refactor so verify early finds out which of $_GET and $_POST to use and
then stick to using only that for the entire flow.
sync only works with GET anyways so use $_GET directly.
- Traditionally we wrote two lines for each ykval-verify.php call,
'Request:' and 'Response:'.
- This commit allows us to log both request/response values in a single line.
- For backward compatibility, the old logging is kept in place.
- To write this line to syslog, __YKVAL_VERIFY_LOGFORMAT__ needs to be set.
- avoid having to use the same internal and label name,
as it's problematic.
- internal name has a lot of restrictions:
s/^[^A-Za-z_]/_/
s/[^A-Za-z0-9_]/_/g
- which doesn't allow us to show proper label names,
the names that users will see.
- label displays :80 or :443 depending on scheme.
- avoid ugliness with shortname() and instead use endpoints().
- use hostname (+ port if any) for graph name.
i.e. if we have a sync URL:
https://api.yubico.com:8080/wsapi/2.0/sync
instead of having "api" as name,
we have "api.yubico.com:8080".
- also avoid using regex and use parse_url() from php core instead.
- plugin assumed URL uses a hostname (no static ips)
and that hostname resolves to both ipv4 and ipv6.
- if we want to differentiate stats between ipv4 and ipv6,
we need to re-think this and do it in a smart way.
- for now we prefer to allow cURL to pick whatever IP it resolves,
and run the latency test on that.
- signed off by Klas Lindfors.
- this commit might affect LOG_DEBUG message,
since now we log utf8_encode($qs) not $qs.
- this is probably what we want though,
since we run hash_hmac on the latter.
- retrieveURLasync() always returns FALSE on failure now,
before it might have returned a string.
- use array_shift($a) to pop first element,
safer than $a[0];
- this commit might affect what is written to LOG_DEBUG,
since now we only write the YK-KSM message when we
are certain to have a valid response.
- grep with -i switch.
- left UnixToDbTime...
will refactor later and unwrap to plain date()
- left timestamp* methods in ykval-db,
not used but might be useful while refactoring other code.
- When calling either URLs in the sync pool or the KSMs,
the following curl options are configurable;
CURLOPT_PROTOCOLS
CURLOPT_IPRESOLVE
CURLOPT_SSLVERSION
CURLOPT_SSL_VERIFYPEER
CURLOPT_SSL_VERIFYHOST
CURLOPT_CAINFO
CURLOPT_CAPATH