Changes committed to git://oss.sgi.com/pcp/pcp.git nssmerge
src/include/pcp/impl.h | 9 -
src/libpcp/src/auxconnect.c | 148 +++++++++++++++--
src/libpcp/src/check-statics | 2
src/libpcp/src/connect.c | 88 ++++++----
src/libpcp/src/context.c | 3
src/libpcp/src/util.c | 16 +
src/pmcd/src/GNUmakefile | 18 ++
src/pmcd/src/dopdus.c | 8
src/pmcd/src/pmcd.c | 40 +++-
src/pmcd/src/pmcd.h | 6
src/pmcd/src/secure.c | 355 ++++++++++++++++++++++++++++++++++++++++---
src/pmcd/src/secure.h | 54 +++++-
12 files changed, 641 insertions(+), 106 deletions(-)
commit a855d1bc9eb468714d84357e6b2624815576dda7
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Fri Dec 21 16:08:58 2012 +1100
Initial client-side support code for NSS secure contexts
Added code to load up per-user and system-wide NSS certificate
database for the client side of a secure connection.
Refactored one-time-initialisation code in pmcd connection setup
as part of this, in particular the proxy setup is now done by a
helper like pmcd env vars always were (and also like the newly
added cert db setup is).
Extended the libpcp shutdown routine to also cleanup NSS cert db
state we've setup. Changed the way this handles errors, so that
it keeps going through shutdown in the presence of errors, while
saving the first error code and returning that. Otherwise, some
unrelated error (eg in local context handling) may cause dodgey
teardown of NSS stuff, for example.
Finally, cleaned up the pmcd symbol namespace a little to prevent
naming collisions.
commit aa3eb752d6760ec8e2aea55db88b7ddcd87491f3
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Thu Dec 20 14:51:47 2012 +1100
Chop end-of-line markers from passwd file, close file always
commit 1a63f9ed2a0da20101751a854158f27b0275779b
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Thu Dec 20 14:50:49 2012 +1100
Fix bitfield check mask, consistent pmcd ipc error handling
commit 14831dbeb729f7d3194ee1a40231730947d5802c
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Thu Dec 20 14:47:16 2012 +1100
Add a env var mechanism for forcing encrypted host contexts
commit 95856cc50775c7fac35d984625af23ca96e81515
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed Dec 19 21:40:46 2012 +1100
Make client side SSL setup consistent with server side code
commit f98ec7b65c6dde01d77ebe9f5d0544b6aaf59289
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed Dec 19 17:38:51 2012 +1100
Server side (pmcd) support for encrypted and compressed communication
Adds the necessary SSL support code for responding to a client request
for SSL connections. Two new pmcd command line options are added, one
allowing a non-default credentials database path to be specified and
the other to allow a password file to be passed in if the database is
password protected. At startup the database is queried for credential
nickname "PCP Collector credential", which is then verified, private
key extracted, and used for subsequent encrypted channels (both clear
and encrypted communication is supported by the one pmcd, just depends
on what an individual client requests for each context it creates).
Its not clear which of these new routines will end up in libpcp and
which in pmcd (some will be shared with client side), so for now all
have used libpcp naming conventions and I'll revisit that later when
cleaning up.
|