GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,559 Commits 19 Branches 88 Tags
2a59aa87eae952019a0e70b4ad6764bf70df046c
Commit Graph

2559 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
2a59aa87ea ocserv: on DTLS rehandshake or new fd reset the MTU 
This allows to avoid an indefinite drop of MTU without any possibility
to reset.
 2016-05-11 17:01:40 +02:00
Nikos Mavrogiannopoulos
4dabfe0afd doc update 2016-05-09 14:04:24 +02:00
Nikos Mavrogiannopoulos
a15fb587c8 doc: mention that restrict-user-* are experimental options 2016-05-09 12:44:49 +02:00
Nikos Mavrogiannopoulos
becd51e799 ocserv: corrected setting of UDP socket options 2016-05-09 12:12:09 +02:00
Nikos Mavrogiannopoulos
6b9b80e487 README.md: doc update 2016-05-01 00:39:30 +02:00
Nikos Mavrogiannopoulos
f77217f0f5 gnutls_pem_base64_encode2 was replaced with gnutls_pem_base64_encode_alloc 
The latter version is available in older GnuTLS versions than 3.4.0.
 2016-04-30 17:51:00 +02:00
Nikos Mavrogiannopoulos
106f0a4f5b doc update 2016-04-30 13:53:32 +02:00
Nikos Mavrogiannopoulos
6687220e48 tests: added check for cert handler validity 2016-04-30 13:53:32 +02:00
Nikos Mavrogiannopoulos
9a27c0537b sec-mod: when receiving invalid headers from main, bail out 2016-04-30 13:53:32 +02:00
Nikos Mavrogiannopoulos
43a7fe41b3 ocserv: added '/cert.pem' and '/cert.cer' HTTP handler 
This handler will return the server's certificate to the requester
in PEM and DER formats.
 2016-04-30 13:53:32 +02:00
Nikos Mavrogiannopoulos
e6c566ac76 doc update 2016-04-29 16:33:56 +02:00
Nikos Mavrogiannopoulos
5caf3f82ad .gitlab-ci.yml: enhanced separate build dir check with code coverage output 2016-04-29 16:33:41 +02:00
Nikos Mavrogiannopoulos
3f367c36bc ax_code_coverage.m4: updated to latest version 2016-04-29 16:33:36 +02:00
Nikos Mavrogiannopoulos
e142202583 README.md: updated build badge 2016-04-26 21:46:00 +02:00
Nikos Mavrogiannopoulos
4779fb0fa5 doc: updated copyright dates 2016-04-26 21:45:27 +02:00
Nikos Mavrogiannopoulos
3bc5c0607c doc update ocserv_0_11_2 2016-04-25 22:55:52 +02:00
Nikos Mavrogiannopoulos
46a53437d0 ocpasswd-test: updated grep check for more portability across systems 2016-04-19 16:57:08 +02:00
Nikos Mavrogiannopoulos
00b631e01e .gitlab-ci.yml: added build rule on freebsd 2016-04-19 16:17:02 +02:00
Nikos Mavrogiannopoulos
b706ab7871 main: reduce UDP_FD_RESEND_TIME to 3 seconds 
This allows a client to reconnect the DTLS session as soon as even
3 seconds. This addresses issue with clients turning the wifi off and
on again, not being able to reconnect with DTLS.
 2016-04-19 14:16:53 +02:00
Nikos Mavrogiannopoulos
51f3c7b1eb Moved libev initialization after daemon() and sec-mod process init 
This is because libev uses a file descriptor in FreeBSD systems
(kqueue) which is closed by the kernel on fork(). That means
that on libev deinitialization after daemon(), libev will close
another unrelated descriptor.
 2016-04-19 13:42:05 +02:00
Nikos Mavrogiannopoulos
2a7d8ac303 Revert "FreeBSD: restrict to poll or select the main event loop" 
This reverts commit 659c903369.
 2016-04-19 13:23:54 +02:00
Nikos Mavrogiannopoulos
a092673dc4 set_socket_timeout: be more verbose in error conditions 2016-04-18 16:59:40 +02:00
Nikos Mavrogiannopoulos
2debbde9a3 ocserv: initialize ctl_fd to an invalid value 
This prevents issue with clear_lists() closing the 0-fd
even when ctl_handler is not initialized.
 2016-04-17 13:43:35 +02:00
Nikos Mavrogiannopoulos
359ec5fe2e sec-mod: simplify the name of the security module to ocserv-sm 2016-04-17 12:52:23 +02:00
Nikos Mavrogiannopoulos
5ea4b32f4d tests: use 127.0.0.1 for debian radiusclient conf 
That is because freeradius listens to IPv4 by default.
Also adjusted the default log directory to match the
Fedora's one and simplify the test.
 2016-04-17 12:51:05 +02:00
Nikos Mavrogiannopoulos
0561534639 tests: updated debian tests to use libgnutls30 2016-04-17 11:05:32 +02:00
Nikos Mavrogiannopoulos
3eb5dd360e doc update 2016-04-17 10:45:26 +02:00
Nikos Mavrogiannopoulos
795730a681 configure: Add a code coverage option 
Configure with:
  ./configure --enable-code-coverage
Show coverage output with:
  make && make check && make code-coverage-capture

It does not take into account tests run under docker.
 2016-04-16 12:39:18 +02:00
Nikos Mavrogiannopoulos
b088d2df73 Makefiles: combined the rules for local libraries 2016-04-16 10:47:18 +02:00
Nikos Mavrogiannopoulos
3b844bf3f0 bumped version 2016-04-16 08:56:23 +02:00
Nikos Mavrogiannopoulos
df36a4c0ba main: close stdin and stdout as early after daemon() 
The reason is that in some systems daemon() may close stdin
completely. If we delay this close and another descriptor takes
the stdin fileno, we may end up closing a legitimate descriptor.
 2016-04-16 08:49:35 +02:00
Nikos Mavrogiannopoulos
8ae0d044f2 doc update 2016-04-16 08:47:30 +02:00
Nikos Mavrogiannopoulos
659c903369 FreeBSD: restrict to poll or select the main event loop 
This addresses an issue with FreeBSD and the kqueue interface.
When used it causes the sec-mod spawn to fail. Enabling it, it possibly
affects the pipes generated for communication.
 2016-04-16 08:47:05 +02:00
Nikos Mavrogiannopoulos
ca4e281c1d setproctitle: fixed compilation issue in Linux systems without prctl 2016-04-15 14:22:47 +02:00
Nikos Mavrogiannopoulos
70d78f39d9 updated comment 2016-04-15 14:16:51 +02:00
Nikos Mavrogiannopoulos
9a125c3aba tests: update tests to include the running username/group 
That removes the requirement to keep a uid_wrapper specific
hack in check_upeer_id().
 2016-04-15 11:17:35 +02:00
Nikos Mavrogiannopoulos
4c43f06ab5 tests: added check for connection using invalid certificate 2016-04-12 22:13:54 +02:00
Nikos Mavrogiannopoulos
34d059c43a sec-mod: corrected comment 2016-04-12 21:54:12 +02:00
Nikos Mavrogiannopoulos
eb9cdf1933 TODO: mention hostname override 2016-04-12 21:48:11 +02:00
Nikos Mavrogiannopoulos
01cde787d3 doc update 2016-04-02 15:06:13 +02:00
Nikos Mavrogiannopoulos
071a37aaa4 tests: Added test for radius group receiving 
This tests the receiving of groups using "Class" radius attribute
in the format "OU=group1;group2".
 2016-04-01 15:39:38 +02:00
Nikos Mavrogiannopoulos
e798493d08 sec-mod: perform group checks at auth completion stage 
This allows to retrieve allowed groups from radius response.
 2016-04-01 15:39:02 +02:00
Nikos Mavrogiannopoulos
b5cabb9589 tests: added check for trim_trailing_whitespace() 2016-04-01 15:33:11 +02:00
Nikos Mavrogiannopoulos
ade786a0f1 radius: replace experimental Group-Name with Class attribute 
The current format allows to handle multiple groups and is used
by several radius servers.

Suggested by Yick Xie.
 2016-04-01 15:33:11 +02:00
Nikos Mavrogiannopoulos
0b4333d7ee ocserv: warn when conflicting supplemental config options are specified 
That is, do not allow radius' groupconfig=true option to be combined
with config-per-user/group. This reduces frustration since these options
are incompatible.
 2016-04-01 15:32:27 +02:00
Nikos Mavrogiannopoulos
34857ff5a5 tests: check for DNS information propagation in user config 2016-04-01 15:32:20 +02:00
Nikos Mavrogiannopoulos
6bd1d0b0e0 worker: always free the previous msg in an fd update 2016-03-28 15:49:48 +02:00
Nikos Mavrogiannopoulos
2f684a227b doc update 2016-03-23 19:53:38 +01:00
Nikos Mavrogiannopoulos
a037174a87 occtl: use '?' for unknown time 2016-03-23 19:52:40 +01:00
Nikos Mavrogiannopoulos
1b1fab8c3c occtl: add newline into print iroutes 2016-03-21 21:48:48 +01:00