You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Properly handle memory allocation failures to avoid null pointer dereference.
Correctly handle TLS error codes.
Ensure bearSSL is thread-safe.
Fix memory leak that occurred when camblet did not handle encryption.
Improve repository readability by moving files to src/ and include/.
Address CPU hog during socket read by implementing an effective wait cycle.
Speed up manual TLS handling by omitting ALPN setting and inspection-based passthrough determination.
New Features:
Support using workload ID templates for policies, allowing dynamic extension of policies with metadata values at runtime.
Implement HTTP header injection to parse incoming and outgoing HTTP requests. SPIFFEEID is inserted into incoming HTTP requests if the client authenticated with a TLS certificate.
Implement sendpage for non-kTLS workloads, enabling proper handling of sendfile, especially for cases where the go fileserver implementation relies on sendfile for request handling.
Add support for AES-GCM and AES-CCM ciphers with kTLS.
Tests:
Add a test for kTLS-disabled environments.
Extend tests to cover all supported Debian environments (kernel versions: 5.15, 6.5).