tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-09-01 06:58:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,262 Commits 273 Branches 124 Tags
Commit Graph

1764 Commits

Author SHA1 Message Date
Julian Brost
372f8f3599
Merge pull request #9338 from Icinga/Al2Klimov-patch-3-212 
Let new cluster certificates expire after 397 days, not 15 years
 2022-04-12 09:50:37 +02:00
Alexander A. Klimov
97dce39699 Renew certificates also periodically 2022-04-11 12:45:58 +02:00
Alexander A. Klimov
913373fc38 Introduce IsCertUptodate() 2022-04-11 12:44:52 +02:00
Alexander A. Klimov
19ecb241f5 Let new cluster certificates expire after 397 days, not 15 years 
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.7.3.pdf, section 6.3.2:

"Subscriber Certificates issued on or after 1 September 2020 SHOULD NOT have a Validity Period greater than 397 days and MUST NOT have a Validity Period greater than 398 days."
 2022-04-11 12:44:52 +02:00
Julian Brost
c402baf088
Merge pull request #9326 from Icinga/bugfix/parallel-api-package-calls-do-not-finish-while-reload 
Worker process doesn't let parallel API package stage updates to complete when terminated
 2022-04-08 12:28:11 +02:00
Yonas Habteab
e3f14883e9 Defer: Allow to cancel the callback before going out of scope 2022-04-07 11:30:50 +02:00
Alexander Aleksandrovič Klimov
92e688b94a
Merge pull request #9320 from Icinga/boost1.78 
Make compatible with Boost 1.78 (for Windows)
 2022-04-06 16:38:33 +02:00
Alexander A. Klimov
1e0a0f7f9d Fix missing include 2022-04-06 12:44:49 +02:00
Yonas Habteab
7f9cbc8707 ConfigObject: Initialize local static var at declaration to ensure thread safety 2022-03-29 16:36:50 +02:00
Julian Brost
8910abc588 Enable hostname verification in UnbufferedAsioTlsStream 2021-08-17 16:33:18 +02:00
Julian Brost
d8ab328c33 Add comments to stack trace formatter and test case 2021-07-08 14:53:15 +02:00
Julian Brost
f5873a8e75 Use backtrace_symbols() when printing stack traces on FreeBSD 
Unfortunately, the symbol resolution of boost::stacktrace is broken on
FreeBSD, therefore fall back to using backtrace_symbols() to print the
stack trace saved by Boost.

Additionally, -D_GNU_SOURCE is required on FreeBSD for the
_Unwind_Backtrace function used by boost::stacktrace.
 2021-07-08 14:53:15 +02:00
Julian Brost
a2e5cfd34f Crash handlers: use more compact string representation 2021-07-08 14:53:15 +02:00
Julian Brost
2310cdb4fa Begin crash log for SIGABRT with error message and timestamp 
This makes the format more similar to what the uncaught C++ and SEH
exception handlers write. Previously there was no indication in the
crash log that a SIGABRT happened.
 2021-07-08 14:53:15 +02:00
Julian Brost
2330ab59f8 Add some comments to __cxa_throw 
Maybe this will save the next person who has to look at this code some
time. Please don't blame me for the implementation, I'm just trying to
reconstruct what it does.
 2021-07-08 14:53:15 +02:00
Julian Brost
9fcc781172 Restructure stack and context trace selection in DiagnosticInformation and document behavior 
The logic for selecting the traces to print stays the same, but there
are fewer nested ifs now. This changes the format of the returned string
a bit by adding a heading for both traces.
 2021-07-08 14:53:15 +02:00
Julian Brost
df59aa0087 Add documentation for cast_exception function 2021-07-08 14:53:15 +02:00
Julian Brost
996f280bfc Pass fallback stacktrace to DiagnosticInformation in terminate handler 
By default, DiagnosticInformation uses the stack trace saved when the
exception was thrown, but this mechanism is not in use on Windows.
Gathering a stacktrace in the terminate handler serves as a fallback.
 2021-07-08 14:53:15 +02:00
Julian Brost
8b2f4636db Replace icinga::StackTrace with boost::stacktrace::stacktrace 
Provides roughly the same functionality but works better on certain
platforms (especially Windows) and is less code to maintain.
 2021-07-08 14:53:15 +02:00
Julian Brost
4a29c39eba Print details in uncaught SEH exception handler 2021-07-08 14:53:15 +02:00
Julian Brost
8b67e4a637 Move error message and time to the beginning of the SEH crash log 
This is more similar to the normal exception crashlog which also states
the problem and time at the beginning of the file.
 2021-07-08 14:53:15 +02:00
Julian Brost
9ebd812da5 Use boost::stacktrace instead of custom implementation in Windows SEH filter 2021-07-08 14:53:15 +02:00
Julian Brost
b5017b78d7 Run termination handler for uncaught C++ exceptions on Windows 
On Windows, the termination handler is executed for uncaught C++
exceptions unless a SEH unhandled exception filter is also set. In this
case, this filter has to explicitly chain the default filter to keep
this behavior.
 2021-07-08 14:53:15 +02:00
Julian Brost
bdbe35b42d Utility: add a function to truncate strings while avoiding collisions 2021-07-05 16:18:57 +02:00
Julian Brost
d109dfcb78 Retry file rename operations on Windows for some errors 2021-05-25 15:57:41 +02:00
Julian Brost
cf4dd94b97 Provide a conversion function from icinga::String to boost::string_view 
Boost.Beast changed the signature of
boost::beast::http::basic_fields::set in version 1.74 so that no longer
allows passing an icinga::String instance as value. This adds a
conversion function so that it works again.
 2021-05-20 16:27:51 +02:00
Louis Sautier
04f4c132ff Fix ‘fs::copy_option’ has not been declared with boost 1.74.0 
It was deprecated in
f199152b7d
 2021-05-20 16:27:51 +02:00
Noah Hilverling
2cb995e937
Merge pull request from GHSA-pcmr-2p2f-r7j6 
Verify certificates against CRL before renewing them (2.12)
 2020-12-15 12:30:19 +01:00
Julian Brost
cae22a89da Verify certificates against CRL before renewing them 
When a CRL is specified in the ApiListener configuration, Icinga 2 only
used it when connections were established so far, but not when a
certificate is requested. This allows a node to automatically renew a
revoked certificate if it meets the other conditions for auto-renewal
(issued before 2017 or expires in less than 30 days).
 2020-12-15 10:33:38 +01:00
Julian Brost
c868010884 Use ERR_error_string_n() instead of ERR_error_string() 
Explicitly pass the actual length of the buffer to avoid overflows.
 2020-12-15 08:29:37 +01:00
Julian Brost
1f945add50 Increase size of buffer for OpenSSL error messages 
According to man 3 ERR_error_string, "buf must be at least 256 bytes
long", therefore increase the buffer size to 256 everywhere.
 2020-12-15 08:29:37 +01:00
Julian Brost
159ccced65 Remove std::string to_string(const errinfo_openssl_error& e) 
The function was never used and it's implementation contains a bug where
a buffer of too small size is used as a paramter to ERR_error_string.
According to the `man 3 ERR_error_info`, the buffer has to be at least
256 bytes in size.

Also the function seems of limited use as it allows to output the tag
object used with additional error information for exceptions in Boost.
However, you boost::get_error_info<>() just returns the value type but
not the full tag object from the exception.
 2020-12-15 08:29:37 +01:00
Julian Brost
e7d9c5138b Remove SpinLock 
No longer needed as its only user now uses std::mutex.
 2020-11-27 11:32:11 +01:00
Julian Brost
867a3c0216 Add Process::WaitForResult to allow waiting for the process to finish 2020-11-27 11:32:10 +01:00
Noah Hilverling
47a6daf341
Merge pull request #8293 from Icinga/bugfix/icinga2-doesn-t-close-connections-7203 
Add timeout for boost::asio::ssl::stream#async_shutdown()
 2020-10-14 09:44:12 +02:00
Alexander A. Klimov
639c426cf3 Introduce SpinLock 2020-10-13 17:45:37 +02:00
Henrik Triem
38eb2b6bc8 WorkQueue: Allow choosing stats log level 2020-09-22 14:41:11 +02:00
Alexander A. Klimov
d69c6879fa Application#RunEventLoop(): don't wait for the thread pool to stop on shutdown 
refs #8173
 2020-09-03 14:04:42 +02:00
Noah Hilverling
97fc70ccb2
Merge pull request #7836 from Icinga/bugfix/jsonrpcconnection-m_seen 
Consider a JsonRpcConnection being seen on a single byte of TLS payload, not only a whole message
 2020-07-29 15:02:48 +02:00
Alexander A. Klimov
647f1547a9 Generalize I/O timeout emulation 2020-06-17 10:31:40 +02:00
Noah Hilverling
df43cf573c
Merge pull request #8053 from Icinga/bugfix/segfault-map-reduce-filter-null-8047 
Ensure the custom function is not null in Array#{sort,map,reduce,filter,any,all}()
 2020-06-16 15:25:11 +02:00
Alexander A. Klimov
9c85401914 Ensure the custom function is not null in Array#{sort,map,reduce,filter,any,all}() 
refs #8047
 2020-06-09 12:35:04 +02:00
Alexander A. Klimov
f21b60e390 StreamLogger#Flush(): lock self 
... just to be sure.
 2020-05-15 15:33:37 +02:00
Noah Hilverling
4c9e4959f3
Merge pull request #7823 from Icinga/bugfix/unify-application-start-times 
Fix timing point for Application::GetStartTime() (related to command endpoint grace period)
 2020-03-09 09:45:57 +01:00
Noah Hilverling
6e3c928205
Merge pull request #7837 from Icinga/bugfix/coroutine-exception 
IoEngine#SpawnCoroutine(): always terminate coroutines cleanly
 2020-03-03 11:19:18 +01:00
Michael Friedrich
06d0c3ea4e
Merge pull request #7843 from Icinga/feature/cli-pki-verify 
CLI: Add `pki verify` command for better TLS certificate troubleshooting
 2020-02-25 09:07:24 +01:00
Michael Friedrich
fdb13d1b7d TlsUtility: Replace deprecated OpenSSL function with ASN1_STRING_get0_data() 2020-02-21 13:02:58 +01:00
Alexander A. Klimov
0f84ce0470 Consider a JsonRpcConnection being seen on a single byte of TLS payload, not only a whole message 2020-02-19 11:11:53 +01:00
Alexander A. Klimov
b65aed1dd3 IoEngine#SpawnCoroutine(): always terminate coroutines cleanly 2020-02-19 10:51:26 +01:00
Michael Friedrich
548eb933c9 TlsUtility: Add getters for version, signature algorithm, SANs 2020-02-17 17:42:20 +01:00