The syntax of public key certificates can be found in RFC 5280 section
4.1. The relevant part of the syntax is the following:
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
... remaining fields omitted ...
}
The version field has a default value of v1. RFC 5280 section 4.1.2.1
says the following:
If only basic fields are present, the version SHOULD be 1 (the value
is omitted from the certificate as the default value); however, the
version MAY be 2 or 3.
To help detect if the version field is present or not, the type of the
version field has an explicit tag of [0]. Due to this tag, if the
version field is present, its encoding will have an identifier octet
that is distinct from that of the serialNumber field.
ITU-T X.690 specifies how a value of such a type should be encoded with
DER. There is a PDF of X.690 freely available from ITU-T. X.690 section
8.1.2 specifies the format of identifier octets which is the first
component of every encoded value. Identifier octets encode the tag of a
type. Bits 8 and 7 encode the tag class. Bit 6 will be 0 if the encoding
is primitive and 1 if the encoding is constructed. Bits 5 to 1 encode
the tag number.
X.690 section 8.14 specifies what the identifier octet should be for
explicitly tagged types. Section 8.14.3 says if implicit tagging is not
used, then the encoding shall be constructed. The version field uses
explicit tagging and not implicit tagging, so its encoding will be
constructed. This means bit 6 of the identifier octet should be 1.
X.690 section 8.14 and Annex A provide examples. Note from their
examples that the notation for tags could look like [APPLICATION 2]
where both the tag class and tag number are given. For this example, the
tag class is 1 (application) and the tag number is 2. For notation like
[0] where the tag class is omitted and only the tag number is given, the
tag class will be context-specific.
Putting this all together, the identifier octet for the DER encoding of
the version field should have a tag class of 2 (context-specific), bit 6
as 1 (constructed), and a tag number of 0.
Signed-off-by: Ivan Abrea <ivan@algosolutions.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Update QoS markers.
Use DSCP AF21 for interactive traffic. DSCP is defined in RFC2474.
Many modern equipment no longer support IPTOS.
Signed-off-by: Codarren Velvindron <codarren@hackers.mu>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This reverts "udhcpc: paranoia when using kernel UDP mode
for sending renew: server ID may be bogus".
Users complain that they do have servers behind routers
(with DHCP relays).
function old new delta
send_packet 168 166 -2
bcast_or_ucast 25 23 -2
udhcp_send_kernel_packet 301 295 -6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/3 up/down: 0/-10) Total: -10 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This is more usable for programmatically checking the validity of a
release.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Kconfig-language.txt was deleted in commit 4fa499a17b back in 2006.
Move to docs/ as suggested by Xabier Oneca:
http://lists.busybox.net/pipermail/busybox/2014-May/080914.html
Also update references to it everywhere.
Signed-off-by: Kartik Agaram <akkartik@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
fdisk from util-linux 2.31 (maybe earlier) does not print this.
function old new delta
check_consistency 449 399 -50
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This is to avoid parsing garbage past packet's actual end.
Also const-ize params to a few functions.
function old new delta
d6_run_script_no_option - 12 +12
option_to_env 791 798 +7
d6_run_script 253 255 +2
perform_d6_release 95 93 -2
udhcpc6_main 2596 2592 -4
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 2/2 up/down: 21/-6) Total: 15 bytes
Signed-off-by: David Decotigny <ddecotig@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
In commit
c4fb8c6a - fsck: do not use statics
not only statics were changed but also a couple of
statics-unrelated changes were made.
This included the handling of the child termination status
as follows:
- if (WIFEXITED(status))
- status = WEXITSTATUS(status);
- else if (WIFSIGNALED(status)) {
+ status = WEXITSTATUS(status);
+ if (WIFSIGNALED(status)) {
This is wrong, should have used a different variable to hold exit code.
Reported by Niklas Hambüchen <mail@nh2.me>.
function old new delta
wait_one 294 282 -12
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Add support for the PXELINUX options 209 ("ConfigFile") and 210
("PathPrefix") in the DHCPv6 client.
See also: RFC5071, "Dynamic Host Configuration Protocol Options Used by
PXELINUX".
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Add support for 'bootfile-url' and 'bootfile-params' as defined by
RFC5970 "DHCPv6 Options for Network Boot".
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Add string_option_to_env() to easily generate environment variables for
known simple options.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
trim() modifies the string in place if needed and returns a pointer to
the end of the resulting string. Update udhcp_str2optset() so it no
longer sets the value of 'val' to the return value of trim().
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-t, -S and -G each take mandatory integer arguments. getopt32long()'s
option string syntax for this type of argument is 'c:+', however nsenter's
opt_str uses 'c+', which specifies two options 'c' and '+' which do not
take arguments. This means that giving a target PID causes nsenter to
exit and print the usage string:
# nsenter -t1 sh
nsenter: unrecognized option: 1
BusyBox v1.27.2 (2017-12-12 10:41:50 GMT) multi-call binary.
...
The long form options are also broken:
# nsenter --setuid=1000 --setgid=1000 sh
BusyBox v1.29.0.git (2018-05-04 13:56:49 UTC) multi-call binary.
...
`nsenter --target=<pid> sh` parses correctly and appears to work, but
<pid> is ignored and set to 0. This doesn't raise an error unless one
of the namespace arguments is also given:
# ./busybox_unstripped nsenter --target=42 sh
# exit
# ./busybox_unstripped nsenter -n --target=42 sh
BusyBox v1.29.0.git (2018-05-04 13:56:49 UTC) multi-call binary.
...
This has caused problems in a couple of places:
https://github.com/linuxkit/linuxkit/issues/567https://github.com/gliderlabs/docker-alpine/issues/359https://github.com/kontena/pharos-cluster/pull/81
Signed-off-by: Euan Harris <euan.harris@docker.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
In nsenter from util-linux, the long version of the -n option is
--net=<path>. BusyBox's version expects --network=<path>, so scripts
and examples written for util-linux's version cause BusyBox's version
to exit with the usage message.
Confusingly, until commit 036585a911, the usage message erroneously
claimed that the long option was indeed called --net; after that commit
long options are not listed at all.
Signed-off-by: Euan Harris <euan.harris@docker.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>