GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,406 Commits 19 Branches 88 Tags
af91c739249c63a9a04274883f6e4fc0682284ae
Commit Graph

1406 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
6f3c07ca2d SID is no longer being randomized in main. 
This was unecessary as it is now being set (and generated) by sec-mod.
 2014-06-02 09:28:36 +02:00
Nikos Mavrogiannopoulos
af7e967063 reduced the severity on several worker log messages. 2014-06-02 09:21:08 +02:00
Nikos Mavrogiannopoulos
429195987c corrected string comparison 2014-06-02 08:50:29 +02:00
Nikos Mavrogiannopoulos
3db871bb43 Do a more graceful termination of the client if main server closes the CMD fd. 2014-06-01 13:00:33 +02:00
Nikos Mavrogiannopoulos
48c2477d1f doc update 2014-05-31 22:12:22 +02:00
Nikos Mavrogiannopoulos
0c21e47f85 Always use the native endianness. 2014-05-31 22:09:09 +02:00
Nikos Mavrogiannopoulos
ade4f84e70 autogenerate args files if version.inc is update. 2014-05-31 21:47:56 +02:00
Nikos Mavrogiannopoulos
d47f8b56c1 removed no longer applicable message 2014-05-31 18:43:18 +02:00
Nikos Mavrogiannopoulos
a9375dfbba released 0.8.0 ocserv_0_8_0 2014-05-31 18:31:05 +02:00
Nikos Mavrogiannopoulos
6f5ec79678 use a more portable way to kill the openconnect process. 2014-05-31 18:30:28 +02:00
Nikos Mavrogiannopoulos
cd635fd8cb full-test: be more resilient to docker errors. 2014-05-31 18:22:56 +02:00
Nikos Mavrogiannopoulos
37daebaf84 corrected compilation with local protobuf 2014-05-31 18:12:02 +02:00
Nikos Mavrogiannopoulos
936932c29c doc update 2014-05-30 08:55:33 +02:00
Nikos Mavrogiannopoulos
70dc25dce6 Listed previous releases. 2014-05-30 07:44:11 +02:00
Nikos Mavrogiannopoulos
68516206b2 bumped version 2014-05-29 21:11:04 +02:00
Nikos Mavrogiannopoulos
c6519a74c3 main: correct hashing of cookie 2014-05-29 00:29:27 +02:00
Nikos Mavrogiannopoulos
98ed640258 more debug messages 2014-05-29 00:27:20 +02:00
Nikos Mavrogiannopoulos
1e48d0d0de main: removed the inactive ban_list. 2014-05-29 00:20:13 +02:00
Nikos Mavrogiannopoulos
ff4f895cb0 main: deactivate the cookie when releasing proc. 2014-05-29 00:19:24 +02:00
Nikos Mavrogiannopoulos
5759032ef9 worker: only check for friendly names, if there are any 2014-05-29 00:14:28 +02:00
Nikos Mavrogiannopoulos
d11d8ae47c increased the maintainance time to 15 mins 2014-05-28 10:56:03 +02:00
Nikos Mavrogiannopoulos
3dd67c3f19 inline revive_cookie() 2014-05-28 10:48:27 +02:00
Nikos Mavrogiannopoulos
9eb68a381a No need for safe_memset() of the cookie hash. 2014-05-28 10:34:26 +02:00
Nikos Mavrogiannopoulos
e5c60a7a44 Limit the number of TLS resumption requests to one. 2014-05-28 10:32:35 +02:00
Nikos Mavrogiannopoulos
3a18882a40 Store a hash of the client's cookie instead of the cookie itself. 
That ensures that the cookies cannot be leaked from the server.
On a hash collision, the IP of the other cookie in use will be
hijacked.
 2014-05-28 10:13:08 +02:00
Nikos Mavrogiannopoulos
0f0cf31a79 zeroize cookies and TLS session data after read. 2014-05-28 10:11:17 +02:00
Nikos Mavrogiannopoulos
7ccdba8234 doc update 2014-05-27 16:04:53 +02:00
Nikos Mavrogiannopoulos
aaa06e3157 TLS sessions expire the at cookie timeout. 2014-05-27 16:01:14 +02:00
Nikos Mavrogiannopoulos
a872850b1e better printing of module name. 2014-05-27 16:01:09 +02:00
Nikos Mavrogiannopoulos
68071646c6 Report the number of active cookies and TLS resumed sessions to occtl 2014-05-27 16:01:03 +02:00
Nikos Mavrogiannopoulos
25fbdfbf70 Keep track of cookies internally. 
That allows to restrict the cookie validity time to the absolutely minimum
required to establish and reconnect a recently disconnected session.
That deprecates the cookie-validity option and introduces the cookie-timeout
option.
 2014-05-27 16:00:57 +02:00
Nikos Mavrogiannopoulos
a2728265b3 corrected safe_memset() of expired sessions. 2014-05-27 15:59:22 +02:00
Nikos Mavrogiannopoulos
01211c610c Allow memset of zero 2014-05-27 15:58:12 +02:00
Nikos Mavrogiannopoulos
0586e4c5fa Simplified the TLS hash table initialization. 2014-05-27 15:00:13 +02:00
Nikos Mavrogiannopoulos
8c82e8c96c Overwrite TLS session data prior to release. 2014-05-27 14:56:30 +02:00
Nikos Mavrogiannopoulos
b4fcf4df82 use macros for reason messages 2014-05-27 11:00:30 +02:00
Nikos Mavrogiannopoulos
2e1c1bb29f require the certificate being present on the sec-mod session initialization. 2014-05-27 10:46:16 +02:00
Nikos Mavrogiannopoulos
cdddc3df0a Better HTTP error messages. 2014-05-27 10:45:28 +02:00
Nikos Mavrogiannopoulos
a2b0898821 doc update 2014-05-27 10:34:15 +02:00
Joerg Mayer
d879c9761a ocserv: Fix out of tree builds 
Signed-off-by: Joerg Mayer <jmayer@loplof.de>
 2014-05-27 09:32:29 +02:00
Nikos Mavrogiannopoulos
843883750c enable cisco-client-compat in cert test 2014-05-27 09:00:34 +02:00
Nikos Mavrogiannopoulos
b5d5e3cb36 do not deny roaming by default 2014-05-26 13:04:16 +02:00
Nikos Mavrogiannopoulos
7e06e1acfb Return 401 error on cookie authentication failure. 2014-05-25 18:50:43 +02:00
Nikos Mavrogiannopoulos
c7653e2844 doc update 2014-05-25 10:17:54 +02:00
Nikos Mavrogiannopoulos
7ba0fffb07 Added the configuration option deny-roaming. 
That required moving the read of the group configuration during the
cookie authentication phase.
 2014-05-25 10:17:28 +02:00
Nikos Mavrogiannopoulos
4b91005118 released 0.8.0pre0 2014-05-24 14:38:24 +02:00
Nikos Mavrogiannopoulos
78132e2a6d Added auto group listing on PAM authentication as well. 
In addition a configuration option to print group IDs over a
certain number was added.
 2014-05-23 16:36:48 +02:00
Nikos Mavrogiannopoulos
d3f701fba5 ensure that the group table isn't overflowed. 2014-05-23 16:01:26 +02:00
Nikos Mavrogiannopoulos
618a386f73 doc update 2014-05-23 13:31:05 +02:00
Nikos Mavrogiannopoulos
213f9a63ee license upgraded to GPLv3 2014-05-23 11:50:56 +02:00