ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	ced7ba9fd3	doc update Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-27 08:24:15 +01:00
Nikos Mavrogiannopoulos	3382277e97	released 1.0.0 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-20 13:58:25 +01:00
Nikos Mavrogiannopoulos	cf0bca2cae	radius: do not include NAS-Port via rc_aaa() We were previously asking rc_aaa() to include NAS-Port pair to the request which has undesirable results. Resolves: #269 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-19 22:20:40 +01:00
Nikos Mavrogiannopoulos	3475e2b0fc	Provide a special IPv6 route for iOS When IPv6 is requested by iphone we provide a special route that is necessary by these clients to use IPv6. Resolves: #254 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-15 13:23:37 +01:00
Nikos Mavrogiannopoulos	b0c885ca63	ocserv: fix PSK negotiation This fixes a regression which prevented DTLS-PSK (or PSK-NEGOTIATE) from being negotiated. Resolves: #262 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 16:14:22 +01:00
Alan Jowett	780fbb89a0	Script needs access to additional client metadata. Export more information to the script, including client device platform, type and user agent. Resolves: #256 Signed-off-by: Alan Jowett <alanjo@microsoft.com>	2020-03-11 09:13:55 +01:00
Nikos Mavrogiannopoulos	9a41a27b18	NEWS: documented bearer token support Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-09 21:51:06 +01:00
Nikos Mavrogiannopoulos	4aeb5ea52e	NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-02-28 22:50:29 +01:00
Nikos Mavrogiannopoulos	cc651b9de5	Ensure scripts have all the information on all disconnection types When a client re-uses a cookie and takes over a previous connection previously the disconnect script of the old connection wouldn't receive the IP information. Ensure that all information is provided to scripts at this case. Resolves: #231 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-02-23 13:44:19 +01:00
Nikos Mavrogiannopoulos	1bce6526f3	updated NEWS entries [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-02-07 22:50:00 +01:00
Nikos Mavrogiannopoulos	1d7a7088bf	released 0.12.6 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2019-12-28 20:19:44 +01:00
Nikos Mavrogiannopoulos	79f6671237	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-12-28 20:14:59 +01:00
Nikos Mavrogiannopoulos	55d5af2ebc	check_multiple_users: do not account disconnected ones When max-same-clients is set to 1 and a user re-using a cookie connects, check_multiple_users() would prevent the user from reconnecting. This corrects the issue by taking into account only valid sessions that have not yet been disconnected. Resolves: #223 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-12-16 21:30:24 +01:00
Nikos Mavrogiannopoulos	4bcf29643d	ocserv: added support for per-user split-dns directive Resolves: #229 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-11-17 11:06:47 +01:00
Leendert van Doorn	f73269175a	AnyConnect clients expect a different verb (X-CSTP-DNS-IP6) for passing IPv6 DNS addresses. Signed-off-by: Leendert van Doorn <leendert@paramecium.org> Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-11-17 09:07:16 +01:00
Nikos Mavrogiannopoulos	962de41fba	released 0.12.5 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-10-16 21:32:24 +02:00
Nikos Mavrogiannopoulos	960032e065	occtl: use maxminddb when available Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-10-15 12:11:17 +02:00
Nikos Mavrogiannopoulos	b9ff297c7d	NEWS: updated Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-10-03 09:21:25 +02:00
Nikos Mavrogiannopoulos	92b5db7b26	occtl: fix json in show status This removes a trailing comma from the end of the listing, and adds a missing one. Resolves: #220 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-09-25 20:37:16 +02:00
Nikos Mavrogiannopoulos	e892ba4faa	released 0.12.4 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-07-03 21:18:43 +02:00
Nikos Mavrogiannopoulos	9d7339f317	Perform quicker cleanup of sessions which their user explicitly disconnected When a user explicitly disconnects after the session is open, cleanup its entry immediatelly. That ensures that a radius server will be notified sooner, while anyconnect clients which disconnect early (before session is open), remain unaffected. Resolves: #210 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-07-01 21:57:08 +02:00
Nikos Mavrogiannopoulos	ee2f5e8c05	remove_proc: remove script watcher from libev list This ensures that libev will not be notified by already terminated and handled scripts. Resolves: #208 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-07-01 15:04:18 +02:00
Nikos Mavrogiannopoulos	a89fbec81d	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-06-26 11:38:20 +02:00
Nikos Mavrogiannopoulos	33633560b4	NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-03-12 21:15:54 +01:00
Nikos Mavrogiannopoulos	03cd4a198c	released 0.12.3 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-03-12 21:14:24 +01:00
Nikos Mavrogiannopoulos	d9967aa63a	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-02-22 08:47:00 +01:00
Nikos Mavrogiannopoulos	0d8fd8d2b6	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-02-22 08:45:49 +01:00
Nikos Mavrogiannopoulos	8ba3987f4c	occtl: print the TLS session information, even if no DTLS channel This ensures that the main process receives the TLS channel information early and does not depend on DTLS channel establishment. Furthermore, we refactor to make setup_dtls_psk_keys() fail early when no TLS channel is available. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-01-19 20:09:53 +01:00
Nikos Mavrogiannopoulos	e0f847b984	worker: added safety check for selected DTLS ciphersuite prior to use This avoids a crash when no DTLS ciphersuite is selected and adds a test case for negotiation without DTLS. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-01-19 18:19:11 +01:00
Nikos Mavrogiannopoulos	cafd66d33d	corrected typo Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-01-10 20:01:58 +01:00
Nikos Mavrogiannopoulos	dfc8f95ee8	released 0.12.2 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-01-10 19:55:15 +01:00
Nikos Mavrogiannopoulos	232de85d17	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-01-10 13:03:03 +01:00
Nikos Mavrogiannopoulos	579cfc0ead	Added support for AES-256-CBC This enables support for AES-256 for anyconnect clients which do not support AES-GCM. Also prioritized the 256-bit ciphers higher than the 128-bit ones. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-07-20 21:58:49 +02:00
Nikos Mavrogiannopoulos	68c16a56b1	NEWS: updated for release Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-05-12 11:23:03 +02:00
Nikos Mavrogiannopoulos	3dc6f95a6a	released 0.12.1 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-05-12 08:17:22 +02:00
Nikos Mavrogiannopoulos	807ce345de	main: create a sec-mod socket file independent of pid That addresses the issue of not being able to run under systemd, or under non-forking mode. Added test case to detect proper operation. Resolves #154 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-05-11 22:04:28 +02:00
Nikos Mavrogiannopoulos	e1c3ed95b0	doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-05-04 23:37:34 +02:00
Nikos Mavrogiannopoulos	094145bf54	configure: refuse to compile with known dependency issues In particular require gnutls 3.5.5 which fixes cleanups in gnutls_certificate_set_key(), or a recent version of the 3.3.x branch. When forced to use a broken version work-around issues (at the cost of a memory leak). Resolves #152 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-05-04 23:21:37 +02:00
Nikos Mavrogiannopoulos	66656388c6	bumped version Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-22 10:43:29 +02:00
Nikos Mavrogiannopoulos	d6332cd428	proc_table_update_ip: do not update IP if the previous IP is not found That adds a safety net in case there is a mismatch of IPs, to prevent adding two entries in the hashtable for the same IP. Resolves #146 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-02 23:04:39 +02:00
Nikos Mavrogiannopoulos	bd5ad4d7c3	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-01 13:31:59 +02:00
Nikos Mavrogiannopoulos	e09f54ea77	NEWS: document only entries which are not available in 0.11.x branch Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-22 08:46:26 +01:00
Nikos Mavrogiannopoulos	1aa3056849	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-21 12:55:04 +01:00
Nikos Mavrogiannopoulos	ecf9132495	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-06 20:42:33 +01:00
Nikos Mavrogiannopoulos	cc12fe7131	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-27 07:04:28 +01:00
Nikos Mavrogiannopoulos	5ebea1e475	doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-02-22 19:59:12 +01:00
Nikos Mavrogiannopoulos	dbaecfa80e	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-23 21:11:39 +01:00
Nikos Mavrogiannopoulos	8ebe287f1c	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-17 20:50:54 +01:00
Nikos Mavrogiannopoulos	2559d68366	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-14 19:14:56 +01:00
Nikos Mavrogiannopoulos	f6a6f0bc34	bumped version Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-07 16:34:37 +01:00

1 2 3 4 5 ...

440 Commits