IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The interface here is a bit weird - if the verify callback returns 1
for a certificate higher up in the chain, this will propagate to the
next invocation of the callback for the next certificate, even if
openssl on its own would not trust the certificate.
By re-ordering the checks and keeping track of the fact that we
returned 1 despite openssl failing its own validation, the validation
logic should now cover all combinations of certificate count and
self-signed/system trust status.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This prohibits the cookie from being sent along in cross-site
sub-requests or when the user navigates to a different site.
Signed-off-by: Max Carrara <m.carrara@proxmox.com>
it's very odd to have buildsystem targets that go over the git repos
root directory boundary, as one *must not* depend on unrelated
things.
Rather just comment that and how this was derived from pve-common's
exception module.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Note that in PVE we should instantiate the API client with
`pve_new_format` in order to have this client also switch to
the new mechanism, otherwise the old api will be used which
does not support multiple factors or recovery keys.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
If we verified that the hostname matches the cert we can also trust
the openssl verification result.
We get the openssl result as first parameter[0].
[0]: https://metacpan.org/pod/IO::Socket::SSL#SSL_verify_callback
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
else we'd break "inheriting" (or whatever perl does is called) to
child modules
> Never use the one-argument form of bless.
-- Perl Best Practices, Pg. 365
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
one can always get it from the useragent, changing it here would not
do anything anyway, so this also avoids some possible confusion.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
this patch enables to pass totp codes during cluster join if tfa has
been enabled for root@pam (or any other user actually, but having it enabled on
root causes problems during cluster join).
u2f support is not yet implemented.
Co-developed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Co-developed-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
The duplication of the version information both in the Makefile and in
debian/changelog is a potential error point, and an unneeded one.
Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
