ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	bd5ad4d7c3	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-01 13:31:59 +02:00
Nikos Mavrogiannopoulos	8eda81e033	proc-search: indentation fixes Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-01 13:30:47 +02:00
Nikos Mavrogiannopoulos	63b7e81e87	tests: added test with proxy-protocol That tests operation under haproxy with proxy-protocol without docker. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-01 13:30:47 +02:00
Nikos Mavrogiannopoulos	5c719b4264	worker: properly handle the haproxy health commands That is, do not close that connection, but follow up and accept it, according to the protocol. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-01 13:30:47 +02:00
Nikos Mavrogiannopoulos	e09f54ea77	NEWS: document only entries which are not available in 0.11.x branch Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-22 08:46:26 +01:00
Nikos Mavrogiannopoulos	348a45902e	Merge branch 'tmp-bsd-rename' into 'master' Rename the tun device on FreeBSD See merge request ocserv/ocserv!71	2018-03-22 07:41:06 +00:00
Nikos Mavrogiannopoulos	1aa3056849	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-21 12:55:04 +01:00
Nikos Mavrogiannopoulos	d8731fbb99	configure: warn when no worker isolation is available Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-21 12:52:04 +01:00
Nikos Mavrogiannopoulos	0247db65d2	tun: better separation of OS dependent tun functionality Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-21 12:52:04 +01:00
Nikos Mavrogiannopoulos	511fe9a0d3	combined bsd_open_tun with bsd_ifrename Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-21 12:52:04 +01:00
Nikos Mavrogiannopoulos	6913b1fb33	rename tun device on FreeBSD Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-21 12:52:04 +01:00
Nikos Mavrogiannopoulos	e996e2fe06	Merge branch 'tmp-fix-multi-line-val' into 'master' Allow more than 128+96 configuration options Closes #141 See merge request ocserv/ocserv!74	2018-03-21 11:40:22 +00:00
Nikos Mavrogiannopoulos	1e88a224ee	_add_multi_line_val: corrected array size extension The current implementation would impose an artificial limit of configuration options to (DEFAULT_CONFIG_ENTRIES+128) after which the server would crash on loading. With that change we allow for an arbitrary number of configuration options. Resolves #141 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-21 12:28:26 +01:00
Nikos Mavrogiannopoulos	0de68ef4b1	tests: added reproducer for #141 This tests whether more than 128 options can be read in routes or dns fields. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-21 12:28:24 +01:00
Nikos Mavrogiannopoulos	7b4c1bae5a	.gitlab-ci.yml: added ubsan build Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-12 21:56:03 +01:00
Nikos Mavrogiannopoulos	dfab7f6e30	Create coverage report and depend on pre-built CI images It will be made available at: https://ocserv.gitlab.io/ocserv/coverage/ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-12 21:54:44 +01:00
Nikos Mavrogiannopoulos	96efa890e9	config: allow empty device name on vhosts Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-11 15:12:23 +01:00
Nikos Mavrogiannopoulos	704763ac40	config: corrected check for empty device name Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-11 06:40:20 +01:00
Nikos Mavrogiannopoulos	c2a519572b	sec-mod: move variable in the ifdef block it is used at Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-11 06:33:37 +01:00
Nikos Mavrogiannopoulos	8b0b1e6067	tlslib: added support for gnutls 3.6.3 (unreleased) That adds support for GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS which is necessary for RSA-PSS private keys. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-10 19:19:07 +01:00
Nikos Mavrogiannopoulos	a56d1b7900	README.md: better presentation of badges [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-10 18:01:38 +01:00
Nikos Mavrogiannopoulos	71f7b81b28	.travis.yml: removed; ocserv cannot be built in ubuntu14.04 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-10 17:59:06 +01:00
Nikos Mavrogiannopoulos	3365eb8ab4	worker.h: removed socklen_t non-presence work-around The socklen_t use is spread out in the code, making that work around non-functional. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-10 17:56:12 +01:00
Nikos Mavrogiannopoulos	56a2d4b7e4	use casts to avoid various clang warnings under BSD systems Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-10 17:56:12 +01:00
Nikos Mavrogiannopoulos	8245843166	updated URI Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-10 08:05:07 +01:00
Nikos Mavrogiannopoulos	ecf9132495	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-06 20:42:33 +01:00
Nikos Mavrogiannopoulos	5d0205332d	tests: introduced test program to check basic vhost functionality This checks whether connecting to different virtual hosts with different authentication methods works. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-06 20:42:33 +01:00
Nikos Mavrogiannopoulos	ba6921ed9a	Introduced the notion of virtual hosts This provides virtualized server configurations which take effect after client connection when client hello is received. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-06 20:42:31 +01:00
Nikos Mavrogiannopoulos	26bc265652	.gitlab-ci.yml: disabled rawhide build The fedora image is broken since long time. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-02 19:36:18 +01:00
Nikos Mavrogiannopoulos	d211b3d795	config: properly warn on duplicate pid-file option Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-02 19:35:44 +01:00
Nikos Mavrogiannopoulos	274415d050	tests: use the --pid-file and -p options in ocserv This allows detecting issues like in #143 where these two options regressed. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-01 19:18:54 +01:00
Nikos Mavrogiannopoulos	8769b2e041	ocserv: avoid crash when --pid-file is used Resolves #143 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-01 19:13:57 +01:00
Nikos Mavrogiannopoulos	cc12fe7131	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-27 07:04:28 +01:00
Nikos Mavrogiannopoulos	9bb7799fc2	worker: only switch to GSSAPI authentication if not already used certificate That allows using gssapi as primary and certificate as fallback. Resolves #108 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-25 16:41:59 +01:00
Nikos Mavrogiannopoulos	d3c29765a3	worker: use explicit parenthesis for clarity Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-25 16:40:24 +01:00
Nikos Mavrogiannopoulos	15fd4c9fbb	tests: introduced tests with gssapi falling back to pass or certs Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-25 16:31:55 +01:00
Nikos Mavrogiannopoulos	55bf469dce	worker: simplified fallback to next authentication method That, also allows falling back from certificate authentication failure, allowing it being listed as primary, with alternatives present. Resolves #108 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-25 16:03:50 +01:00
Nikos Mavrogiannopoulos	b59a12591c	config.c: clarify if clause Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-25 16:03:50 +01:00
Nikos Mavrogiannopoulos	4ecfed7ed0	tests: added check cert or pass auth This is the similar to the test case (test-pass-opt-cert) of pass or cert, but in that case the certificate method is set as primary. Relates #108 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-25 16:03:50 +01:00
Nikos Mavrogiannopoulos	30d4b4e677	test-pass-opt-cert: modified not to require root access Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-25 16:03:50 +01:00
Nikos Mavrogiannopoulos	86ae99864b	tests: check whether ocserv is build with oath support prior to running otp tests Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-25 16:03:33 +01:00
Nikos Mavrogiannopoulos	66f9f97d1d	test: replaced docker otp-test with cwrap test-otp Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-25 16:00:09 +01:00
Nikos Mavrogiannopoulos	00c6f566cb	tests: introduced test with OTP-password and certificate auth Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-25 14:38:19 +01:00
Nikos Mavrogiannopoulos	9dfe964def	amend: plain: avoid crash on locked accounts The null pointer dereference fix broke plain OTP setup of ocserv. Resolves #114, #137 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-25 14:37:42 +01:00
Nikos Mavrogiannopoulos	31854eb208	unix: corrected header size when receiving events Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-22 22:26:27 +01:00
Nikos Mavrogiannopoulos	896894a6b6	README.md: removed references to autogen Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-22 22:17:28 +01:00
Nikos Mavrogiannopoulos	5ebea1e475	doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-22 19:59:12 +01:00
Nikos Mavrogiannopoulos	53a166500f	Hash the peer's DTLS IP separately from its CSTP IP This allows keeping track of clients which have their DTLS stream come from a different IP location than their CSTP stream. Relates ocserv/ocserv#61	2018-02-22 08:25:18 -08:00
Nikos Mavrogiannopoulos	b7a14f1c4a	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-19 20:18:38 +01:00
Nikos Mavrogiannopoulos	83d37ace16	.gitlab-ci.yml: rawhide: do not rely on tcp wrappers They are no longer part of Fedora28. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-02-19 16:07:43 +01:00

1 2 3 4 5 ...

2946 Commits