ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	689843e874	tests: separate resources in haproxy-connect in test-udp-listen-host Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-04-08 19:25:47 +02:00
Nikos Mavrogiannopoulos	b6d879d18f	Merge branch 'tmp-san-update' into 'master' Cleanup get_cert_names() See merge request openconnect/ocserv!163	2020-04-06 14:58:52 +00:00
Nikos Mavrogiannopoulos	1e657a618a	Cleanup get_cert_names() Ensure that we do not recognize unsupported names as supported. Relates: #822 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-04-06 16:21:04 +02:00
Nikos Mavrogiannopoulos	2291a37336	Merge branch 'tmp-fix-vpnc-script' into 'master' vpnc-script: added attempt-reconnect See merge request openconnect/ocserv!161	2020-04-06 12:26:20 +00:00
Nikos Mavrogiannopoulos	fe99e77ccb	vpnc-script: added attempt-reconnect Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-04-06 13:49:01 +02:00
Nikos Mavrogiannopoulos	82dc37df0c	Merge branch 'tmp-fix-banned-printing' into 'master' occtl: list actual banned entries Closes #272 See merge request openconnect/ocserv!160	2020-04-04 13:22:01 +00:00
Nikos Mavrogiannopoulos	2d9bc11f59	occtl: list actual banned entries This fixes the ban entries listing from printing all the items in the database, to all the items that are actually banned from connecting. Resolves: #272 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-04-03 22:09:14 +02:00
Nikos Mavrogiannopoulos	79cb3cb7ff	occtl: avoid division by zero Resolves: #278 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-04-03 13:45:36 +02:00
Nikos Mavrogiannopoulos	c34b84e0d1	Merge branch 'tmp-ignore-broken-dtls' into 'master' Prevent clients with a broken GnuTLS version from connecting using DTLS Closes #277 See merge request openconnect/ocserv!157	2020-04-03 11:39:28 +00:00
Nikos Mavrogiannopoulos	aa9c401cac	Prevent clients with a broken GnuTLS version from connecting using DTLS That prevents clients that send an all-zero DTLS client hello from being able to establish a connection. That also introduces the OCSERV_ALLOW_BROKEN_CLIENTS environment variable which when set to 1 it allows broken clients to connect. This is used mainly to allow test cases to pass to existing vulnerable systems in our CI. Resolves: #277 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-04-03 12:51:22 +02:00
Nikos Mavrogiannopoulos	f65eb9f318	Merge branch 'tmp-fix-cstp-send' into 'master' cstp_send_file: fixed handling of syscall interrupts See merge request openconnect/ocserv!159	2020-04-02 13:52:58 +00:00
Nikos Mavrogiannopoulos	d551b8badc	cstp_send_file: fixed handling of syscall interrupts This also increases the buffer size. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-04-02 15:05:29 +02:00
Nikos Mavrogiannopoulos	275ab571b3	Merge branch 'master' into 'master' Fix hmac hash problem for time_t and unit64_t, they may have different size in 32bit/64bit systems See merge request openconnect/ocserv!156	2020-04-01 11:31:01 +00:00
sunnyqeen	899a1323a9	Fix hmac hash problem for time_t and unit64_t, they may have different size in 32bit/64bit systems	2020-03-31 09:58:09 +00:00
Nikos Mavrogiannopoulos	ced7ba9fd3	doc update Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-27 08:24:15 +01:00
Stefan Bühler	0e6a791a40	occtl show status: produce machine-readable output for json This adds additional variables to include machine-readable output in json form. Resolves: #271 Signed-off-by: Stefan Bühler <stbuehler@web.de>	2020-03-27 08:20:34 +01:00
Nikos Mavrogiannopoulos	07948320ad	Merge branch 'fix_compilation_warnings_in_pcl' into 'master' Fixed minor compilation warnings See merge request openconnect/ocserv!153	2020-03-25 09:24:39 +00:00
Pierre Souchay	f19c3f7d23	Fixed minor compilation warnings Warnings outputed by gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 * pcl/pcl.c:385:17: warning: unused variable ‘r’ [-Wunused-variable] * Use pre-compilation directive to avoid defining unused function when not needed: * pcl/pcl.c:62:12: warning: ‘co_ctx_stackdir’ defined but not used [-Wunused-function] static int co_ctx_stackdir(void) * pcl/pcl.c:54:12: warning: ‘co_ctx_sdir’ defined but not used [-Wunused-function] static int co_ctx_sdir(unsigned long psp) Signed-off-by: Pierre Souchay <pierre@souchay.net>	2020-03-23 18:20:08 +01:00
Nikos Mavrogiannopoulos	c142868909	Merge branch 'fix-ban-log' into 'master' ban log: only log once when adding, not when increasing score when already banned See merge request openconnect/ocserv!152	2020-03-23 07:16:44 +00:00
Stefan Bühler	23430d1118	ban log: only log once when adding, not when increasing score when already banned Signed-off-by: Stefan Bühler <stbuehler@web.de>	2020-03-22 16:01:03 +01:00
Nikos Mavrogiannopoulos	3382277e97	released 1.0.0 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> 1.0.0	2020-03-20 13:58:25 +01:00
Nikos Mavrogiannopoulos	8ff144992c	Merge branch 'tmp-fix-nas-port' into 'master' radius: do not include NAS-Port via rc_aaa() Closes #269 See merge request openconnect/ocserv!150	2020-03-20 12:40:08 +00:00
Nikos Mavrogiannopoulos	cf0bca2cae	radius: do not include NAS-Port via rc_aaa() We were previously asking rc_aaa() to include NAS-Port pair to the request which has undesirable results. Resolves: #269 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-19 22:20:40 +01:00
Nikos Mavrogiannopoulos	e97022e01d	Merge branch 'tmp-detect-ios' into 'master' Provide a special IPv6 route for iOS Closes #254 See merge request openconnect/ocserv!146	2020-03-16 22:33:42 +00:00
Nikos Mavrogiannopoulos	88059e43ac	.gitlab-ci.yml: no longer test on Centos6 This is a very old platform with old openconnect available in EPEL. We do not need to keep compatibility with it. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-16 22:56:18 +01:00
Nikos Mavrogiannopoulos	3544e3ee2b	tests: verify environment under Apple clients Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-16 22:21:37 +01:00
Nikos Mavrogiannopoulos	3475e2b0fc	Provide a special IPv6 route for iOS When IPv6 is requested by iphone we provide a special route that is necessary by these clients to use IPv6. Resolves: #254 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-15 13:23:37 +01:00
Nikos Mavrogiannopoulos	65a7fcab67	tests: remove option pointing to non-existant script Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-15 13:23:35 +01:00
Nikos Mavrogiannopoulos	881953c293	Merge branch 'tmp-test-psk-negotiate' into 'master' Fix PSK-NEGOTIATE ciphers Closes #262 See merge request openconnect/ocserv!147	2020-03-12 19:40:32 +00:00
Nikos Mavrogiannopoulos	af11e05ff7	Merge branch 'tmp-werror' into 'master' Introduce a -Werror build See merge request openconnect/ocserv!148	2020-03-12 19:26:18 +00:00
Nikos Mavrogiannopoulos	c4759fd334	.gitlab-ci.yml: introduce run with -Werror This allows catching warnings that could have slipped in. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	f14385e1b4	worker-proxyproto: corrected type of data_size to avoid warnings in comparisons Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	fb07fcca87	vpn.h: made sign of max_ban_score more appropriate Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	bcc07c935e	tests: improved ipv6-prefix Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	449e608f86	str_replace_str: ensure types match for comparison Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	bf8616cbca	tests: generate_oidc_test_data: fixed used of strncat Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	370cc7cdf7	disable_system_calls: ensure gettimeofday is not a macro Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	6b84d7e681	eliminate warnings when used for unit testing tests Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	13b92d3b11	Fix crypt.h detection Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	5e817d3d60	tests: added test to test match-tls-dtls-ciphers config option Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 17:01:01 +01:00
Nikos Mavrogiannopoulos	b0c885ca63	ocserv: fix PSK negotiation This fixes a regression which prevented DTLS-PSK (or PSK-NEGOTIATE) from being negotiated. Resolves: #262 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 16:14:22 +01:00
Nikos Mavrogiannopoulos	5097604d4d	tests: added test for PSK-NEGOTIATE ciphers Relates: #262 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 13:23:06 +01:00
Alan Jowett	780fbb89a0	Script needs access to additional client metadata. Export more information to the script, including client device platform, type and user agent. Resolves: #256 Signed-off-by: Alan Jowett <alanjo@microsoft.com>	2020-03-11 09:13:55 +01:00
Nikos Mavrogiannopoulos	9a41a27b18	NEWS: documented bearer token support Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-09 21:51:06 +01:00
Alan Jowett	b43e782b12	Add support for RFC6750 bearer tokens to ocserv This permits the validation of OpenID Connect auth tokens OpenID Connect is an OAuth 2.0 protocol used to identify a resource owner (VPN client end-user) to a resource server (VPN server) intermediated by an Authorization server. Resolves: #240 Signed-off-by: Alan TG Jowett <alan.jowett@microsoft.com>	2020-03-09 21:48:04 +01:00
Nikos Mavrogiannopoulos	a6c2d36952	Merge branch 'coverity_scan_defects' into 'master' Fix issues flag by Coverity: See merge request openconnect/ocserv!144	2020-03-05 19:26:32 +00:00
Alan Jowett	6d3b295b12	Fix issues flag by Coverity: 288530 Dereference after null check 288529 Array compared against 0 Signed-off-by: Alan Jowett <alanjo@microsoft.com>	2020-03-04 09:49:24 -07:00
Nikos Mavrogiannopoulos	31719b2cec	main: no need to check nullity on an array Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-04 12:14:54 +01:00
Nikos Mavrogiannopoulos	e70573d9fc	new_client_entry: prevent null pointer dereference Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-04 12:14:29 +01:00
Nikos Mavrogiannopoulos	85912c705e	Fixed incorrect pointer arithmetic on configuration error This addresses a crash on incorrect configuration. Reported by Zero King <l2dy@icloud.com> Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-02-29 19:43:57 +01:00

1 2 3 4 5 ...

3208 Commits