| cdc2e2d2f9b1065c0d4c50a4166d16845d4519dc |
|
13-Oct-2014 |
Jacob Appelbaum <jacob@appelbaum.net> |
add PR_SET_NO_NEW_PRIVS to tlsdate-helper
/external/tlsdate/src/tlsdate-helper.h
|
| 2d9fd234e2887fdb29c6c09f66ade0a8b32c3ba7 |
|
16-Sep-2014 |
Will Drewry <wad@chromium.org> |
Merge branch 'master' of https://chromium.googlesource.com/chromiumos/third_party/tlsdate into upstream
This is the initial merge of the Chromium OS fork of tlsdated.
It adds a dependency in libevent2 and removes the custom event
solution and adds a platform-specific hook for integrating with
platform signals (like network readiness).
Signed-off-by: <redpig@dataspill.org>
Conflicts:
Makefile.am
configure.ac
man/tlsdate-dbus-announce.1
man/tlsdated.8
src/Makefile.am
src/compat/clock-linux.c
src/compat/clock.h
src/conf-unittest.c
src/conf.c
src/include.am
src/proxy-bio.c
src/test/proxy-override.c
src/tlsdate-dbus-announce.c
src/tlsdate-helper.c
src/tlsdate.c
src/tlsdate.h
src/tlsdated-unittest.c
src/tlsdated.c
src/util.c
src/util.h
|
| 83a0bb88ce96dceb8b1063ae93bc611fe7aa706f |
|
23-Apr-2014 |
Avery Pennarun <apenwarr@gmail.com> |
tlsdate-helper: abort if time delay is too large.
Such a large timeout could indicate tampering, but at the very least,
it means we didn't set the time accurately. So exit with an error code and
let the caller try again later.
/external/tlsdate/src/tlsdate-helper.h
|
| 232fa7e93cd02d176ba2501d8d0e6614b2563ac0 |
|
01-Nov-2013 |
Jacob Appelbaum <jacob@appelbaum.net> |
Add verb_debug and give -vv meaning
/external/tlsdate/src/tlsdate-helper.h
|
| c45952f88c568046a02bc0aea793008d8bb37755 |
|
03-Sep-2013 |
Will Drewry <wad@chromium.org> |
CHROMIUM: Initial work eventizing tlsdated
tlsdated provides the daemonized integration of tlsdate and the host
system -- resumable time, DBus announcements, time-sync events, and so
on.
At present, it provides only netlink based wakeups and limited
time synchronization. On Chromium OS, proxy support and network
changes are integrated through external shell scripts monitoring
DBus. These scripts lack the robustness required for a production
grade time synchronization system.
This change is manyfold:
- Convert tlsdated "wakeup" input into events
- Convert tlsdate execution and status collection into a event-friendly technique
- Integrate libevent into the tlsdated design
- Integrate support for platform specific wake up events
- Integrate support for dynamic proxy resolution on each tlsdate call
- Integrate CrOS wakeup events: proxy changes, default network service change, power state/resume, etc
- Integrate time continuity checking using MONOTONIC clocks versus REALTIME for all wake events
- Integrate DBus support directly into the event loop to allow for message sending
and signal receipt (e.g., dbus_announce)
- Addition of DOT file for laying out event flows
- Split off time setting to a privileged helper by having tlsdate pass back time_t
- Added configure support for --enable-cros and libevent2 checking
- Support dynamic proxy resolution for multiple sources
- Fixed a NULL deref in source traversal
- Added "sync type" and priority
- Added DBus interface for SetTime, CanSetTime, LastSyncInfo methods.
- Added "sync source" to the TimeUpdated signal
- Updated existing unittests
- Add seccomp filter for priv'd time setter
- Added dynamic proxy per source so we can add a final source with no proxy.
- Style consistency: "find ./ -name '*.[ch]' -exec astyle --style=gnu -xd \{\} \;"
Followed by the same with sed -i -e 's/) )/))/g'
- Added DBus policy and interface files and a new dbus-client-group configure argument.
Design: https://docs.google.com/a/google.com/document/d/1U1y7KBMo-BgWPspzoyeO5gSmU6dMwEJBc2HNNkGMJzY/view
- Outstanding work: new unit and integration tests
BUG=chromium:271644
TEST=manually tested on x86_64, arm, and x86-32.
end-to-end autotest: https://chromium-review.googlesource.com/#/c/169141/
fixed up existing autotests: https://chromium-review.googlesource.com/174782
Change-Id: I0d24951182a768532d6d04eea2224ac70cf04052
Reviewed-on: https://chromium-review.googlesource.com/169131
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
/external/tlsdate/src/tlsdate-helper.h
|
| 7bee41df971fbb325d8eda6a4c4671aa4af9f44c |
|
30-Oct-2013 |
Jacob Appelbaum <jacob@appelbaum.net> |
move defines into the proper header
/external/tlsdate/src/tlsdate-helper.h
|
| df8cbc962d330c692dc1bac3ce11e8507787131b |
|
30-Oct-2013 |
Ingy döt Net <ingy@ingy.net> |
Define a max length for the HTTP Date: header
/external/tlsdate/src/tlsdate-helper.h
|
| 16ee83468552bee9205d6de6b3c4633b160986d6 |
|
18-Sep-2013 |
Nick Mathewson <nickm@torproject.org> |
Rudimentary support for HTTP Date headers
Since I'm going on a personal crusade to kill off gmt_unix_time, I
should provide an alternative. That alternative can be the Date
header from HTTP -- unlike gmt_unix_time, the Date header is required
by the RFC to actually be an accurate clock-like clock, and nobody is
trying to get rid of it.
This code is pretty hack-ish and does some nonportable stuff, like
using memmem() and timegm(). It's not super-tolerant of
non-standards-compliant HTTP servers. I hope I didn't make any
pointer mistakes.
/external/tlsdate/src/tlsdate-helper.h
|
| f0f17b98fa4c2a5a20a255be4b631d9e3d8bf704 |
|
24-Apr-2013 |
Jacob Appelbaum <jacob@appelbaum.net> |
Add build support for Haiku and perhaps BeOS; needs testing
/external/tlsdate/src/tlsdate-helper.h
|
| 385386d927176a47bc71b7efaf51fb7806f72d80 |
|
25-Jan-2013 |
Paul Bakker <p.j.bakker@polarssl.org> |
Added PolarSSL library support to base tlsdate
The tlsdate-helper has been updated to support the entire chain of
gathering the server timestamp by using PolarSSL. Proxy support has been
disabled at this point as proxy-bio has to be rewritten or augmented to
also support a non-BIO form.
/external/tlsdate/src/tlsdate-helper.h
|
| a5e7fbb012f155b0a37c09e1c42989bc4988fce9 |
|
08-Jan-2013 |
Elly Fong-Jones <ellyjones@chromium.org> |
tlsdated: add dbus announcement support
Announce over DBus whenever we change the system time.
Change-Id: Ic6cbab5f703bebe489f513025336c53240ccce35
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
/external/tlsdate/src/tlsdate-helper.h
|
| 12e15c91e002c0856b7b3572a33d7d93b30b8049 |
|
07-Jan-2013 |
Jacob Appelbaum <jacob@appelbaum.net> |
Use /etc/tlsdate/ca-roots/tlsdate-ca-roots.conf for certs by default; allow setting file or dir
/external/tlsdate/src/tlsdate-helper.h
|
| b24f342311f93ff61a73ba4628dc173d09c50413 |
|
02-Nov-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
update verbose ints location
/external/tlsdate/src/tlsdate-helper.h
|
| c88a9f7f976f8495fcf27717a292bd1070828192 |
|
02-Nov-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
Move common functions to util.c and add verb() to proxy code
/external/tlsdate/src/tlsdate-helper.h
|
| 5cc5ede6e2ef980880ade9a508e5d84498ba2f84 |
|
02-Nov-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
fix cert verification when proxy is used
/external/tlsdate/src/tlsdate-helper.h
|
| 4687c5d2e6ba965d362568f9f56239e24d76966d |
|
03-Oct-2012 |
Elly Fong-Jones <ellyjones@chromium.org> |
Add proxy support
Support SOCKS4a, SOCKS5, and HTTP proxies through -x / --proxy
<schema>://<host>:<port>. No auth supported yet.
BUG=chromium-os:31505
TEST=unit
Change-Id: Ifd430ca1ed026dcaa33a91dfa07cc7eb7e57eaee
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/34566
(cherry picked from commit 9c3e49f2f4823c822fe29342e3eebbd38154d55a)
Conflicts:
src/Makefile.am
src/tlsdate-helper.c
/external/tlsdate/src/tlsdate-helper.h
|
| 95d9fd53d2ccf4b377fbdcd6178a730902d5bf80 |
|
16-Oct-2012 |
Brian Aker <brian@tangent.org> |
Fix for currently known build issues.
/external/tlsdate/src/tlsdate-helper.h
|
| ad12a3ab71da4d02983b2b440561dea7c0d74c44 |
|
06-Aug-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
Wildcard certificate verification per RFC 2595
This implements the most basic RFC 2595 wildcard support.
It needs to be refactored into a more simple and elegant
set of methods that would encourage code reuse when we
later implement RFC 2818.
/external/tlsdate/src/tlsdate-helper.h
|
| 53a1058d72a070670018b8ab9d4834274858eb5a |
|
31-Jul-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
HOST_NAME_MAX is possible even if not to x509 spec
/external/tlsdate/src/tlsdate-helper.h
|
| 6bb4b814c118f040b15b9d1764d872cedff80b6e |
|
30-Jul-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
use RFC5280 values for ub-common-name-length; less than max host name bytes... wtf?
/external/tlsdate/src/tlsdate-helper.h
|
| 8355d738d32b7b0d3e38f1e39c2bd5025796f81b |
|
30-Jul-2012 |
Jacob Appelbaum <jacob@appelbaum.net> |
refactor tlsdate-helper.c to create tlsdate-helper.h; fix memory leaks
/external/tlsdate/src/tlsdate-helper.h
|