GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,403 Commits 19 Branches 88 Tags
7b0e20e6adea753dd4f30eae5bda23b66afeed9a
Commit Graph

1403 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
7b0e20e6ad sec-mod: made logging consistent with the main server 2014-12-01 22:49:09 +01:00
Nikos Mavrogiannopoulos
c402c03d09 doc update 2014-11-30 14:44:08 +01:00
Nikos Mavrogiannopoulos
cb9dcde387 Notify the client that the server may have a dynamic DNS address 
That is send "X-CSTP-DynDNS: true", in CSTP headers if the
server is configured as having a dynamic DNS address.
 2014-11-30 11:30:08 +01:00
Nikos Mavrogiannopoulos
9a7a9a36a1 use define _XOPEN_SOURCE to get crypt() 2014-11-29 19:49:38 +01:00
Nikos Mavrogiannopoulos
987974a59e sec-mod: print whether a certificate is present 2014-11-27 13:33:02 +01:00
Nikos Mavrogiannopoulos
74aa65bfa0 enhanced sample.config 2014-11-26 17:09:54 +01:00
Nikos Mavrogiannopoulos
ece3324e40 forward to gnutls manual for priority string documentation 2014-11-25 21:59:40 +01:00
Nikos Mavrogiannopoulos
f96177ebe8 released 0.8.8 ocserv_0_8_8 2014-11-22 15:25:38 +01:00
Nikos Mavrogiannopoulos
8f84801c32 use TCP_NOPUSH in systems that support it (FreeBSD) 2014-11-18 22:29:37 +01:00
Nikos Mavrogiannopoulos
0320f61e3f Disable RC4 in the default priority strings 2014-11-18 22:23:02 +01:00
Nikos Mavrogiannopoulos
dc8c340bed bumped version 2014-11-17 20:16:47 +01:00
Nikos Mavrogiannopoulos
141bc755ad when generating the DTLS session ID set its size as well 2014-11-16 12:36:20 +01:00
Nikos Mavrogiannopoulos
bf2e8c8cd6 added oclog_hex() 2014-11-16 12:34:30 +01:00
Nikos Mavrogiannopoulos
6103f5066d doc update 2014-11-16 10:04:59 +01:00
Nikos Mavrogiannopoulos
78b3685f7a Generate a new DTLS session ID on every cookie connection 
That allows openconnect to distinguish when the DTLS key has switched.
 2014-11-16 10:00:15 +01:00
Nikos Mavrogiannopoulos
01bbb5cfa1 print the username earlier in log 2014-11-16 09:15:28 +01:00
Nikos Mavrogiannopoulos
f1e71ec597 improved logged messages 2014-11-15 12:47:30 +01:00
Nikos Mavrogiannopoulos
57cbb43a3b advertise a new DTLS session only when it is one 2014-11-15 12:32:31 +01:00
Nikos Mavrogiannopoulos
79668eb5e5 partially reverted b924eba1ac 
The timeouts were reset to the original values.
 2014-11-15 10:21:26 +01:00
Nikos Mavrogiannopoulos
845562201a doc update 2014-11-15 10:10:18 +01:00
Nikos Mavrogiannopoulos
a4ec19eb55 disable matching of IPs when the listen-clear-file option is set 2014-11-15 09:50:35 +01:00
Nikos Mavrogiannopoulos
b924eba1ac reduced the severity of log messages when forwarding packets and reduced the timeouts 2014-11-10 16:05:02 +01:00
Nikos Mavrogiannopoulos
0311dc6291 doc update 2014-10-31 11:37:52 +01:00
Nikos Mavrogiannopoulos
12fb56a3b6 when reporting errors, mention the username of the relevant client 2014-10-31 11:37:29 +01:00
Nikos Mavrogiannopoulos
c9c9c9c32d corrected typo 2014-10-31 11:37:29 +01:00
Nikos Mavrogiannopoulos
00cb1762ac doc update 2014-10-27 23:53:39 +01:00
Nikos Mavrogiannopoulos
96b4d922e8 increased the SID_SIZE (cookie used during authentication phase) to 128 bits 2014-10-27 23:51:55 +01:00
Nikos Mavrogiannopoulos
5fa95fe9e7 send session information from worker to parent twice 
That allows to account changes after DTLS is established (e.g.,
send the DTLS ciphersuite name).
 2014-10-27 23:49:33 +01:00
Nikos Mavrogiannopoulos
f9627732ff TODO update 2014-10-27 17:05:23 +01:00
Nikos Mavrogiannopoulos
53005a2cfd use hash tables to locate proc entries 
That would avoid a walk on all connected clients, when a
new UDP session starts.
 2014-10-27 15:01:05 +01:00
Nikos Mavrogiannopoulos
81107b80f8 doc update 2014-10-27 13:46:16 +01:00
Nikos Mavrogiannopoulos
be2c8b3cc5 when selecting a DTLS ciphersuite try to ensure it matches the CSTP 2014-10-27 11:03:38 +01:00
Nikos Mavrogiannopoulos
f0871989a8 remove the disable safe renegotiation flag from DTLS 2014-10-27 10:14:54 +01:00
Nikos Mavrogiannopoulos
ad049ddd74 updated synopsis 2014-10-26 16:15:57 +01:00
Nikos Mavrogiannopoulos
ea057ed7f4 released 0.8.7 ocserv_0_8_7 2014-10-26 12:37:48 +01:00
Nikos Mavrogiannopoulos
caaf71c792 use 3des-pkcs12 in the documentation for the generation of PKCS #12 structures 
That format seems to be compatible with more clients (e.g. Anyconnect).
 2014-10-19 22:41:47 +02:00
Nikos Mavrogiannopoulos
2069af24a8 disable SSL 3.0 on the default priorities 2014-10-17 11:01:28 +02:00
Nikos Mavrogiannopoulos
c2856e2ee6 disabled session control by default in sample.config 2014-10-15 07:58:36 +02:00
Nikos Mavrogiannopoulos
b5d64c2040 doc update 2014-10-11 08:29:51 +02:00
Nikos Mavrogiannopoulos
120e49b26b only enable session control when a username/password authentication is used 2014-10-11 08:28:04 +02:00
Nikos Mavrogiannopoulos
473ceebe4c Added sanity checks into sec-mod 
That prevents a crash when certificate authentication is
used but session control is enabled. Reported by George Panda.
 2014-10-11 08:25:17 +02:00
Nikos Mavrogiannopoulos
1a32efbe20 enable non-blocking DTLS timers 2014-10-10 10:49:52 +02:00
Nikos Mavrogiannopoulos
739276fcbe removed no longer relevant todo entries 2014-10-09 20:17:29 +02:00
Nikos Mavrogiannopoulos
aafa981ed9 doc update 2014-10-09 20:15:53 +02:00
Nikos Mavrogiannopoulos
ba6455c6e1 bumped version 2014-10-08 23:14:22 +02:00
Nikos Mavrogiannopoulos
b2a608dfec doc update 2014-10-08 23:14:22 +02:00
Nikos Mavrogiannopoulos
ccfa8cd936 corrected typo 2014-10-07 15:46:07 +02:00
Nikos Mavrogiannopoulos
288a81f4c9 changes for non-blocking sockets 2014-10-06 00:07:58 +02:00
Nikos Mavrogiannopoulos
ccd07f96fc use non-blocking sockets in worker process 2014-10-05 22:13:08 +02:00
Nikos Mavrogiannopoulos
db48e3db07 added set_non_block() 2014-10-05 22:00:53 +02:00