relayd: allow explicit paths for certificates, keys and OCSP staples
Extend the "keypair" keyword in relayd.conf to support optional explicit paths.
Previously, relayd enforced a naming convention, looking up files in /etc/ssl
and /etc/ssl/private based on the keypair name.
This change allows other applications to manage their certificates without
having to comply with relayd's internal naming logic.
Input and OK kirill@, help form tb@
libjxl: re-commit sthen's switch to DIST_TUPLE
Test data is copied to ${WRKDIST}/testdata, not to ${WRKDIR}/testdata,
which triggered a build-time assert (JXL_CRASH() aka __builtin_trap()).
ok landry (maintainer), sthen
frag6_input(): must always decrement counter when dropping fragment
Currently frag6_input() does not decrement counter in one case:
- it is processing fragment with offset 0 which arrives after
the last fragment (fragment with max. offset)
- there are more IPv6 extension headers between IPv6 header
and IPv6 fragment header
- re-assembled packet exceeds IPV6_MAXPACKET size limit
if conditions above are met, then fragment gets dropped without
decrementing counters. This commit fixes that.
The issue was pointed out by Frank Denis.
OK bluhm@