tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-10-29 18:23:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,757 Commits 284 Branches 127 Tags
Commit Graph

55 Commits

Author SHA1 Message Date
Julian Brost
2febc5e18a Security: fix TLS certificate validation bypass 
The previous validation in set_verify_callback() could be bypassed, tricking
Icinga 2 into treating invalid certificates as valid. To fix this, the
validation checks were moved into the IsVerifyOK() function.

This is tracked as CVE-2024-49369, more details will be published at a later time.
 2024-10-22 10:41:00 +02:00
Noah Hilverling
97fc70ccb2
Merge pull request #7836 from Icinga/bugfix/jsonrpcconnection-m_seen 
Consider a JsonRpcConnection being seen on a single byte of TLS payload, not only a whole message
 2020-07-29 15:02:48 +02:00
Alexander A. Klimov
0f84ce0470 Consider a JsonRpcConnection being seen on a single byte of TLS payload, not only a whole message 2020-02-19 11:11:53 +01:00
Alexander A. Klimov
26ce2cfb73 Replace std::shared_ptr<AsioTcpStream> with Shared<AsioTcpStream>::Ptr 2019-10-21 16:12:46 +02:00
Alexander A. Klimov
a1683568a1 Replace std::shared_ptr<AsioTlsStream> with Shared<AsioTlsStream>::Ptr 2019-10-21 16:12:35 +02:00
Michael Friedrich
5fa7331cc9 Quality: Replace deprecated Boost IO service code 
https://github.com/boostorg/asio/issues/110
https://www.boost.org/doc/libs/1_66_0/doc/html/boost_asio/example/cpp03/services/logger_service.hpp
 2019-09-09 15:27:57 +02:00
Michael Friedrich
5dbb6ad366 Quality: Remove old SocketEvent functionality 2019-05-24 15:50:43 +02:00
Michael Friedrich
c7a2fc556c Quality: Purge old TlsStream functionality 2019-05-24 15:50:43 +02:00
Michael Friedrich
856877d1fe
Merge pull request #7134 from Icinga/feature/boost-asio-influxdbwriter 
Use new I/O engine in InfluxdbWriter
 2019-04-23 14:31:42 +02:00
Alexander A. Klimov
c1fa07899c Introduce OptionalTlsStream 2019-04-23 11:25:26 +02:00
Alexander A. Klimov
f2d9d91e83 Introduce UnbufferedAsioTlsStream#GetPeerCertificate() 2019-04-01 17:11:09 +02:00
Alexander A. Klimov
bf23e5392b UnbufferedAsioTlsStream: don't rely on *this in decltype()s for methods' return types 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
7ec1e638a8 Turn shortcut UnbufferedAsioTlsStream::Parent into a base class 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
e6d78bf361 Move some TCP/TLS logic out of ApiListener 
... for re-using it
 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
d3392d1579 Rename AsioTlsStreamHack to UnbufferedAsioTlsStream 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
e21956e26e ApiListener: detect protocol 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
2615967e7f Make ApiListener#m_SSLContext a Boost ASIO SSL context 2019-04-01 11:40:14 +02:00
Michael Friedrich
d14a88235d Replace Copyright header with a short version, part I 
CLion -> replace in path
 2019-02-25 14:48:22 +01:00
Alexander A. Klimov
a9a9469868 SocketEvents: inherit from Stream 
refs #6477
 2018-10-30 13:46:20 +01:00
Michael Friedrich
5406ce6540 Ensure that API/JSON-RPC messages in the same session are processed and not stalled 
This basically drops the "corked" implementation which just stalled the
TLS IO polling after some requests. If you need sort of rate limiting
for these events, use an external TLS proxy which terminates that in front
of Icinga.

fixes #6635
 2018-10-29 12:57:24 +01:00
Michael Friedrich
dab53448bc icinga.com: Update *.{h,c}pp 2018-10-18 09:27:04 +02:00
Jean Flach
d0cf7c654e Use cork in tlsstream and HTTP connection 2018-02-28 11:40:58 +01:00
Gunnar Beutner
9ca682496c Apply clang-tidy fix 'modernize-use-override' 2018-01-04 12:24:57 +01:00
Gunnar Beutner
ac155d1dda Apply clang-tidy fix 'modernize-redundant-void-arg' 2018-01-04 12:24:57 +01:00
Gunnar Beutner
efe99a3e5e Add the final keyword to classes 2018-01-04 05:20:20 +00:00
Gunnar Beutner
90496b5456 Build libraries as static libraries 2018-01-02 23:29:48 +01:00
Michael Insel
158ae2188e Change copyright header for 2018 2018-01-02 12:08:55 +01:00
Gunnar Beutner
6d09efc907 Use std::shared_ptr instead of boost::shared_ptr 2017-11-30 17:41:00 +01:00
Michael Friedrich
b7caf0820d Ensure that *.icinga.com is used everywhere 
fixes #13897
fixes #13277
 2017-01-10 17:19:12 +01:00
Gunnar Beutner
cdda3bad8c Include client IP address and port in HTTP requests 
fixes #11706
 2016-07-25 09:43:13 +02:00
Stephan Tesch
431c110056 Improve error reporting for the client certificate check 
Until now, client certificates that have failed verification were reported as not being signed by the CA. That is not true for all cases. This patch adds an explanation in the debug log why verification failed.

fixes #12201
 2016-07-25 09:22:35 +02:00
Gunnar Beutner
e4b7111577 Check the certificate name when reconnecting to an instance 
refs #10963
 2016-01-19 16:24:12 +01:00
Gunnar Beutner
599929b0f6 Update copyright headers for 2016 2016-01-12 08:29:59 +01:00
Gunnar Beutner
c37a23ccba Implement the Icinga Studio application 
fixes #10042
 2015-08-31 07:50:01 +02:00
Gunnar Beutner
d8cab2f0e8 Add 'override' keyword to methods 
refs #9929
 2015-08-18 12:45:30 +02:00
Gunnar Beutner
b357012ded Implement HTTP support 
refs #9447
 2015-07-09 11:42:34 +02:00
Gunnar Beutner
fd9dc32a3d Implement SNI support for the TlsStream class 
fixes #8610
 2015-03-05 14:15:42 +01:00
Gunnar Beutner
aef5bc2f3a Fix a crash in TlsStream::Close 
fixes #8537
 2015-02-25 14:41:23 +01:00
Gunnar Beutner
4972364f42 Fix another problem where Icinga doesn't detect that a cluster connection is dead 
refs #8485
 2015-02-25 13:21:38 +01:00
Gunnar Beutner
3c6ca2957b Fix a crash in SocketEvents::OnEvent 
fixes #8446
 2015-02-15 18:50:25 +01:00
Gunnar Beutner
f097e48889 Don't use separate threads for each ApiClient object 
fixes #6109
 2015-02-14 16:34:36 +01:00
Gunnar Beutner
e0bbfb175c Move most of the socket I/O to a separate thread 
fixes #8300
fixes #8243
 2015-02-14 09:42:11 +01:00
Michael Friedrich
78bfd0204c Update copyright year 2015-01-22 12:00:23 +01:00
Gunnar Beutner
28d7051aed Fix a deadlock in TlsStream::Read / TlsStream::Close 
fixes #8124
 2014-12-19 12:07:06 +01:00
Gunnar Beutner
478f03b49a Replace boost::shared_ptr with boost::intrusive_ptr 
refs #7622
 2014-11-09 16:54:41 +01:00
Gunnar Beutner
266b1754c7 Speed up type lookups 
refs #7561
 2014-11-07 12:39:32 +01:00
Gunnar Beutner
170c5a59e4 Implement typeof() function 2014-11-03 00:45:14 +01:00
Gunnar Beutner
311cce5d41 Allow TLS connections with unverified certificates 
refs #7244
 2014-10-16 09:01:18 +02:00
Gunnar Beutner
dc4fe38d8f Fix crash in TlsStream::IsEof 
refs #6862
 2014-09-10 08:51:25 +02:00
Gunnar Beutner
9133c01f00 Fix spurious SSL errors 
fixes #6981
 2014-09-05 08:19:47 +02:00