GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-13 06:48:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,349 Commits 17 Branches 89 Tags
0390f21db6408db5bd85871186781c95bbe7bf67
Commit Graph

35 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
0390f21db6 added recv_timeout() to replace force_read_timeout() in socket reading 2014-10-05 14:41:45 +02:00
Nikos Mavrogiannopoulos
4ea5a56ace Allow the CSTP layer to operate without TLS 
That also introduces a unix domain socket under which connections to the
server can occur.
 2014-09-23 16:08:29 +02:00
Nikos Mavrogiannopoulos
aaa06e3157 TLS sessions expire the at cookie timeout. 2014-05-27 16:01:14 +02:00
Nikos Mavrogiannopoulos
0586e4c5fa Simplified the TLS hash table initialization. 2014-05-27 15:00:13 +02:00
Nikos Mavrogiannopoulos
969e684960 Use talloc() for all allocations to reduce the possibility of memory leaks. 2014-05-09 16:13:11 +02:00
Nikos Mavrogiannopoulos
89ddd81c0e Use exit_worker() or gnutls fatal errors instead of plain exit(). 
That solves issue with stats not being reported to the main process.
 2014-05-04 14:16:47 +02:00
Nikos Mavrogiannopoulos
3f8661a98a renamed function names for clarity. 2014-04-16 11:49:13 +02:00
Nikos Mavrogiannopoulos
ee12a7509d renamed function for consistency 2014-04-06 10:02:16 +02:00
Nikos Mavrogiannopoulos
bd9aaa1228 Revert "Try to read more than a single packet from the TUN device." 
This reverts commit 019126abfd.
 2014-04-06 09:08:44 +02:00
Nikos Mavrogiannopoulos
019126abfd Try to read more than a single packet from the TUN device. 2014-04-03 13:54:56 +02:00
Nikos Mavrogiannopoulos
d00319faf4 Updates in CRL handling. 
Ensure reload on SIGHUP, and do print an appropriate error
when an empty CRL file is encountered.
 2014-04-02 12:55:43 +02:00
Nikos Mavrogiannopoulos
4f9e06d16d Do not block in TLS and DTLS reads 
This prevents an issue where a client disconnects but the server
is blocked on a DTLS read without being able to detect the
disconnection.
 2014-03-09 21:40:07 +01:00
Nikos Mavrogiannopoulos
3d0a69e5f6 Indicate properly the status of TLS authentication when a client has reconnected. 2014-01-12 10:16:10 +01:00
Nikos Mavrogiannopoulos
cdba1ae374 Try to release as much memory as possible to be able to detect real memory leaks. 2014-01-09 17:27:49 +01:00
Nikos Mavrogiannopoulos
85f4db201c updated license information and authors 2013-11-05 19:38:30 +01:00
Nikos Mavrogiannopoulos
009e76cac3 Do not wait for socket to be ready when sending DTLS data. 2013-10-04 09:40:46 +02:00
Nikos Mavrogiannopoulos
e9be6eff7d corrected values returned in X-CSTP-MTU and X-DTLS-MTU 2013-06-10 19:39:19 +02:00
Nikos Mavrogiannopoulos
376fea950f removed session ticket support 2013-03-24 18:53:30 +01:00
Nikos Mavrogiannopoulos
5a4ce846b7 The TLS private keys are kept into a privileged process. 
That process is called security-module (sec-mod) and communicates
with the workers using a unix domain socket.
 2013-03-15 17:47:38 +01:00
Nikos Mavrogiannopoulos
1eeb33d5d7 enable session tickets. 2013-03-11 19:49:33 +01:00
Nikos Mavrogiannopoulos
a0f1867c58 Allow setting DH parameters. 2013-03-07 09:19:25 +01:00
Nikos Mavrogiannopoulos
41e8d020b5 Several updates to handle URLs requested by the cisco client. 2013-03-01 19:52:10 +01:00
Nikos Mavrogiannopoulos
214bec96f0 Load PINs early. 2013-02-19 07:35:11 +01:00
Nikos Mavrogiannopoulos
334338c73b Enable maintainance when maximum TLS sessions have been reached. Set more sane defaults for max sessions. 2013-02-14 08:11:16 +01:00
Nikos Mavrogiannopoulos
121b2491aa HUP signal reloads configuration 2013-02-12 18:57:05 +01:00
Nikos Mavrogiannopoulos
288766f628 use gnutls cork() and uncork() when available 2013-02-08 18:20:19 +01:00
Nikos Mavrogiannopoulos
bacf821953 cleaned up TLS code which was moved to tlslib 2013-02-08 18:20:17 +01:00
Nikos Mavrogiannopoulos
4370f88001 dropped dependency on gdbm. Cookies are stored in a hash. 2013-02-07 00:57:17 +01:00
Nikos Mavrogiannopoulos
10d9b144be Use CCAN hashes and lists. 2013-02-06 09:20:08 +01:00
Nikos Mavrogiannopoulos
1e0bcc269d reorganized headers 2013-02-05 22:11:38 +01:00
Nikos Mavrogiannopoulos
2e43570fde deinitialize the TLS cache prior to fork 2013-02-05 09:03:58 +01:00
Nikos Mavrogiannopoulos
ceca403691 Added automatic TLS session expiration. 2013-02-04 19:16:04 +01:00
Nikos Mavrogiannopoulos
1fb76ce890 Added session resumption to TLS server. 2013-02-03 21:23:29 +01:00
Nikos Mavrogiannopoulos
04f9a4ae9e tls_print -> tls_puts to distinguish from printf 2013-01-13 13:32:48 +01:00
Nikos Mavrogiannopoulos
dd99c39110 Moved sources 2013-01-13 10:57:27 +01:00