ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	e5c60a7a44	Limit the number of TLS resumption requests to one.	2014-05-28 10:32:35 +02:00
Nikos Mavrogiannopoulos	3a18882a40	Store a hash of the client's cookie instead of the cookie itself. That ensures that the cookies cannot be leaked from the server. On a hash collision, the IP of the other cookie in use will be hijacked.	2014-05-28 10:13:08 +02:00
Nikos Mavrogiannopoulos	0f0cf31a79	zeroize cookies and TLS session data after read.	2014-05-28 10:11:17 +02:00
Nikos Mavrogiannopoulos	7ccdba8234	doc update	2014-05-27 16:04:53 +02:00
Nikos Mavrogiannopoulos	aaa06e3157	TLS sessions expire the at cookie timeout.	2014-05-27 16:01:14 +02:00
Nikos Mavrogiannopoulos	a872850b1e	better printing of module name.	2014-05-27 16:01:09 +02:00
Nikos Mavrogiannopoulos	68071646c6	Report the number of active cookies and TLS resumed sessions to occtl	2014-05-27 16:01:03 +02:00
Nikos Mavrogiannopoulos	25fbdfbf70	Keep track of cookies internally. That allows to restrict the cookie validity time to the absolutely minimum required to establish and reconnect a recently disconnected session. That deprecates the cookie-validity option and introduces the cookie-timeout option.	2014-05-27 16:00:57 +02:00
Nikos Mavrogiannopoulos	a2728265b3	corrected safe_memset() of expired sessions.	2014-05-27 15:59:22 +02:00
Nikos Mavrogiannopoulos	01211c610c	Allow memset of zero	2014-05-27 15:58:12 +02:00
Nikos Mavrogiannopoulos	0586e4c5fa	Simplified the TLS hash table initialization.	2014-05-27 15:00:13 +02:00
Nikos Mavrogiannopoulos	8c82e8c96c	Overwrite TLS session data prior to release.	2014-05-27 14:56:30 +02:00
Nikos Mavrogiannopoulos	b4fcf4df82	use macros for reason messages	2014-05-27 11:00:30 +02:00
Nikos Mavrogiannopoulos	2e1c1bb29f	require the certificate being present on the sec-mod session initialization.	2014-05-27 10:46:16 +02:00
Nikos Mavrogiannopoulos	cdddc3df0a	Better HTTP error messages.	2014-05-27 10:45:28 +02:00
Nikos Mavrogiannopoulos	a2b0898821	doc update	2014-05-27 10:34:15 +02:00
Joerg Mayer	d879c9761a	ocserv: Fix out of tree builds Signed-off-by: Joerg Mayer <jmayer@loplof.de>	2014-05-27 09:32:29 +02:00
Nikos Mavrogiannopoulos	843883750c	enable cisco-client-compat in cert test	2014-05-27 09:00:34 +02:00
Nikos Mavrogiannopoulos	b5d5e3cb36	do not deny roaming by default	2014-05-26 13:04:16 +02:00
Nikos Mavrogiannopoulos	7e06e1acfb	Return 401 error on cookie authentication failure.	2014-05-25 18:50:43 +02:00
Nikos Mavrogiannopoulos	c7653e2844	doc update	2014-05-25 10:17:54 +02:00
Nikos Mavrogiannopoulos	7ba0fffb07	Added the configuration option deny-roaming. That required moving the read of the group configuration during the cookie authentication phase.	2014-05-25 10:17:28 +02:00
Nikos Mavrogiannopoulos	4b91005118	released 0.8.0pre0	2014-05-24 14:38:24 +02:00
Nikos Mavrogiannopoulos	78132e2a6d	Added auto group listing on PAM authentication as well. In addition a configuration option to print group IDs over a certain number was added.	2014-05-23 16:36:48 +02:00
Nikos Mavrogiannopoulos	d3f701fba5	ensure that the group table isn't overflowed.	2014-05-23 16:01:26 +02:00
Nikos Mavrogiannopoulos	618a386f73	doc update	2014-05-23 13:31:05 +02:00
Nikos Mavrogiannopoulos	213f9a63ee	license upgraded to GPLv3	2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos	21aba3d3e7	test-pam: better messages	2014-05-23 11:45:35 +02:00
Nikos Mavrogiannopoulos	8eec409803	remove const from temp variables.	2014-05-23 11:43:08 +02:00
Nikos Mavrogiannopoulos	de50dd413b	Better auth log messages.	2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos	978e89c53f	re-use the string replace API for route add/del replacements.	2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos	d51a7cb7e7	re-use the string replace API for route add/del replacements.	2014-05-23 11:32:07 +02:00
Nikos Mavrogiannopoulos	57d848d228	The replaced keywords were put into brackets.	2014-05-23 11:19:42 +02:00
Nikos Mavrogiannopoulos	92565e1f5d	check for allocation error in custom header replacement.	2014-05-23 11:11:42 +02:00
Nikos Mavrogiannopoulos	51494e0df1	doc update	2014-05-23 11:08:23 +02:00
Nikos Mavrogiannopoulos	0a1f5f0f55	The custom header options allows %U and %G.	2014-05-23 11:07:39 +02:00
Nikos Mavrogiannopoulos	28943341db	Added the proxy-url option to allow sending a proxy URL. This corresponds to the X-CSTP-MSIE-Proxy-Pac-URL CSTP header.	2014-05-23 11:04:30 +02:00
Nikos Mavrogiannopoulos	9eeffef280	doc update	2014-05-22 13:48:46 +02:00
Nikos Mavrogiannopoulos	2276acf57b	limit the cookie validity time to 3 hours in the configuration examples.	2014-05-22 13:48:09 +02:00
Nikos Mavrogiannopoulos	6dcc9acf77	Restrict cookies to a single IP address.	2014-05-21 16:19:07 +02:00
Nikos Mavrogiannopoulos	6ca3c4761c	Cookies are packed using protocol buffers to reduce their size.	2014-05-21 16:11:05 +02:00
Nikos Mavrogiannopoulos	8ba0d563f0	Do not call close() twice. Issue spotted by coverity.	2014-05-21 14:54:18 +02:00
Nikos Mavrogiannopoulos	11a78970bb	Correctly check for network name. Issue spotted using coverity.	2014-05-21 14:52:10 +02:00
Nikos Mavrogiannopoulos	e027dfd422	Corrected check for group list sending to client.	2014-05-21 14:48:19 +02:00
Nikos Mavrogiannopoulos	fce30e0513	doc update	2014-05-21 14:37:50 +02:00
Nikos Mavrogiannopoulos	0ed82312e9	Allow an empty friendly_group_list (in auto-select-group).	2014-05-21 14:23:02 +02:00
Nikos Mavrogiannopoulos	fbdcaa82ca	Make pid-file an array to avoid issues with memory allocation.	2014-05-21 14:16:00 +02:00
Nikos Mavrogiannopoulos	7eb80a3c01	corrected filename	2014-05-21 13:52:34 +02:00
Nikos Mavrogiannopoulos	5b8b3b1aa7	When a client has already selected a group, re-order our group selection form. This is required by some Anyconnect clients and the openconnect android app.	2014-05-21 12:40:05 +02:00
Nikos Mavrogiannopoulos	177c1c95bd	Allow aliases to group names.	2014-05-21 12:25:26 +02:00

1 2 3 4 5 ...

1183 Commits