotal <vlada@kotalovi.cz> |
report full error string on SSL_connect() failure
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/575
|
| #
3fe0cb66 |
|
21-Dec-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsclntd: Check for a tls syscall failure.
Although the tls syscall to set up the upcall should
not normally fail, the daemon should check for such
a failure. This patch adds a check for that failure.
MFC after: 1 week
|
| #
b387a075 |
|
22-May-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsclntd: Add the -2 option to the usage line
Commit 72bf76d6b8c9 added the -2 option to use
TLS 1.2 NFS-over-TLS mounts. It did not add -2
to the usage message.
This patch adds -2 to the usage message.
MFC after: 2 weeks
|
| #
f5b40aa0 |
|
22-May-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsclntd: Modify the -C option to use SSL_CTX_set_ciphersuites
Commit 0b4f2ab0e913 fixes the krpc so that it can use TLS
version 1.3 for NFS-over-TLS, as required by
the draft (someday to be an RFC).
This patch replaces SSL_CTX_set_cipher_list() with
SSL_CTX_set_ciphersuites(), since that is the function
that is used for TLS1.3.
The man page will be updated in a separate commit.
MFC after: 2 weeks
|
| #
72bf76d6 |
|
20-May-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsclntd: Add an option to force use of TLS version 1.2
Commit 0b4f2ab0e913 fixes the krpc so that it can use TLS
version 1.3 for NFS-over-TLS, as required by
the draft (someday to be an RFC).
Since FreeBSD 13.0, 13.1 use TLS version 1.2 for
NFS-over-TLS mounts, this command line option
may be used so that NFS-over-TLS mounts to 13.0, 13.1
servers will still work.
Without the command line option, NFS-over-TLS mounts
will use TLS version 1.3.
The man page update will be a separate commit.
MFC after: 2 weeks
|
| #
15881823 |
|
05-May-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsclntd, rpc.tlsservd: Fix getopt_long argument
The "C" option in the argument to getopt_long() was
missing a ":" for both rpc.tlsclntd.c and rpc.tlsservd.c.
This patch fixes this.
MFC after: 2 weeks
|
| #
c7bb0f47 |
|
10-Aug-2021 |
John Baldwin <jhb@FreeBSD.org> |
nfs tls: Update for SSL_OP_ENABLE_KTLS.
Upstream OpenSSL (and the KTLS backport) have switched to an opt-in
option (SSL_OP_ENABLE_KTLS) in place of opt-out modes
(SSL_MODE_NO_KTLS_TX and SSL_MODE_NO_KTLS_RX) for controlling kernel
TLS.
Reviewed by: rmacklem
Sponsored by: Netflix
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D31445
|
| #
b9cbc85d |
|
18-Feb-2021 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfs-over-tls: add user space daemons rpc.tlsclntd and rpc.tlsservd
The kernel changes needed for nfs-over-tls have been committed to main.
However, nfs-over-tls requires user space daemons to handle the
TLS handshake and other non-application data TLS records.
There is one daemon (rpc.tlsclntd) for the client side and one daemon
(rpc.tlsservd) for the server side, although they share a fair amount
of code found in rpc.tlscommon.c and rpc.tlscommon.h.
They use a KTLS enabled OpenSSL to perform the actual work and, as such,
are only built when MK_OPENSSL_KTLS is set.
Communication with the kernel is done via upcall RPCs done on AF_LOCAL
sockets and the custom system call rpctls_syscall.
Reviewed by: gbe (man pages only), jhb (usr.sbin/Makefile only)
Comments by: jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28430
Relnotes: yes
|