GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,211 Commits 19 Branches 88 Tags
a28fc4ea844b643deed4095fab20cfb69eeb423a
Commit Graph

2211 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
a28fc4ea84 tests: added missing pam-noauth-test 2015-09-21 13:14:19 +02:00
Nikos Mavrogiannopoulos
ab923f8aaf corrected build flags for out-of-tree builds 2015-09-21 12:27:05 +02:00
Nikos Mavrogiannopoulos
8b747fd960 .gitlab-ci.yml: include make dist into test suite 2015-09-19 20:44:21 +02:00
Nikos Mavrogiannopoulos
a8ea052bbf doc: converted README.radius to markdown and link it from README.md 2015-09-19 20:43:44 +02:00
Nikos Mavrogiannopoulos
1f29345d42 Makefile: use the foreign automake rules 
That allows to compile without following the strict GNU standards.
 2015-09-19 12:48:44 +02:00
Nikos Mavrogiannopoulos
101a3cdd0f README.md: added build status 2015-09-19 12:42:54 +02:00
Nikos Mavrogiannopoulos
9ab3629da5 Added .gitlab-ci.yml 2015-09-19 12:13:57 +02:00
Nikos Mavrogiannopoulos
d5ae3fd41d converted README to markdown 2015-09-19 11:47:37 +02:00
Nikos Mavrogiannopoulos
534ebffa08 tests: radius-test-config: kill openconnect process on failure 2015-09-18 16:45:53 +02:00
Nikos Mavrogiannopoulos
6d951bb59e tests: fixes in test-cookie-invalidation 2015-09-18 16:45:53 +02:00
Nikos Mavrogiannopoulos
845fcbc891 forward all routes sent to client to occtl 2015-09-18 16:45:53 +02:00
Nikos Mavrogiannopoulos
32ebf41ccc don't pass the authentication context to accounting methods 2015-09-18 16:45:53 +02:00
Nikos Mavrogiannopoulos
7a209aad84 Force sending stats message to sec-mod from worker on disconnect 2015-09-18 16:45:53 +02:00
Nikos Mavrogiannopoulos
0461787fcc doc update 2015-09-18 16:45:53 +02:00
Nikos Mavrogiannopoulos
f5a8262944 tests: use background option in openconnect for radius-test-config 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
1eab665b50 tests: fix route check in radius-test-config 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
b5c3363af7 tests: removed IPv6 checks from pam-test 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
fb0765bf22 tests: move test-stress outside the set of test scripts 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
50f0e11cec tests: added check for pam acct config option 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
1bfa6e7648 Reinstated the PAM accounting method 
It can be used to check for a valid PAM account, even when
certificates or another authentication method is in use.
 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
a8f852c178 optimize CRL reloads by avoid auto-detection of the type on every reload 2015-09-14 19:34:02 +02:00
Nikos Mavrogiannopoulos
c093480765 doc update 2015-09-14 18:52:20 +02:00
Nikos Mavrogiannopoulos
8c349b9b88 tests: check whether DER CRLs are being read 2015-09-14 18:51:52 +02:00
Nikos Mavrogiannopoulos
9ef5569c7c Allow loading DER-encoded CRLs 2015-09-14 18:46:20 +02:00
Nikos Mavrogiannopoulos
998c0dae4b tlslib: correctly determine the presence of GNUTLS_X509_CRT_LIST_SORT 2015-09-14 18:20:31 +02:00
Nikos Mavrogiannopoulos
f2caadbe83 updated documentation for CRL reload 2015-09-14 17:59:58 +02:00
Nikos Mavrogiannopoulos
090c51cf1f check the CRL periodically and reload it when modified 2015-09-14 17:55:59 +02:00
Nikos Mavrogiannopoulos
87ab853b4f doc update 2015-09-11 16:34:37 +02:00
Nikos Mavrogiannopoulos
f889713df1 When importing server certificate(s) sort them when supported by gnutls 
That avoids the "unsorted chain" error.
 2015-09-11 16:33:56 +02:00
Nikos Mavrogiannopoulos
edba5fc23e removed pam accounting method from config file 
Reported by Stuart Henderson.
 2015-09-05 00:16:06 +02:00
Nikos Mavrogiannopoulos
95684e9056 released 0.10.8 ocserv_0_10_8 2015-09-04 21:28:43 +02:00
Nikos Mavrogiannopoulos
e5f297af09 bumped version 2015-09-04 16:05:05 +02:00
Nikos Mavrogiannopoulos
82424ffd82 added informational message on KKDCP request processing 2015-09-04 15:53:17 +02:00
Nikos Mavrogiannopoulos
f9daea3f3b tests: kerberos: updated to account the change in IPv6 address assignment 2015-09-04 15:53:05 +02:00
Nikos Mavrogiannopoulos
199b3fdfce Store the configuration file internally to avoid dependency on cmdline arguments 
That allows reloading the configuration even after our setproctitle()
has overwritten the argv arguments.
 2015-09-04 14:17:38 +02:00
Nikos Mavrogiannopoulos
e2d2d033f2 tests: updated for change in IPv6 address assignment 2015-09-03 17:00:16 +02:00
Nikos Mavrogiannopoulos
bed8335145 doc update 2015-09-03 16:03:44 +02:00
Nikos Mavrogiannopoulos
cb759d966c use the complete mask when assigning IPv6 addresses 2015-09-03 16:03:43 +02:00
Nikos Mavrogiannopoulos
da830ab3e5 .gitignore: ignore binaries in tests/ 2015-09-03 13:42:15 +02:00
Nikos Mavrogiannopoulos
76712ef87f Keep PAM in the accounting types but simply ignore it. 
That requires no configuration changes for system where this
was accidentally enabled.
 2015-08-31 16:38:05 +02:00
Nikos Mavrogiannopoulos
ddd5ebc743 setproctitle: overwrite argv and argc 2015-08-31 16:35:19 +02:00
Nikos Mavrogiannopoulos
edb0cc3039 doc update 2015-08-31 16:26:06 +02:00
Nikos Mavrogiannopoulos
1c64073cf2 pam: removed accounting; it served no purpose 
In fact it could even cause issues in the security-module
depending on what was configured in PAM.
 2015-08-31 16:19:48 +02:00
Nikos Mavrogiannopoulos
144c6454e0 doc update 2015-08-28 11:42:31 +02:00
Nikos Mavrogiannopoulos
b674a46af6 occtl: print the configured split-dns domains 2015-08-28 11:41:58 +02:00
Nikos Mavrogiannopoulos
35ed4811e5 config: avoid crash when parsing empty subconfig strings 
Reported by Niels Peen.
 2015-08-28 11:11:30 +02:00
Nikos Mavrogiannopoulos
15d637db96 tests: connect script fixes 
The connect script used for proxyproto no longer needs /tmp/connect,
it will create it.
 2015-08-25 17:47:03 +02:00
Nikos Mavrogiannopoulos
f63e0cf65e human_addr2(): only attempt to parse INET addresses 2015-08-25 12:48:44 +02:00
Nikos Mavrogiannopoulos
91926c3d57 Enforce banned list even when proxy protocol is in use 
That would be later in the authentication process by the time
main is notified of the peer's IP. That is a compromise between
terminating a malicious client early (before fork), and handling
the proxy protocol in the privileged main process, which may
reduce the overall security.
 2015-08-25 10:13:07 +02:00
Nikos Mavrogiannopoulos
dca5fb3d9b prior to release check that the version of libopts matches the included 2015-08-22 21:48:54 +02:00