ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	fd2bd42cb2	.gitlab-ci.yml: corrected kerberos tests This also corrects the kerberos test script environment to enable running the test. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-04-10 23:06:07 +02:00
Nikos Mavrogiannopoulos	a63164e182	Disable TCP queuing on the TLS port. This makes the CSTP connection more interactive for clients that cannot run over UDP. See openconnect#122 for discussion. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-04-10 21:15:39 +02:00
Nikos Mavrogiannopoulos	8cb14b7ebd	released 1.0.1 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> 1.0.1	2020-04-09 23:07:19 +02:00
Nikos Mavrogiannopoulos	304dc8af2d	doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-04-09 23:06:05 +02:00
Nikos Mavrogiannopoulos	33f225108a	config: removed reference of user-profile in group config Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-04-09 22:56:52 +02:00
Nikos Mavrogiannopoulos	b24c427b15	config: document that user-profile cannot be set per user Relates: #270 Resolves: #179 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-04-09 22:53:02 +02:00
Nikos Mavrogiannopoulos	87bee0b7cb	Merge branch 'tmp-fix-anyconnect-disconnect' into 'master' Distinguish the bye packet interpretation Closes #281 See merge request openconnect/ocserv!162	2020-04-09 12:30:54 +00:00
Nikos Mavrogiannopoulos	fca41e2fa2	Distinguish the bye packet interpretation In openconnect client the BYE packet indicates an explicit user disconnect by sending 0x0b as payload. In anyconnect clients it may indicate an intention to reconnect (e.g., because network was changed). We introduce a check for 0x0b to identify the user disconnect and add debugging output for other disconnect reasons. Relates: #281 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-04-08 21:07:36 +02:00
Nikos Mavrogiannopoulos	2c93618c90	Merge branch 'tmp-tests-updates' into 'master' Minor updates in tests See merge request openconnect/ocserv!164	2020-04-08 18:15:13 +00:00
Nikos Mavrogiannopoulos	e9251a66e8	tests: test-max-same-1/test-multi-cookie: use update_config Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-04-08 19:37:57 +02:00
Nikos Mavrogiannopoulos	9246431590	tests: radius tests are not run when radius is disabled Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-04-08 19:25:56 +02:00
Nikos Mavrogiannopoulos	689843e874	tests: separate resources in haproxy-connect in test-udp-listen-host Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-04-08 19:25:47 +02:00
Nikos Mavrogiannopoulos	b6d879d18f	Merge branch 'tmp-san-update' into 'master' Cleanup get_cert_names() See merge request openconnect/ocserv!163	2020-04-06 14:58:52 +00:00
Nikos Mavrogiannopoulos	1e657a618a	Cleanup get_cert_names() Ensure that we do not recognize unsupported names as supported. Relates: #822 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-04-06 16:21:04 +02:00
Nikos Mavrogiannopoulos	2291a37336	Merge branch 'tmp-fix-vpnc-script' into 'master' vpnc-script: added attempt-reconnect See merge request openconnect/ocserv!161	2020-04-06 12:26:20 +00:00
Nikos Mavrogiannopoulos	fe99e77ccb	vpnc-script: added attempt-reconnect Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-04-06 13:49:01 +02:00
Nikos Mavrogiannopoulos	82dc37df0c	Merge branch 'tmp-fix-banned-printing' into 'master' occtl: list actual banned entries Closes #272 See merge request openconnect/ocserv!160	2020-04-04 13:22:01 +00:00
Nikos Mavrogiannopoulos	2d9bc11f59	occtl: list actual banned entries This fixes the ban entries listing from printing all the items in the database, to all the items that are actually banned from connecting. Resolves: #272 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-04-03 22:09:14 +02:00
Nikos Mavrogiannopoulos	79cb3cb7ff	occtl: avoid division by zero Resolves: #278 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-04-03 13:45:36 +02:00
Nikos Mavrogiannopoulos	c34b84e0d1	Merge branch 'tmp-ignore-broken-dtls' into 'master' Prevent clients with a broken GnuTLS version from connecting using DTLS Closes #277 See merge request openconnect/ocserv!157	2020-04-03 11:39:28 +00:00
Nikos Mavrogiannopoulos	aa9c401cac	Prevent clients with a broken GnuTLS version from connecting using DTLS That prevents clients that send an all-zero DTLS client hello from being able to establish a connection. That also introduces the OCSERV_ALLOW_BROKEN_CLIENTS environment variable which when set to 1 it allows broken clients to connect. This is used mainly to allow test cases to pass to existing vulnerable systems in our CI. Resolves: #277 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-04-03 12:51:22 +02:00
Nikos Mavrogiannopoulos	f65eb9f318	Merge branch 'tmp-fix-cstp-send' into 'master' cstp_send_file: fixed handling of syscall interrupts See merge request openconnect/ocserv!159	2020-04-02 13:52:58 +00:00
Nikos Mavrogiannopoulos	d551b8badc	cstp_send_file: fixed handling of syscall interrupts This also increases the buffer size. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-04-02 15:05:29 +02:00
Nikos Mavrogiannopoulos	275ab571b3	Merge branch 'master' into 'master' Fix hmac hash problem for time_t and unit64_t, they may have different size in 32bit/64bit systems See merge request openconnect/ocserv!156	2020-04-01 11:31:01 +00:00
sunnyqeen	899a1323a9	Fix hmac hash problem for time_t and unit64_t, they may have different size in 32bit/64bit systems	2020-03-31 09:58:09 +00:00
Nikos Mavrogiannopoulos	ced7ba9fd3	doc update Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-27 08:24:15 +01:00
Stefan Bühler	0e6a791a40	occtl show status: produce machine-readable output for json This adds additional variables to include machine-readable output in json form. Resolves: #271 Signed-off-by: Stefan Bühler <stbuehler@web.de>	2020-03-27 08:20:34 +01:00
Nikos Mavrogiannopoulos	07948320ad	Merge branch 'fix_compilation_warnings_in_pcl' into 'master' Fixed minor compilation warnings See merge request openconnect/ocserv!153	2020-03-25 09:24:39 +00:00
Pierre Souchay	f19c3f7d23	Fixed minor compilation warnings Warnings outputed by gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 * pcl/pcl.c:385:17: warning: unused variable ‘r’ [-Wunused-variable] * Use pre-compilation directive to avoid defining unused function when not needed: * pcl/pcl.c:62:12: warning: ‘co_ctx_stackdir’ defined but not used [-Wunused-function] static int co_ctx_stackdir(void) * pcl/pcl.c:54:12: warning: ‘co_ctx_sdir’ defined but not used [-Wunused-function] static int co_ctx_sdir(unsigned long psp) Signed-off-by: Pierre Souchay <pierre@souchay.net>	2020-03-23 18:20:08 +01:00
Nikos Mavrogiannopoulos	c142868909	Merge branch 'fix-ban-log' into 'master' ban log: only log once when adding, not when increasing score when already banned See merge request openconnect/ocserv!152	2020-03-23 07:16:44 +00:00
Stefan Bühler	23430d1118	ban log: only log once when adding, not when increasing score when already banned Signed-off-by: Stefan Bühler <stbuehler@web.de>	2020-03-22 16:01:03 +01:00
Nikos Mavrogiannopoulos	3382277e97	released 1.0.0 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> 1.0.0	2020-03-20 13:58:25 +01:00
Nikos Mavrogiannopoulos	8ff144992c	Merge branch 'tmp-fix-nas-port' into 'master' radius: do not include NAS-Port via rc_aaa() Closes #269 See merge request openconnect/ocserv!150	2020-03-20 12:40:08 +00:00
Nikos Mavrogiannopoulos	cf0bca2cae	radius: do not include NAS-Port via rc_aaa() We were previously asking rc_aaa() to include NAS-Port pair to the request which has undesirable results. Resolves: #269 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-19 22:20:40 +01:00
Nikos Mavrogiannopoulos	e97022e01d	Merge branch 'tmp-detect-ios' into 'master' Provide a special IPv6 route for iOS Closes #254 See merge request openconnect/ocserv!146	2020-03-16 22:33:42 +00:00
Nikos Mavrogiannopoulos	88059e43ac	.gitlab-ci.yml: no longer test on Centos6 This is a very old platform with old openconnect available in EPEL. We do not need to keep compatibility with it. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-16 22:56:18 +01:00
Nikos Mavrogiannopoulos	3544e3ee2b	tests: verify environment under Apple clients Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-16 22:21:37 +01:00
Nikos Mavrogiannopoulos	3475e2b0fc	Provide a special IPv6 route for iOS When IPv6 is requested by iphone we provide a special route that is necessary by these clients to use IPv6. Resolves: #254 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-15 13:23:37 +01:00
Nikos Mavrogiannopoulos	65a7fcab67	tests: remove option pointing to non-existant script Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-15 13:23:35 +01:00
Nikos Mavrogiannopoulos	881953c293	Merge branch 'tmp-test-psk-negotiate' into 'master' Fix PSK-NEGOTIATE ciphers Closes #262 See merge request openconnect/ocserv!147	2020-03-12 19:40:32 +00:00
Nikos Mavrogiannopoulos	af11e05ff7	Merge branch 'tmp-werror' into 'master' Introduce a -Werror build See merge request openconnect/ocserv!148	2020-03-12 19:26:18 +00:00
Nikos Mavrogiannopoulos	c4759fd334	.gitlab-ci.yml: introduce run with -Werror This allows catching warnings that could have slipped in. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	f14385e1b4	worker-proxyproto: corrected type of data_size to avoid warnings in comparisons Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	fb07fcca87	vpn.h: made sign of max_ban_score more appropriate Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	bcc07c935e	tests: improved ipv6-prefix Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	449e608f86	str_replace_str: ensure types match for comparison Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	bf8616cbca	tests: generate_oidc_test_data: fixed used of strncat Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	370cc7cdf7	disable_system_calls: ensure gettimeofday is not a macro Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	6b84d7e681	eliminate warnings when used for unit testing tests Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos	13b92d3b11	Fix crypt.h detection Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00

... 3 4 5 6 7 ...

3419 Commits