GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,659 Commits 19 Branches 88 Tags
d6d5680249cbaeeb046f6c91124f6aaced27e95e
Commit Graph

125 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
a7c3c4f1bc Regenerated expired certificates and updated scripts for new ones 
Also added rules and templates to regenerate certificates when
needed.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-02 06:15:45 +02:00
Nikos Mavrogiannopoulos
d98a06e143 Fixed operation of make distcheck 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-05-08 09:43:16 +02:00
Nikos Mavrogiannopoulos
3610b9f4f8 .gitlab-ci.yml: moved distcheck to noprocfs 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-05-07 14:40:50 +02:00
Nikos Mavrogiannopoulos
fb31fb4740 .gitlab-ci.yml: test distcheck not just dist 
This will detect issues that show up on release time.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-05-07 14:25:48 +02:00
Nikos Mavrogiannopoulos
e7a9529051 improved code coverage identification 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2022-12-02 19:59:52 +01:00
Dimitri Papadopoulos
c009134915 Add codespell CI runner 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2021-12-23 10:04:30 +01:00
Nikos Mavrogiannopoulos
cffd7d23b3 fedora: updated to 35 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-12-22 19:38:16 +01:00
Nikos Mavrogiannopoulos
ceebc11cc4 tests: check functionality of an IPv6 net with prefix 127 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-31 22:26:16 +01:00
Nikos Mavrogiannopoulos
807250f78e cppcheck: ignore SELF_TEST in ccan/hash 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-09-13 22:17:57 +02:00
Nikos Mavrogiannopoulos
3c783faaa2 .gitlab-ci.yml: removed epel RPM builds on second stage 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 22:55:19 +02:00
Nikos Mavrogiannopoulos
173b5abd56 .gitlab-ci.yml: updated fedora image name 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:42:51 +02:00
Nikos Mavrogiannopoulos
3d5981c0f2 .gitlab-ci.yml: enabled more tests on ubuntu20.04 minimal 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 22:43:46 +02:00
Nikos Mavrogiannopoulos
59e4539736 .gitlab-ci.yml: merged options from minimal and Ubuntu minimal 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 22:19:00 +02:00
Nikos Mavrogiannopoulos
44bff9ce5e .gitlab-ci.yml: corrected syntax 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 13:27:27 +01:00
Nikos Mavrogiannopoulos
39a86845cb .gitlab-ci.yml: RPM/epel8: undo downstream patch 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 11:44:50 +01:00
Nikos Mavrogiannopoulos
3702debb95 README.md: no longer recommend pcllib 
It is a very small library that doesn't change, not used by
any other projects and we bundle it. Let's use the bundled
version by default.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 09:29:45 +01:00
Nikos Mavrogiannopoulos
a2e2bf0053 .gitlab-ci.yml: ubuntu: enabled nuttcp tests 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-03 10:57:32 +01:00
Nikos Mavrogiannopoulos
6d8bcb4795 .gitlab-ci.yml: do not use --disable-maintainer-mode 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-12 16:55:01 +01:00
Nikos Mavrogiannopoulos
dfadd45b9b Makefile: removed unused rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-12 16:37:25 +01:00
Nikos Mavrogiannopoulos
940e489500 .gitlab-ci.yml: i386/Debian: do not run on schedules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-21 16:30:09 +02:00
Nikos Mavrogiannopoulos
b7575cc220 tests: fixed space after \ 
Also ensure that similar warnings are treated as errors
in CI.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-18 21:15:40 +02:00
Alan Jowett
afe437f8eb Raise warning level on malloc to catch double frees earlier. 
Signed-off-by: Alan Jowett alan.jowett@microsoft.com
 2020-10-09 09:39:35 -06:00
Nikos Mavrogiannopoulos
d0a509c6c3 tests: introduced new proxy protocol tests 
This replaces the old no longer used "docker-tests".

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 21:32:27 +02:00
Nikos Mavrogiannopoulos
0ecef93423 .gitlab-ci.yml: reenable address sanitizer 
This disables all the tests that use LD_PRELOAD, and thus limits
the test suite on the tests that are run as root.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 23:08:43 +02:00
Nikos Mavrogiannopoulos
7a3475951f Merge branch 'tmp-introduce-clang' into 'master' 
.gitlab-ci.yml: introduced clang compilation

See merge request openconnect/ocserv!203
 2020-08-03 13:36:15 +00:00
Nikos Mavrogiannopoulos
0fa951a06b .gitlab-ci.yml: introduced clang compilation 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-03 14:54:59 +02:00
Nikos Mavrogiannopoulos
0aed7584d9 Merge branch 'tmp-add-x86' into 'master' 
.gitlab-ci.yml: added i386 build

See merge request openconnect/ocserv!158
 2020-07-31 12:31:53 +00:00
Nikos Mavrogiannopoulos
1759bfdc4f .gitlab-ci.yml: added i386 build 
This introduces an i386 CI build to catch issues that relate
to 32-bit systems.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-31 13:50:37 +02:00
Nikos Mavrogiannopoulos
ce1911ffca .gitlab-ci.yml: added auto-triage rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-28 21:39:28 +02:00
Nikos Mavrogiannopoulos
d0a12f6d8e .gitlab-ci.yml: coverity: use centos8 image 
This addresses incompatibilities with Fedora32.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:19 +02:00
Nikos Mavrogiannopoulos
0811d7d46b coverity: enable OIDC and latency stats in coverity run 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-23 09:00:20 +02:00
Nikos Mavrogiannopoulos
a1f5fbf206 .gitlab-ci.yml: reduce unnecessary runs in schedules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-23 08:57:46 +02:00
Nikos Mavrogiannopoulos
0d1ae8a53d .gitlab-ci.yml: updated ubuntu build to 20.04 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-18 21:30:12 +02:00
William Dauchy
f4c7d41d14 add basic namespace support for listen address 
- this patch adds `listen-netns` parameter
- when set the listening socket will be created in the given namespace

it allows to properly segregate your traffic:
- do the backend traffic in the root namespace
- receive the VIP traffic in a given namespace

All this patch is widely inspired by haproxy implementation which allows
to bind each IP in a given namespace.

Resolves: #316

Signed-off-by: William Dauchy <w.dauchy@criteo.com>
 2020-07-13 18:11:30 +02:00
Nikos Mavrogiannopoulos
541bf6f137 .gitlab-ci.yml: added alpine linux CI run 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-11 12:54:26 +02:00
Alan Jowett
be17dac16f OpenBSD lacks support for procfs 
Based on
60641282df.

Snapshot of config files are used to ensure that ocserv-sm and
ocserv-worker remain in sync. These snapshots are anonymous files that
are passed via a file descriptor. A worker creates a new file
description and file descriptor by using open(2) on /proc/self/fd.
Unfortunately OpenBSD lacks support for procfs.

Instead of using snapshot of config files let workers use the config
files.

While here add a note to README.md about this limitation, and add a CI
run (from @nmav).

Signed-off-by: Björn Ketelaars <bjorn.ketelaars@hydroxide.nl>
 2020-07-01 16:20:46 +02:00
Nikos Mavrogiannopoulos
fc5a1580e0 .gitlab-ci.yml: updated for new spec file 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-29 12:06:35 +02:00
Nikos Mavrogiannopoulos
1da9c1b3b0 .gitlab-ci.yml: fix rpm generation 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-16 22:17:07 +02:00
Alan Jowett
722e030e58 Add reporting of RX latency 
Resolve: #258

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-05-26 18:14:36 -06:00
Alan Jowett
ce66485ee6 Uses fork/exec to limit memory footprint of ocserv-worker processes 
Capture all the required worker process state in a protobuf and
pass to worker via env. Snapshot all config files to ensure ocserv-sm
and ocserv-worker remain in sync. Split ocserv-worker functionality
into it's own executable with minimal dependencies.

Resolves: #285

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-05-25 08:33:16 +02:00
Nikos Mavrogiannopoulos
7f7bb95f81 .gitlab-ci.yml: fix rpm generation testing when version matches 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-16 11:53:35 +02:00
Nikos Mavrogiannopoulos
03b05526c3 tests: check whether ipv6 interface is up 
Relates: #301

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-13 06:16:27 +02:00
Nikos Mavrogiannopoulos
350250ea82 worker: allow filtered calls to fail with a trap 
This adds a fedora CI run to with filtered calls failing
with a signal in order to detect missing syscalls from our filters.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-10 21:45:05 +02:00
Nikos Mavrogiannopoulos
4e00087b57 .gitlab-ci.yml: the freebsd system became unavailable 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-02 06:10:08 +02:00
Alan Jowett
7e5052782e Remove unused code when --disable-compression is set. 
Resolves: #291

Singed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-04-27 09:18:09 -06:00
Alan Jowett
8cac05dac2 Remove unused code when --disable-anyconnect-compat is set. 
Resolves: #290

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-04-26 13:10:10 -06:00
Nikos Mavrogiannopoulos
fd2bd42cb2 .gitlab-ci.yml: corrected kerberos tests 
This also corrects the kerberos test script environment
to enable running the test.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-04-10 23:06:07 +02:00
Nikos Mavrogiannopoulos
aa9c401cac Prevent clients with a broken GnuTLS version from connecting using DTLS 
That prevents clients that send an all-zero DTLS client hello from being
able to establish a connection.

That also introduces the OCSERV_ALLOW_BROKEN_CLIENTS environment variable
which when set to 1 it allows broken clients to connect. This is used
mainly to allow test cases to pass to existing vulnerable systems in our
CI.

Resolves: #277

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-04-03 12:51:22 +02:00
Nikos Mavrogiannopoulos
88059e43ac .gitlab-ci.yml: no longer test on Centos6 
This is a very old platform with old openconnect available in EPEL.
We do not need to keep compatibility with it.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-16 22:56:18 +01:00
Nikos Mavrogiannopoulos
3544e3ee2b tests: verify environment under Apple clients 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-16 22:21:37 +01:00