| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
- Add "home" global pointing to the user's home directory.
- Use it instead of getenv("HOME") everywhere we needed it.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Eliminate use of deprecated cssmErrorString function.
Switch to using SecCertificateCreateWithData.
Clean out unused private header availability checks.
|
|
|
|
|
|
|
|
|
|
| |
- Availability macros were incorrect.
- Some driver headers/definitions were installed even when the core library
does not contain them.
- Fix up the macOS/iOS detection of keychain/API availability - just need to
use the TARGET_OS_xxx macros instead.
- When installing private headers, install config.h so that the private
headers actually work.
|
| |
|
| |
|
| |
|
|
|
|
| |
tlscheck output.
|
|
|
|
| |
(rdar://34938533)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bytes (Issue #5216)
cups/http-private.h:
- Move all char * shadow variables to new fields array, rename old fields array
to _fields (binary compatibility).
cups/http.c:
- Add new http_add_field that can handle appending values and allocating or
clearing strings as needed.
- Update httpSetField to use http_add_field.
- Update _httpUpdate to use http_add_field instead of httpSetField.
cups/request.c:
- Fix checks for header fields.
cups/tls-*.c:
- Fix checks for Host header field.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also deprecates all httpMD5* functions.
- cgi-bin/var.c: Use cupsHashData to compute SID hash.
- cups/auth.c: Rewrite WWW-Authenticate parser to support multiple auth schemes
and the new RFC 7616 version of HTTP Digest.
- cups/cups.h: Add cupsHashString function to get a hex version of a hash.
- cups/hash.c: Add MD5 support.
- cups/http.c: Track WWW-Authenticate in a long string, concatenate new set
values.
- cups/http.h: Deprecate httpMD5* and recommend cupsDoAuth and cupsHash*.
- cups/http-private.h: Pull MD5 stuff, nonce_count is unsigned, track
WWW-Authenticate header as a potentially long string.
- cups/http-support.c: Use cupsHashData to compute UUID hash.
- cups/md5.c: Comment everything out if we have an OS-supplied MD5 hash
function.
- cups/md5passwd.c: Use cupsHash* functions.
- cups/tls-*.c: Use cupsHash* functions.
- cups/versioning.h: Add CUPS_API_2_3 definition.
- scheduler/client.c: Update WWW-Authenticate header to include AuthRef,
Local, and PeerCred schemes with parameters as needed.
|
|
|
|
|
|
|
|
|
|
|
| |
- cups/http-private.h: Move TLS/SSL version options to separate version
constants, make _httpTLSSetOptions take min/max version numbers.
- cups/tls-*.c: Update _httpTLSSetOptions and _httpTLSStart to use new min/max
version numbers.
- cups/tlscheck.c: Update _httpTLSSetOptions call.
- cups/usersys.c: Support new SSLOptions values, update _httpTLSSetOptions call.
- scheduler/conf.c: Support new SSLOptions values, update _httpTLSSetOptions
calls.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also make sure that client.conf SSLOptions do not override cupsd.conf
SSLOptions, and document the (hopefully obvious) fact that Allow* is less
secure and Deny* is more secure.
- cups/http-private.h: Add "_HTTP_TLS_SET_DEFAULT" flag for options set from
client.conf.
- cups/tls-*.c: Use new flag.
- cups/tls-gnutls.c: Fix CBC cipher suite exclusion logic, and always disable
anonymous DH.
- cups/usersys.c: Pass new flag when calling _httpTLSSetOptions.
- man/*: Update documentation.
|
|
|
|
|
|
| |
Expand CBC filter on macOS.
Add support for --tls10 and --no-cbc options with tlscheck.
|
| |
|
|
|
|
|
|
| |
`DenyCBC` and
`DenyTLS1.0` options (Issue #5037)
|
| |
|
|
|
|
| |
after some random period of inactivity).
|
|
|
|
| |
Bump copyright to 2017 in web interface and README files.
|
|
|
|
| |
macOS) for validating printer certs.
|
|
|
|
| |
for system-wide trust of printer certs.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
to trusted printers/servers (<rdar://problem/25711658>)
This change also makes the default value of AllowExpiredCerts NO instead of YES.
Finally, add support for loading most client.conf options (NOT ServerName or
User) from /Library/Printers/org.cups.PrintingPrefs.plist on OS X.
|
| |
|
| |
|
|
|
|
| |
platforms...
|
|
|
|
| |
self-signed cert code.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
signing.
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@13094 a1ca3aef-8c08-0410-bb20-df032aa958be
|
|
|
|
|
|
|
| |
(<rdar://problem/24535828>)
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@13091 a1ca3aef-8c08-0410-bb20-df032aa958be
|
|
|
|
| |
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12675 a1ca3aef-8c08-0410-bb20-df032aa958be
|
|
|
|
|
|
|
| |
Expand what tlscheck can do/report.
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12649 a1ca3aef-8c08-0410-bb20-df032aa958be
|
|
|
|
| |
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12647 a1ca3aef-8c08-0410-bb20-df032aa958be
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DH/DHE support is being made optional because of known security issues with short
DH parameters. Since there is no way to conditionally use DH/DHE with a minimum
number of bits, we just have to disable it by default.
TLS/1.0 support can now be disabled due to known security issues with TLS/1.0.
However, since TLS/1.1 and TLS/1.2 support is not universally available, we
cannot simply disable TLS/1.0 like we did for SSL/3.0.
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12645 a1ca3aef-8c08-0410-bb20-df032aa958be
|
|
|
|
|
|
|
|
|
|
| |
commands (STR #4528)
Load default client.conf values in the proper order, and then allow them to be
overridden.
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12480 a1ca3aef-8c08-0410-bb20-df032aa958be
|
|
|
|
| |
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12214 a1ca3aef-8c08-0410-bb20-df032aa958be
|
|
|
|
|
|
|
|
|
| |
SSL 3.0 and RC4 (STR #4476)
(currently RC4 cipher restrictions are not implemented on OS X or Windows)
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12211 a1ca3aef-8c08-0410-bb20-df032aa958be
|
|
|
|
|
|
|
| |
Update USB quirks for MX310 and MX320 (STR #4482)
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12159 a1ca3aef-8c08-0410-bb20-df032aa958be
|
|
|
|
| |
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12094 a1ca3aef-8c08-0410-bb20-df032aa958be
|
|
|
|
| |
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12029 a1ca3aef-8c08-0410-bb20-df032aa958be
|
|
|
|
| |
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12008 a1ca3aef-8c08-0410-bb20-df032aa958be
|