GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
390 Commits 19 Branches 88 Tags
e91fca55b4c7bf5dccdba9524c8bba2106988a41
Commit Graph

390 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
e91fca55b4 autogen'ed files update 2013-06-26 16:28:52 +02:00
Nikos Mavrogiannopoulos
e5def94e6a Advanced auth implemented 2013-06-26 16:28:35 +02:00
Nikos Mavrogiannopoulos
cbcdbd2fb2 Revert "Use the new type of XML" 
This reverts commit 2163836ad8.
 2013-06-22 16:45:21 +02:00
Nikos Mavrogiannopoulos
326ff002d6 Revert "simplified opaque handling" 
This reverts commit 0af9c45e8c.
 2013-06-22 16:45:14 +02:00
Nikos Mavrogiannopoulos
0af9c45e8c simplified opaque handling 2013-06-22 08:39:07 +02:00
Nikos Mavrogiannopoulos
2163836ad8 Use the new type of XML 2013-06-21 20:39:25 +02:00
Nikos Mavrogiannopoulos
e63913a8a7 set PAM_RHOST variable using the clients's IP. 2013-06-21 20:37:09 +02:00
Nikos Mavrogiannopoulos
f1d96bdd0a bumped version ocserv_0_1_4 2013-06-15 22:56:11 +02:00
Nikos Mavrogiannopoulos
3dade4c305 ensure that the actual reads on DTLS are at maximum MTU-1. 2013-06-12 22:10:59 +02:00
Nikos Mavrogiannopoulos
84017d8593 bumped version ocserv_0_1_3 2013-06-12 13:33:56 +02:00
Nikos Mavrogiannopoulos
e9be6eff7d corrected values returned in X-CSTP-MTU and X-DTLS-MTU 2013-06-10 19:39:19 +02:00
Nikos Mavrogiannopoulos
1521a3caaa Removed ability to send binary files. 2013-06-07 11:36:34 +02:00
Nikos Mavrogiannopoulos
e50059b385 use X-SALSA20 to avoid any future conflicts 2013-06-07 11:33:15 +02:00
Nikos Mavrogiannopoulos
b61b31e40b keep the connection alive 2013-06-03 22:13:23 +02:00
Nikos Mavrogiannopoulos
3e19393936 do not try to send binaries if no path is setup 2013-06-03 22:12:43 +02:00
Nikos Mavrogiannopoulos
754321c9e6 reorganized compatibility layer 2013-05-31 18:06:11 +02:00
Nikos Mavrogiannopoulos
10246b78c4 Allow downloading raw files from 1/binaries 2013-05-31 17:29:52 +02:00
Nikos Mavrogiannopoulos
92fb37672d doc update 2013-05-27 22:43:05 +02:00
Nikos Mavrogiannopoulos
5be935dfd8 use gnutls_privkey_sign_hash() when available. 2013-05-27 22:39:29 +02:00
Nikos Mavrogiannopoulos
47587f9bf9 Check X-CSTP-Address-Type and don't send addresses that were not requested. 2013-05-27 22:27:35 +02:00
Nikos Mavrogiannopoulos
5783cd760b Added gettimeofday in the list of syscalls 2013-05-23 16:58:54 +02:00
Nikos Mavrogiannopoulos
1a3b4911b9 bumped version 2013-05-23 16:08:33 +02:00
Nikos Mavrogiannopoulos
96a7f04237 doc update 2013-05-23 16:06:20 +02:00
Nikos Mavrogiannopoulos
2d4ac0bb3a updated seccomp code 2013-05-22 20:16:07 +02:00
Nikos Mavrogiannopoulos
81dca4ccdc more verbose printing of signal deaths 2013-05-22 16:21:33 +02:00
Nikos Mavrogiannopoulos
3271674773 simplified seccomp check 2013-05-22 16:08:27 +02:00
Nikos Mavrogiannopoulos
eb90dd78e3 use strtok() to parse client provided string. 2013-05-21 23:51:38 +02:00
Nikos Mavrogiannopoulos
489e0e1dc5 require gnutls 3.2.1 to enable salsa20 2013-05-21 23:38:03 +02:00
Nikos Mavrogiannopoulos
8ed0006c22 relax check on requirement on headers for libopts. 2013-05-21 22:41:57 +02:00
Nikos Mavrogiannopoulos
c723c70a3d more files to ignore 2013-05-20 11:22:10 +02:00
Nikos Mavrogiannopoulos
b3cdd31dca Added missing file 2013-05-20 11:03:50 +02:00
Nikos Mavrogiannopoulos
1519c0e4de updated header 2013-05-20 11:03:26 +02:00
Nikos Mavrogiannopoulos
8b21699089 updated license information 2013-05-20 11:03:08 +02:00
Nikos Mavrogiannopoulos
e5fd319026 emulate gettime 2013-05-20 11:01:29 +02:00
Nikos Mavrogiannopoulos
7eef598a29 updated gnulib 2013-05-20 10:56:54 +02:00
Nikos Mavrogiannopoulos
3b158b19b4 doc fix 2013-05-19 20:08:02 +02:00
Nikos Mavrogiannopoulos
026c31e72a do not restrict worker's memory 2013-05-19 19:05:13 +02:00
Nikos Mavrogiannopoulos
f803b2bdf6 estream ciphersuite was given priority 2013-05-19 14:10:08 +02:00
Nikos Mavrogiannopoulos
dac888f1f5 increased priority 2013-05-19 11:53:01 +02:00
Nikos Mavrogiannopoulos
d98a9c48c2 print DTLS ciphersuite 2013-05-19 11:24:00 +02:00
Nikos Mavrogiannopoulos
d568b4f920 doc update 2013-05-18 22:46:35 +02:00
Nikos Mavrogiannopoulos
5646c055a1 added missing files. 2013-05-18 17:29:10 +02:00
Nikos Mavrogiannopoulos
3be923c778 configure proceeds if regex library isn't found 2013-05-18 15:40:32 +02:00
Nikos Mavrogiannopoulos
f0afab6782 corrected cipher names 2013-05-17 22:01:53 +02:00
Nikos Mavrogiannopoulos
e8458828ee Allow for a ciphersuite negotiation 2013-05-17 21:15:24 +02:00
Nikos Mavrogiannopoulos
766d3bec7e small fixes 2013-05-17 20:21:08 +02:00
Nikos Mavrogiannopoulos
e679fd643f reorganized HTTP header reading. 2013-05-17 20:07:58 +02:00
Nikos Mavrogiannopoulos
0aff05f0d2 corrected typo 2013-05-17 08:35:29 +02:00
Nikos Mavrogiannopoulos
9a39ec0ce6 documented fix 2013-05-16 23:10:32 +02:00
Faidon Liambotis
3071bda08a Make seccomp failures non-fatal & lower log prio 
Building a binary with --enable-seccomp and then running it on a < 3.5
kernel, results in seccomp_load() failing and ocserv's worker process
aborting. This might be okay-ish for users who ./configure && make
install on their own systems but it's obviously non-ideal for e.g.
distributions that need to distribute binaries.

Unfortunately there doesn't seem to be a good way (that I could find) to
check if the running kernel has seccomp -- uname/uts isn't a good
solution as Ubuntu has backported it to 3.2, custom kernels might have
CONFIG_SECCOMP=n etc.

So, this makes a tradeoff call and removes the exit_worker() call on
seccomp failures, lowers the seccomp error logs to LOG_DEBUG from
LOG_WARNING and the "could not disable system calls" to LOG_INFO from
LOG_ERR.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2013-05-16 23:01:38 +02:00