| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
We explicitly avoided TryAcquireSRWLockExclusive() because of crashes. This
issue was caused by a MinGW-w64 bug (mingw-w64 fix 46f77afc). Using a newer
toolchain works fine.
While try_write_lock() obviously can fail, not supporting it is not really an
option, as some algorithms depend on occasionally successful calls. Certificate
caching in the certificate manager and the cred_set cache rely on successful
try_write_lock()ing.
|
| | |
|
| |
|
|
|
|
|
|
| |
Previously we got no reference to the cached issuer certificate
before releasing the lock of the cache line, this allowed other
threads, or even the same thread if it replaces a cache line, to
destroy that issuer certificate in cache() (or flush()) before
get_ref() for the issuer certificate is finally called.
|
| |
|
|
|
|
|
| |
We actually need to do a byte-swap, which ntohs() only does on
little-endian systems.
Fixes #747.
|
| |
|
|
|
|
|
| |
ntohs() might be defined as noop (#define ntohs(x) (x)) so we have
to manually shorten the negated value (gets promoted to an int).
Fixes #747.
|
| | |
|
| |
|
|
|
|
| |
This fixes some vici test cases on OS X, where the test thread tries to cancel
the watcher thread during cleanup, but fails as select() does not honor the
pre-issued cancellation request.
|
| |
|
|
| |
On OS X, the /bin/sh built-in echo does not support -n.
|
| |
|
|
|
| |
But use the (builtin) shell commands instead, as on OS X true/false are under
/usr/bin.
|
| |
|
|
| |
Fixes OS X build.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
env var
|
| |
|
|
|
|
|
|
|
| |
To use SSL in curl, we need to initialize the SSL library in a thread-safe
manner and provide the appropriate callbacks. As we already do that in our
crypto plugins using these libraries, we depend on these features.
This implies that we need the same plugin enabled (openssl, gcrypt) as the
curl backend is configured to use to fetch from HTTPS URIs.
|
| | |
|
| |
|
|
|
| |
This function is called by libcurl initialization with SSL, and uses
a static allocation of compression algorithms not freed.
|
| |
|
|
| |
If initialization fails, we fall back to the old behavior.
|
| |
|
|
|
| |
This allows a user to check if the watcher is actually running, and potentially
perform read operations directly instead of relying on watcher.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Since 4b670a20 we require an explicit strongswan.conf to re-load configurations.
However, the define was missing in the build, breaking SIGHUP based config
reloading.
Fixes #651.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
authentication rounds
Due to the issue described in c641974, purge() inadvertently destroyed
CA certificates that should have been kept (while the pointer to these
objects remained in the array). This lead to incorrect reference counts
and after a few reauthentications with multiple authentication rounds,
which cause calls to purge(TRUE), to crashes.
|
| |
|
|
| |
For ARRAY_TAIL we most often want to call remove_tail() not remove_head().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because enumerate() for value based arrays returns a pointer directly to
the internal array elements and because array_remove_at() or rather the
called array_remove() may move elements over the element at the currently
enumerated position, the pointer passed to enumerate() will point to a
different array element after the array_remove_at() call. The caller
will thus operate on the wrong element if that pointer is accessed again
before calling enumerate().
For performance reasons we currently don't change the implementation to copy
each array element during enumeration to a private member of the enumerator and
return a pointer to that. Similarly, due to the danger of subtle bugs we don't
remember the pointer passed to enumerate() to later redirect it to a copy
created during the array_remove_at() call.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
In the previous implementation queued jobs could prevent a service from
getting destroyed. This could have lead to a deadlock when the
processor is cancelled. Now destroy() still blocks, but waits only for
actually running tasks. The service instance is reference counted so that
queued jobs can safely be destroyed.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Calling on_accept() sometimes lead to deadlocks when service->destroy()
was called concurrently. That is, two threads waiting in on_accept() but
the last worker would only wake one due to the call to signal(). Calling
broadcast() wouldn't help either as that could lead to crashes if the thread
that called destroy() is woken first.
This is also more efficient as a constant pool of concurrent workers can
be maintained, otherwise peaks at the limit were followed by only a single
worker being active.
|
| | |
|
| |
|
|
|
|
|
|
| |
Because this->thread is also read by threads that don't hold the
mutex the previous implementation was problematic (especially since
pthread_t is an opaque type of unknown length).
Fixes #654.
|
| |
|
|
| |
It seems libcurl does not always return an error message.
|
| |
|
|
|
| |
Listing test suites in TESTS_SUITES_EXCLUDE allows excluding specific
test suites from running.
|
| |
|
|
| |
Fixes #688.
|
| |
|
|
|
|
|
|
|
| |
This won't hurt as long as sets and validators are of the same class.
But as soon as one of the object's class is changed this will cause
either a compile error (best option), or result (most likely) in a
crash.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
|
| |
|
|
| |
This should avoid errors such as the one fixed with 118b2879.
|
| |
|
|
|
| |
These are useful to assert constants during build time. We evaluate the
expression to 0 when valid, so we can safely use the evaluated value.
|
| |
|
|
|
|
|
|
| |
To avoid any race conditions when multiple threads call and initialize
diffie_hellman_get_params(), explicitly examine the optimum DH exponent size
during library initialization.
Fixes #655.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
As the behavior was inconsistent for empty strings or strings with characters
appended to a number, testing the code failed on some platforms. The new rules
are more strict, returning the default if additional characters or an empty
string was found for a setting.
|
| |
|
|
|
| |
Some platforms, such as OS X, use macros for these functions. Undefine them
to avoid compiler warnings.
|
