External IP resolution via '-R' (or '--resolve-ip-http') is now done via SSL by
default. The IP resolution URL is now 'https://www.cipherdyne.org/cgi-gin/myip',
and a warning is generated in '-R' mode whenever a non-HTTPS URL is specified
(it is safer just to use the default). The fwknop client leverages 'wget' for
this operation since that is cleaner than having fwknop link against an SSL
library.
When validating access.conf stanzas make sure that one of
GPG_REMOTE_ID or GPG_FINGERPRINT_ID is specified whenever GnuPG
signatures are to be verified for incoming SPA packets. Signature
verification is the default, and can only be disabled with
GPG_DISABLE_SIG but this is NOT recommended.
Add a new GPG_FINGERPRINT_ID variable to the access.conf file
so that full GnuPG fingerprints can be required for incoming SPA packets
in addition to the appreviated GnuPG signatures listed in GPG_REMOTE_ID.
From the test suite, an example fingerprint is
GPG_FINGERPRINT_ID 00CC95F05BC146B6AC4038C9E36F443C6A3FAD56
This commit fixes a minor memory leak in the fwknop client before
calling exit() when an abnormally large number of command line arguments
are given. The leak was found with valgrind together with the test
suite (specifically the 'show last args (4)' test):
==23748== 175 bytes in 50 blocks are definitely lost in loss record 1 of 1
==23748== at 0x4C2C494: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23748== by 0x1112F1: run_last_args (fwknop.c:991)
==23748== by 0x110D36: prev_exec (fwknop.c:916)
==23748== by 0x10D953: main (fwknop.c:170)
Additional test coverage was added for the client via the
basic_operations.pl tests.
Running the test suite with --enable-valgrind resulted in large numbers
of leaks detected in gpgme functions. This commit adds a valgrind
suppressions file to squash these errors (which are not fwknop's fault),
and also enables the valgrind --child-slient-after-fork option by
default. Both of these can disable in test suite execution with two
new options: --valgrind-disable-suppressions and
--valgrind-disable-child-silent.
- [server] When GnuPG is used, the default now is to require that
incoming SPA packets are signed by a key listed in GPG_REMOTE_ID for each
access.conf stanza. In other words, the usage of GPG_REQUIRE_SIG
is no longer necessary in order to authenticate SPA packets via the
GnuPG signature. Verification of GnuPG signatures can be disabled with a
new access.conf variable GPG_DISABLE_SIG, but this is NOT a
recommended configuration.
- [client+server] Add --gpg-exe command line argument and GPG_EXE
config variable to ~/.fwknoprc and the access.conf file so that the path
to GnuPG can be changed from the default /usr/bin/gpg path.