Julian Brost 
							
						 
					 
					
						
						
						
						
							
						
						
							869a7d6f0f 
							
						 
					 
					
						
						
							
							Security: fix TLS certificate validation bypass  
						
						... 
						
						
						
						The previous validation in set_verify_callback() could be bypassed, tricking
Icinga 2 into treating invalid certificates as valid. To fix this, the
validation checks were moved into the IsVerifyOK() function.
This is tracked as CVE-2024-49369, more details will be published at a later time. 
						
						
					 
					
						2024-10-22 10:36:58 +02:00 
						 
				 
			
				
					
						
							
							
								Julian Brost 
							
						 
					 
					
						
						
						
						
							
						
						
							396f003c69 
							
						 
					 
					
						
						
							
							Enable hostname verification in UnbufferedAsioTlsStream  
						
						
						
						
					 
					
						2021-08-13 10:58:10 +02:00 
						 
				 
			
				
					
						
							
							
								Michael Friedrich 
							
						 
					 
					
						
						
						
						
							
						
						
							c7a2fc556c 
							
						 
					 
					
						
						
							
							Quality: Purge old TlsStream functionality  
						
						
						
						
					 
					
						2019-05-24 15:50:43 +02:00 
						 
				 
			
				
					
						
							
							
								Elias Ohm 
							
						 
					 
					
						
						
						
						
							
						
						
							4c86c370bb 
							
						 
					 
					
						
						
							
							fixup errbuf length in the other files and avoid using the static buffer in one place (for thread safety and code consistency reasons)  
						
						
						
						
					 
					
						2019-05-09 09:30:12 +02:00 
						 
				 
			
				
					
						
							
							
								Alexander A. Klimov 
							
						 
					 
					
						
						
						
						
							
						
						
							f2d9d91e83 
							
						 
					 
					
						
						
							
							Introduce UnbufferedAsioTlsStream#GetPeerCertificate()  
						
						
						
						
					 
					
						2019-04-01 17:11:09 +02:00 
						 
				 
			
				
					
						
							
							
								Alexander A. Klimov 
							
						 
					 
					
						
						
						
						
							
						
						
							d428bdf384 
							
						 
					 
					
						
						
							
							Add missing includes  
						
						
						
						
					 
					
						2019-04-01 13:31:16 +02:00 
						 
				 
			
				
					
						
							
							
								Alexander A. Klimov 
							
						 
					 
					
						
						
						
						
							
						
						
							e6d78bf361 
							
						 
					 
					
						
						
							
							Move some TCP/TLS logic out of ApiListener  
						
						... 
						
						
						
						... for re-using it 
						
						
					 
					
						2019-04-01 13:31:16 +02:00 
						 
				 
			
				
					
						
							
							
								Alexander A. Klimov 
							
						 
					 
					
						
						
						
						
							
						
						
							2615967e7f 
							
						 
					 
					
						
						
							
							Make ApiListener#m_SSLContext a Boost ASIO SSL context  
						
						
						
						
					 
					
						2019-04-01 11:40:14 +02:00 
						 
				 
			
				
					
						
							
							
								Michael Friedrich 
							
						 
					 
					
						
						
						
						
							
						
						
							d14a88235d 
							
						 
					 
					
						
						
							
							Replace Copyright header with a short version, part I  
						
						... 
						
						
						
						CLion -> replace in path 
						
						
					 
					
						2019-02-25 14:48:22 +01:00 
						 
				 
			
				
					
						
							
							
								Alexander A. Klimov 
							
						 
					 
					
						
						
						
						
							
						
						
							a2ae01e64b 
							
						 
					 
					
						
						
							
							Socket engine: drop life support objects  
						
						... 
						
						
						
						refs #6477  
						
						
					 
					
						2018-10-30 13:46:20 +01:00 
						 
				 
			
				
					
						
							
							
								Michael Friedrich 
							
						 
					 
					
						
						
						
						
							
						
						
							5406ce6540 
							
						 
					 
					
						
						
							
							Ensure that API/JSON-RPC messages in the same session are processed and not stalled  
						
						... 
						
						
						
						This basically drops the "corked" implementation which just stalled the
TLS IO polling after some requests. If you need sort of rate limiting
for these events, use an external TLS proxy which terminates that in front
of Icinga.
fixes  #6635  
						
						
					 
					
						2018-10-29 12:57:24 +01:00 
						 
				 
			
				
					
						
							
							
								Michael Friedrich 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							7e1942e8e7 
							
						 
					 
					
						
						
							
							Merge pull request  #6718  from Icinga/bugfix/ssl-shutdown  
						
						... 
						
						
						
						Call SSL_shutdown() at least twice 
						
						
					 
					
						2018-10-24 11:46:32 +02:00 
						 
				 
			
				
					
						
							
							
								Michael Friedrich 
							
						 
					 
					
						
						
						
						
							
						
						
							dab53448bc 
							
						 
					 
					
						
						
							
							icinga.com: Update *.{h,c}pp  
						
						
						
						
					 
					
						2018-10-18 09:27:04 +02:00 
						 
				 
			
				
					
						
							
							
								Michael Friedrich 
							
						 
					 
					
						
						
						
						
							
						
						
							29701b4db5 
							
						 
					 
					
						
						
							
							Add ApiListener#tls_handshake_timeout option  
						
						... 
						
						
						
						This allows to specify the previously hardcoded
timeout of 10s.
refs #6517  
						
						
					 
					
						2018-09-14 09:20:09 +02:00 
						 
				 
			
				
					
						
							
							
								Michael Friedrich 
							
						 
					 
					
						
						
						
						
							
						
						
							f297881e23 
							
						 
					 
					
						
						
							
							Call SSL_shutdown() at least twice  
						
						
						
						
					 
					
						2018-09-10 16:10:16 +02:00 
						 
				 
			
				
					
						
							
							
								Michael Friedrich 
							
						 
					 
					
						
						
						
						
							
						
						
							257ad12646 
							
						 
					 
					
						
						
							
							Use SSL_pending() for remaining TLS stream data  
						
						... 
						
						
						
						We've used this previously, and according to the OpenSSL
docs we should just use it. From our experience everything
done different to the API functions from OpenSSL causes
undefined behaviour in the worst case.
This commit also breaks the packet size limit into a more
readable version, including logs for development debug builds.
refs #6242  
						
						
					 
					
						2018-06-21 15:58:05 +02:00 
						 
				 
			
				
					
						
							
							
								Alexander A. Klimov 
							
						 
					 
					
						
						
						
						
							
						
						
							3c7851107c 
							
						 
					 
					
						
						
							
							TlsStream#IsEof(): fix false positive EOF indicator  
						
						... 
						
						
						
						refs #6242  
						
						
					 
					
						2018-06-20 16:55:33 +02:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							9cd5298d8b 
							
						 
					 
					
						
						
							
							Ensure that SetCorked() works properly  
						
						
						
						
					 
					
						2018-03-06 09:03:35 +01:00 
						 
				 
			
				
					
						
							
							
								Jean Flach 
							
						 
					 
					
						
						
						
						
							
						
						
							d0cf7c654e 
							
						 
					 
					
						
						
							
							Use cork in tlsstream and HTTP connection  
						
						
						
						
					 
					
						2018-02-28 11:40:58 +01:00 
						 
				 
			
				
					
						
							
							
								Jean Flach 
							
						 
					 
					
						
						
						
						
							
						
						
							85f45d9b94 
							
						 
					 
					
						
						
							
							Minor codestyle and doc changes  
						
						
						
						
					 
					
						2018-02-21 14:52:44 +01:00 
						 
				 
			
				
					
						
							
							
								Jean Flach 
							
						 
					 
					
						
						
						
						
							
						
						
							8ffa4f04a7 
							
						 
					 
					
						
						
							
							Add timeout for TLS handshakes  
						
						
						
						
					 
					
						2018-02-20 13:32:04 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							e3ad0be769 
							
						 
					 
					
						
						
							
							Apply clang-tidy fix 'modernize-use-auto'  
						
						
						
						
					 
					
						2018-01-04 12:24:57 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							ac155d1dda 
							
						 
					 
					
						
						
							
							Apply clang-tidy fix 'modernize-redundant-void-arg'  
						
						
						
						
					 
					
						2018-01-04 12:24:57 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							90496b5456 
							
						 
					 
					
						
						
							
							Build libraries as static libraries  
						
						
						
						
					 
					
						2018-01-02 23:29:48 +01:00 
						 
				 
			
				
					
						
							
							
								Michael Insel 
							
						 
					 
					
						
						
						
						
							
						
						
							158ae2188e 
							
						 
					 
					
						
						
							
							Change copyright header for 2018  
						
						
						
						
					 
					
						2018-01-02 12:08:55 +01:00 
						 
				 
			
				
					
						
							
							
								Jean Flach 
							
						 
					 
					
						
						
						
						
							
						
						
							2636e6a77a 
							
						 
					 
					
						
						
							
							Whitespace fix  
						
						... 
						
						
						
						What does this change?
* Remove use of spaces for formatting
These could be found by using `grep -r -l -P '^\t+ +[^*]'
* Removal of training whitespaces
* A few lines longer than 120 chars 
						
						
					 
					
						2017-12-20 14:53:52 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							1ad83886ac 
							
						 
					 
					
						
						
							
							Replace a few more NULLs with nullptr  
						
						
						
						
					 
					
						2017-12-14 15:37:20 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							6d09efc907 
							
						 
					 
					
						
						
							
							Use std::shared_ptr instead of boost::shared_ptr  
						
						
						
						
					 
					
						2017-11-30 17:41:00 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							858873b940 
							
						 
					 
					
						
						
							
							Replace boost::bind/boost::function with std::bind/std::function  
						
						
						
						
					 
					
						2017-11-27 15:15:11 +01:00 
						 
				 
			
				
					
						
							
							
								Michael Friedrich 
							
						 
					 
					
						
						
						
						
							
						
						
							b7caf0820d 
							
						 
					 
					
						
						
							
							Ensure that *.icinga.com is used everywhere  
						
						... 
						
						
						
						fixes  #13897 
fixes  #13277  
					
						2017-01-10 17:19:12 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							cdda3bad8c 
							
						 
					 
					
						
						
							
							Include client IP address and port in HTTP requests  
						
						... 
						
						
						
						fixes  #11706  
					
						2016-07-25 09:43:13 +02:00 
						 
				 
			
				
					
						
							
							
								Stephan Tesch 
							
						 
					 
					
						
						
						
						
							
						
						
							431c110056 
							
						 
					 
					
						
						
							
							Improve error reporting for the client certificate check  
						
						... 
						
						
						
						Until now, client certificates that have failed verification were reported as not being signed by the CA. That is not true for all cases. This patch adds an explanation in the debug log why verification failed.
fixes  #12201  
						
						
					 
					
						2016-07-25 09:22:35 +02:00 
						 
				 
			
				
					
						
							
							
								Michael Friedrich 
							
						 
					 
					
						
						
						
						
							
						
						
							9b873d60c2 
							
						 
					 
					
						
						
							
							Ensure to clear the SSL error queue before calling SSL_{read,write,do_handshake}  
						
						... 
						
						
						
						fixes  #12100  
					
						2016-07-05 15:25:02 +02:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							2adfcb56fe 
							
						 
					 
					
						
						
							
							Improve error handling for TlsStream::Handshake  
						
						... 
						
						
						
						fixes  #11046  
					
						2016-05-11 10:09:54 +02:00 
						 
				 
			
				
					
						
							
							
								Michael Friedrich 
							
						 
					 
					
						
						
						
						
							
						
						
							5dd685cef9 
							
						 
					 
					
						
						
							
							Fix socket exceptions while querying the API  
						
						... 
						
						
						
						fixes  #11224  
					
						2016-03-29 13:52:37 +02:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							2dc385e31b 
							
						 
					 
					
						
						
							
							Fix memory/thread leak in the HttpServerConnection class  
						
						... 
						
						
						
						fixes  #10655  
					
						2016-02-03 09:54:31 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							fabf37e79c 
							
						 
					 
					
						
						
							
							Improve performance for TlsStream::OnEvent  
						
						... 
						
						
						
						refs #11014  
						
						
					 
					
						2016-02-02 13:51:17 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							83889dcbb0 
							
						 
					 
					
						
						
							
							Increase the buffer size in TlsStream::OnEvent to avoid unnecessary poll() calls  
						
						... 
						
						
						
						refs #11014  
						
						
					 
					
						2016-02-02 08:28:54 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							e4b7111577 
							
						 
					 
					
						
						
							
							Check the certificate name when reconnecting to an instance  
						
						... 
						
						
						
						refs #10963  
						
						
					 
					
						2016-01-19 16:24:12 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							7f4af89a56 
							
						 
					 
					
						
						
							
							Ensure that HttpServerConnections are properly closed  
						
						... 
						
						
						
						fixes  #10655  
					
						2016-01-13 10:30:38 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							599929b0f6 
							
						 
					 
					
						
						
							
							Update copyright headers for 2016  
						
						
						
						
					 
					
						2016-01-12 08:29:59 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							5a74f69819 
							
						 
					 
					
						
						
							
							Fix memory leak for JSON-RPC/HTTP connections  
						
						... 
						
						
						
						fixes  #10517  
					
						2015-11-09 10:22:52 +01:00 
						 
				 
			
				
					
						
							
							
								Michael Friedrich 
							
						 
					 
					
						
						
						
						
							
						
						
							286538c17e 
							
						 
					 
					
						
						
							
							Implement api event streams  
						
						... 
						
						
						
						Documentation is not yet complete.
refs #9078  
						
						
					 
					
						2015-10-21 15:34:26 +02:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							0e40c3ee1d 
							
						 
					 
					
						
						
							
							Fix deadlock in TlsStream::Close  
						
						... 
						
						
						
						fixes  #10235  
					
						2015-09-29 10:31:16 +02:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							c37a23ccba 
							
						 
					 
					
						
						
							
							Implement the Icinga Studio application  
						
						... 
						
						
						
						fixes  #10042  
					
						2015-08-31 07:50:01 +02:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							b357012ded 
							
						 
					 
					
						
						
							
							Implement HTTP support  
						
						... 
						
						
						
						refs #9447  
						
						
					 
					
						2015-07-09 11:42:34 +02:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							fd9dc32a3d 
							
						 
					 
					
						
						
							
							Implement SNI support for the TlsStream class  
						
						... 
						
						
						
						fixes  #8610  
					
						2015-03-05 14:15:42 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							bb393a9d4f 
							
						 
					 
					
						
						
							
							Remove unused variables  
						
						
						
						
					 
					
						2015-03-02 12:52:37 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							9567cd663b 
							
						 
					 
					
						
						
							
							Fix another potential hang in TlsStream::Handshake  
						
						... 
						
						
						
						refs #8550  
						
						
					 
					
						2015-02-27 09:03:23 +01:00 
						 
				 
			
				
					
						
							
							
								Gunnar Beutner 
							
						 
					 
					
						
						
						
						
							
						
						
							4e8c5706e1 
							
						 
					 
					
						
						
							
							Don't send heartbeats during log replay  
						
						... 
						
						
						
						fixes  #8461 
refs #8485  
					
						2015-02-26 14:59:39 +01:00