cdc2e2d2f9b1065c0d4c50a4166d16845d4519dc |
|
13-Oct-2014 |
Jacob Appelbaum <jacob@appelbaum.net> |
add PR_SET_NO_NEW_PRIVS to tlsdate-helper
/external/tlsdate/src/tlsdate-helper.h
|
2d9fd234e2887fdb29c6c09f66ade0a8b32c3ba7 |
|
16-Sep-2014 |
Will Drewry <wad@chromium.org> |
Merge branch 'master' of https://chromium.googlesource.com/chromiumos/third_party/tlsdate into upstream This is the initial merge of the Chromium OS fork of tlsdated. It adds a dependency in libevent2 and removes the custom event solution and adds a platform-specific hook for integrating with platform signals (like network readiness). Signed-off-by: <redpig@dataspill.org> Conflicts: Makefile.am configure.ac man/tlsdate-dbus-announce.1 man/tlsdated.8 src/Makefile.am src/compat/clock-linux.c src/compat/clock.h src/conf-unittest.c src/conf.c src/include.am src/proxy-bio.c src/test/proxy-override.c src/tlsdate-dbus-announce.c src/tlsdate-helper.c src/tlsdate.c src/tlsdate.h src/tlsdated-unittest.c src/tlsdated.c src/util.c src/util.h
|
83a0bb88ce96dceb8b1063ae93bc611fe7aa706f |
|
23-Apr-2014 |
Avery Pennarun <apenwarr@gmail.com> |
tlsdate-helper: abort if time delay is too large. Such a large timeout could indicate tampering, but at the very least, it means we didn't set the time accurately. So exit with an error code and let the caller try again later.
/external/tlsdate/src/tlsdate-helper.h
|
232fa7e93cd02d176ba2501d8d0e6614b2563ac0 |
|
01-Nov-2013 |
Jacob Appelbaum <jacob@appelbaum.net> |
Add verb_debug and give -vv meaning
/external/tlsdate/src/tlsdate-helper.h
|
c45952f88c568046a02bc0aea793008d8bb37755 |
|
03-Sep-2013 |
Will Drewry <wad@chromium.org> |
CHROMIUM: Initial work eventizing tlsdated tlsdated provides the daemonized integration of tlsdate and the host system -- resumable time, DBus announcements, time-sync events, and so on. At present, it provides only netlink based wakeups and limited time synchronization. On Chromium OS, proxy support and network changes are integrated through external shell scripts monitoring DBus. These scripts lack the robustness required for a production grade time synchronization system. This change is manyfold: - Convert tlsdated "wakeup" input into events - Convert tlsdate execution and status collection into a event-friendly technique - Integrate libevent into the tlsdated design - Integrate support for platform specific wake up events - Integrate support for dynamic proxy resolution on each tlsdate call - Integrate CrOS wakeup events: proxy changes, default network service change, power state/resume, etc - Integrate time continuity checking using MONOTONIC clocks versus REALTIME for all wake events - Integrate DBus support directly into the event loop to allow for message sending and signal receipt (e.g., dbus_announce) - Addition of DOT file for laying out event flows - Split off time setting to a privileged helper by having tlsdate pass back time_t - Added configure support for --enable-cros and libevent2 checking - Support dynamic proxy resolution for multiple sources - Fixed a NULL deref in source traversal - Added "sync type" and priority - Added DBus interface for SetTime, CanSetTime, LastSyncInfo methods. - Added "sync source" to the TimeUpdated signal - Updated existing unittests - Add seccomp filter for priv'd time setter - Added dynamic proxy per source so we can add a final source with no proxy. - Style consistency: "find ./ -name '*.[ch]' -exec astyle --style=gnu -xd \{\} \;" Followed by the same with sed -i -e 's/) )/))/g' - Added DBus policy and interface files and a new dbus-client-group configure argument. Design: https://docs.google.com/a/google.com/document/d/1U1y7KBMo-BgWPspzoyeO5gSmU6dMwEJBc2HNNkGMJzY/view - Outstanding work: new unit and integration tests BUG=chromium:271644 TEST=manually tested on x86_64, arm, and x86-32. end-to-end autotest: https://chromium-review.googlesource.com/#/c/169141/ fixed up existing autotests: https://chromium-review.googlesource.com/174782 Change-Id: I0d24951182a768532d6d04eea2224ac70cf04052 Reviewed-on: https://chromium-review.googlesource.com/169131 Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Will Drewry <wad@chromium.org> Commit-Queue: Will Drewry <wad@chromium.org>
/external/tlsdate/src/tlsdate-helper.h
|
7bee41df971fbb325d8eda6a4c4671aa4af9f44c |
|
30-Oct-2013 |
Jacob Appelbaum <jacob@appelbaum.net> |
move defines into the proper header
/external/tlsdate/src/tlsdate-helper.h
|
df8cbc962d330c692dc1bac3ce11e8507787131b |
|
30-Oct-2013 |
Ingy döt Net <ingy@ingy.net> |
Define a max length for the HTTP Date: header
/external/tlsdate/src/tlsdate-helper.h
|
16ee83468552bee9205d6de6b3c4633b160986d6 |
|
18-Sep-2013 |
Nick Mathewson <nickm@torproject.org> |
Rudimentary support for HTTP Date headers Since I'm going on a personal crusade to kill off gmt_unix_time, I should provide an alternative. That alternative can be the Date header from HTTP -- unlike gmt_unix_time, the Date header is required by the RFC to actually be an accurate clock-like clock, and nobody is trying to get rid of it. This code is pretty hack-ish and does some nonportable stuff, like using memmem() and timegm(). It's not super-tolerant of non-standards-compliant HTTP servers. I hope I didn't make any pointer mistakes.
/external/tlsdate/src/tlsdate-helper.h
|
f0f17b98fa4c2a5a20a255be4b631d9e3d8bf704 |
|
24-Apr-2013 |
Jacob Appelbaum <jacob@appelbaum.net> |
Add build support for Haiku and perhaps BeOS; needs testing
/external/tlsdate/src/tlsdate-helper.h
|
385386d927176a47bc71b7efaf51fb7806f72d80 |
|
25-Jan-2013 |
Paul Bakker <p.j.bakker@polarssl.org> |
Added PolarSSL library support to base tlsdate The tlsdate-helper has been updated to support the entire chain of gathering the server timestamp by using PolarSSL. Proxy support has been disabled at this point as proxy-bio has to be rewritten or augmented to also support a non-BIO form.
/external/tlsdate/src/tlsdate-helper.h
|
a5e7fbb012f155b0a37c09e1c42989bc4988fce9 |
|
08-Jan-2013 |
Elly Fong-Jones <ellyjones@chromium.org> |
tlsdated: add dbus announcement support Announce over DBus whenever we change the system time. Change-Id: Ic6cbab5f703bebe489f513025336c53240ccce35 Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
/external/tlsdate/src/tlsdate-helper.h
|
12e15c91e002c0856b7b3572a33d7d93b30b8049 |
|
07-Jan-2013 |
Jacob Appelbaum <jacob@appelbaum.net> |
Use /etc/tlsdate/ca-roots/tlsdate-ca-roots.conf for certs by default; allow setting file or dir
/external/tlsdate/src/tlsdate-helper.h
|
b24f342311f93ff61a73ba4628dc173d09c50413 |
|
02-Nov-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
update verbose ints location
/external/tlsdate/src/tlsdate-helper.h
|
c88a9f7f976f8495fcf27717a292bd1070828192 |
|
02-Nov-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
Move common functions to util.c and add verb() to proxy code
/external/tlsdate/src/tlsdate-helper.h
|
5cc5ede6e2ef980880ade9a508e5d84498ba2f84 |
|
02-Nov-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
fix cert verification when proxy is used
/external/tlsdate/src/tlsdate-helper.h
|
4687c5d2e6ba965d362568f9f56239e24d76966d |
|
03-Oct-2012 |
Elly Fong-Jones <ellyjones@chromium.org> |
Add proxy support Support SOCKS4a, SOCKS5, and HTTP proxies through -x / --proxy <schema>://<host>:<port>. No auth supported yet. BUG=chromium-os:31505 TEST=unit Change-Id: Ifd430ca1ed026dcaa33a91dfa07cc7eb7e57eaee Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/34566 (cherry picked from commit 9c3e49f2f4823c822fe29342e3eebbd38154d55a) Conflicts: src/Makefile.am src/tlsdate-helper.c
/external/tlsdate/src/tlsdate-helper.h
|
95d9fd53d2ccf4b377fbdcd6178a730902d5bf80 |
|
16-Oct-2012 |
Brian Aker <brian@tangent.org> |
Fix for currently known build issues.
/external/tlsdate/src/tlsdate-helper.h
|
ad12a3ab71da4d02983b2b440561dea7c0d74c44 |
|
06-Aug-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
Wildcard certificate verification per RFC 2595 This implements the most basic RFC 2595 wildcard support. It needs to be refactored into a more simple and elegant set of methods that would encourage code reuse when we later implement RFC 2818.
/external/tlsdate/src/tlsdate-helper.h
|
53a1058d72a070670018b8ab9d4834274858eb5a |
|
31-Jul-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
HOST_NAME_MAX is possible even if not to x509 spec
/external/tlsdate/src/tlsdate-helper.h
|
6bb4b814c118f040b15b9d1764d872cedff80b6e |
|
30-Jul-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
use RFC5280 values for ub-common-name-length; less than max host name bytes... wtf?
/external/tlsdate/src/tlsdate-helper.h
|
8355d738d32b7b0d3e38f1e39c2bd5025796f81b |
|
30-Jul-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
refactor tlsdate-helper.c to create tlsdate-helper.h; fix memory leaks
/external/tlsdate/src/tlsdate-helper.h
|