Nikos Mavrogiannopoulos
a2e33f71a1
tests: corrected full-test checks
2015-03-16 16:00:17 +01:00
Nikos Mavrogiannopoulos
cbed2ac57b
doc update
2015-03-16 15:48:51 +01:00
Nikos Mavrogiannopoulos
f64e373084
worker: when receiving auth_cookie_reply from main update the SID
...
That fixes an issue where the worker didn't know its correct
SID, because (1) we didn't always send the SID as cookie - corrected in
the previous patch, and (2) openconnect client doesn't honour all cookies,
only the webvpnc one. In all cases it is more trustworthy to check our
view of the SID rather than rely on the cookie.
Resolves issue with stats not being transmitted to sec-module when
using certificate authentication.
2015-03-16 15:47:23 +01:00
Nikos Mavrogiannopoulos
89ecadf183
worker: always set the webvpncontext cookie
2015-03-16 15:41:14 +01:00
Nikos Mavrogiannopoulos
b9c9904903
full-test: set PORT_OCSERV
2015-03-16 14:07:05 +01:00
Nikos Mavrogiannopoulos
53aa95bc1e
print unknown SIDs
2015-03-16 14:06:45 +01:00
Nikos Mavrogiannopoulos
e81c6755ee
released 0.10.1
2015-03-15 16:47:36 +01:00
Nikos Mavrogiannopoulos
419ac8ecff
ensure that sendmsg and recvmsg don't get interrupted
2015-03-15 11:25:09 +01:00
Nikos Mavrogiannopoulos
872f39f777
sec-mod: handle unknown messages as bad commands
2015-03-15 11:20:42 +01:00
Nikos Mavrogiannopoulos
95b9f61f90
doc update
2015-03-15 11:14:00 +01:00
Nikos Mavrogiannopoulos
542597d08b
bumped version
2015-03-14 19:24:33 +01:00
Nikos Mavrogiannopoulos
87fe1747b8
call session_close only when session_open has succeeded
2015-03-14 19:19:41 +01:00
Nikos Mavrogiannopoulos
fac64468dc
tests: enhance test-cookie-timeout to detect issues with main-sec-mod not in sync
2015-03-14 19:15:47 +01:00
Nikos Mavrogiannopoulos
da29bb99f3
doc update
2015-03-14 18:57:59 +01:00
Nikos Mavrogiannopoulos
423540b757
tolerate session close in unusual cases, and avoid desync
2015-03-14 18:54:22 +01:00
Nikos Mavrogiannopoulos
6c1f88a090
sec-mod: only exit on ERR_BAD_COMMAND errors from main msg handler
2015-03-14 18:46:17 +01:00
Nikos Mavrogiannopoulos
00e775dac6
radius-test: include radius accounting test
2015-03-13 15:53:07 +01:00
Nikos Mavrogiannopoulos
fed17e005a
config: simplified comparison
2015-03-12 09:12:47 +01:00
Nikos Mavrogiannopoulos
d3c0d6a2c8
icmp-ping: explicitly specify type
2015-03-12 09:12:47 +01:00
Nikos Mavrogiannopoulos
d9fb482361
configure: removed stray ','
2015-03-12 09:12:47 +01:00
Nikos Mavrogiannopoulos
551f22f57c
released 0.10.0
2015-03-10 18:22:30 +01:00
Nikos Mavrogiannopoulos
54dfdf3d59
doc update
2015-03-06 13:56:25 +01:00
Nikos Mavrogiannopoulos
755f8ad6c2
document GSSAPI authentication
2015-03-06 13:49:22 +01:00
Nikos Mavrogiannopoulos
e3df6c9cf0
doc update
2015-03-06 13:42:50 +01:00
Nikos Mavrogiannopoulos
b27ff28971
updated sample.config
2015-03-04 10:28:15 +01:00
Nikos Mavrogiannopoulos
17edec6bc6
disable DTLS if there is no ciphersuite in common
2015-03-04 10:25:26 +01:00
Nikos Mavrogiannopoulos
642edaae59
doc update: mention that banning cannot be combined with listen-clear-file
2015-03-03 15:37:58 +01:00
Nikos Mavrogiannopoulos
adc8473328
chroot_dir, occtl_socket_file and socket_file_prefix were moved to permanent config options
2015-03-03 11:50:48 +01:00
Nikos Mavrogiannopoulos
b4347e4971
updated documentation with options that will be read in reload
2015-03-03 11:44:51 +01:00
Nikos Mavrogiannopoulos
cf483b046b
increased the maximum configuration options to 96
...
That allows for up to 96 routes to be sent by the server.
2015-03-03 11:28:53 +01:00
Nikos Mavrogiannopoulos
81b6b6bd3c
doc update
2015-03-03 11:26:44 +01:00
Nikos Mavrogiannopoulos
b732a6e91e
doc update
2015-03-03 11:19:30 +01:00
Nikos Mavrogiannopoulos
3693f1baa5
tests: check whether local-map in gssapi is required by default
2015-03-03 11:13:28 +01:00
Nikos Mavrogiannopoulos
f33b7f9559
doc update
2015-03-03 11:06:54 +01:00
Nikos Mavrogiannopoulos
09f7b81f20
don't call exit from main process; use the termination path
2015-03-03 11:00:51 +01:00
Nikos Mavrogiannopoulos
05accfeb0d
always check tmsg for null prior to freeing it
2015-03-02 16:28:22 +01:00
Nikos Mavrogiannopoulos
3da0b450b9
corrected default value of DPD
2015-03-02 16:27:14 +01:00
Nikos Mavrogiannopoulos
d90600b46c
avoid warnings on type of the parameter used for the allocation pool
2015-03-02 16:23:12 +01:00
Nikos Mavrogiannopoulos
cdb1b70822
do not send IPv6 accounting with radius; there is a bug in freeradius-client
2015-03-02 13:19:00 +01:00
Nikos Mavrogiannopoulos
d4a26b9fbe
clear_cfg_file() -> clear_cfg()
2015-03-02 13:18:58 +01:00
Nikos Mavrogiannopoulos
bf23bb82ba
cast CMSG_DATA to avoid warnings
2015-03-02 13:18:56 +01:00
Nikos Mavrogiannopoulos
cc16a65819
separated permanent configuration options from the reloaded ones
2015-03-02 13:18:52 +01:00
Nikos Mavrogiannopoulos
e232ebc764
tests: added check of behavior when SIGHUP is given
2015-03-02 09:04:17 +01:00
Nikos Mavrogiannopoulos
f4d14f7000
sec-mod: will exit if it fails to process commands from main
2015-03-02 09:00:18 +01:00
Nikos Mavrogiannopoulos
65c83c6e84
added option to completely disable compression support
2015-03-01 09:50:24 +01:00
David Woodhouse
bbe272a0b4
Stop using 1ULL as the base value to be shifted in LZS GET_BITS()
...
Keeping this as an int is fine; it'll never be shifted by more than 9. And
the promotion of (src[0] << (bits - bits_left)) from int to unsigned long
long makes Coverity unhappy because of the sign-extension.
(patch copied from openconnect)
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com >
2015-03-01 09:46:43 +01:00
Nikos Mavrogiannopoulos
4aa726bd9c
main-ctl-unix: avoid using remove_proc() unless necessary
2015-02-27 22:51:49 +01:00
Nikos Mavrogiannopoulos
58a3c7fd58
close stdin and stdout descriptors by default
2015-02-27 22:45:06 +01:00
Nikos Mavrogiannopoulos
c0838241d0
updated log message
2015-02-27 22:40:26 +01:00
Nikos Mavrogiannopoulos
d89862811f
tests: added missing file
2015-02-27 22:39:57 +01:00
