#
4d65a7c6 |
|
24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
usr.sbin: Automated cleanup of cdefs and other formatting Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
|
#
1d386b48 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
88ea9628 |
|
01-Jun-2023 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tls[serv|clnt]d.c: Clean up code for OpenSSL3 There were several function calls that are deprecated for OpenSSL1.1.1. These have been removed. There was also a function call deprecated for OpenSSL3 and that one has been #ifdef'd on OPENSSL_VERSION_NUMBER. Reviewed by: emaste, ngie Differential Revision: https://reviews.freebsd.org/D40275
|
#
4d846d26 |
|
10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
|
#
9630e237 |
|
27-Feb-2023 |
Vladimir Kotal <vlada@kotalovi.cz> |
report full error string on SSL_connect() failure Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/575
|
#
3fe0cb66 |
|
21-Dec-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsclntd: Check for a tls syscall failure. Although the tls syscall to set up the upcall should not normally fail, the daemon should check for such a failure. This patch adds a check for that failure. MFC after: 1 week
|
#
b387a075 |
|
22-May-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsclntd: Add the -2 option to the usage line Commit 72bf76d6b8c9 added the -2 option to use TLS 1.2 NFS-over-TLS mounts. It did not add -2 to the usage message. This patch adds -2 to the usage message. MFC after: 2 weeks
|
#
f5b40aa0 |
|
22-May-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsclntd: Modify the -C option to use SSL_CTX_set_ciphersuites Commit 0b4f2ab0e913 fixes the krpc so that it can use TLS version 1.3 for NFS-over-TLS, as required by the draft (someday to be an RFC). This patch replaces SSL_CTX_set_cipher_list() with SSL_CTX_set_ciphersuites(), since that is the function that is used for TLS1.3. The man page will be updated in a separate commit. MFC after: 2 weeks
|
#
72bf76d6 |
|
20-May-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsclntd: Add an option to force use of TLS version 1.2 Commit 0b4f2ab0e913 fixes the krpc so that it can use TLS version 1.3 for NFS-over-TLS, as required by the draft (someday to be an RFC). Since FreeBSD 13.0, 13.1 use TLS version 1.2 for NFS-over-TLS mounts, this command line option may be used so that NFS-over-TLS mounts to 13.0, 13.1 servers will still work. Without the command line option, NFS-over-TLS mounts will use TLS version 1.3. The man page update will be a separate commit. MFC after: 2 weeks
|
#
15881823 |
|
05-May-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsclntd, rpc.tlsservd: Fix getopt_long argument The "C" option in the argument to getopt_long() was missing a ":" for both rpc.tlsclntd.c and rpc.tlsservd.c. This patch fixes this. MFC after: 2 weeks
|
#
c7bb0f47 |
|
10-Aug-2021 |
John Baldwin <jhb@FreeBSD.org> |
nfs tls: Update for SSL_OP_ENABLE_KTLS. Upstream OpenSSL (and the KTLS backport) have switched to an opt-in option (SSL_OP_ENABLE_KTLS) in place of opt-out modes (SSL_MODE_NO_KTLS_TX and SSL_MODE_NO_KTLS_RX) for controlling kernel TLS. Reviewed by: rmacklem Sponsored by: Netflix MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D31445
|
#
b9cbc85d |
|
18-Feb-2021 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfs-over-tls: add user space daemons rpc.tlsclntd and rpc.tlsservd The kernel changes needed for nfs-over-tls have been committed to main. However, nfs-over-tls requires user space daemons to handle the TLS handshake and other non-application data TLS records. There is one daemon (rpc.tlsclntd) for the client side and one daemon (rpc.tlsservd) for the server side, although they share a fair amount of code found in rpc.tlscommon.c and rpc.tlscommon.h. They use a KTLS enabled OpenSSL to perform the actual work and, as such, are only built when MK_OPENSSL_KTLS is set. Communication with the kernel is done via upcall RPCs done on AF_LOCAL sockets and the custom system call rpctls_syscall. Reviewed by: gbe (man pages only), jhb (usr.sbin/Makefile only) Comments by: jhb MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D28430 Relnotes: yes
|