78 Commits

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	aa9c401cac	Prevent clients with a broken GnuTLS version from connecting using DTLS ... That prevents clients that send an all-zero DTLS client hello from being able to establish a connection. That also introduces the OCSERV_ALLOW_BROKEN_CLIENTS environment variable which when set to 1 it allows broken clients to connect. This is used mainly to allow test cases to pass to existing vulnerable systems in our CI. Resolves: #277 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-04-03 12:51:22 +02:00
Nikos Mavrogiannopoulos	88059e43ac	.gitlab-ci.yml: no longer test on Centos6 ... This is a very old platform with old openconnect available in EPEL. We do not need to keep compatibility with it. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-16 22:56:18 +01:00
Nikos Mavrogiannopoulos	3544e3ee2b	tests: verify environment under Apple clients ... Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-16 22:21:37 +01:00
Nikos Mavrogiannopoulos	c4759fd334	.gitlab-ci.yml: introduce run with -Werror ... This allows catching warnings that could have slipped in. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2020-03-12 19:47:50 +01:00
Alan Jowett	b43e782b12	Add support for RFC6750 bearer tokens to ocserv ... This permits the validation of OpenID Connect auth tokens OpenID Connect is an OAuth 2.0 protocol used to identify a resource owner (VPN client end-user) to a resource server (VPN server) intermediated by an Authorization server. Resolves: #240 Signed-off-by: Alan TG Jowett <alan.jowett@microsoft.com>	2020-03-09 21:48:04 +01:00
Nikos Mavrogiannopoulos	6558653c4b	.gitlab-ci.yml: include the right build in schedules [ci skip] ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-02-26 12:48:10 +01:00
Nikos Mavrogiannopoulos	85108c7598	.gitlab-ci.yml: corrected 'only' use in coverity build ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-02-26 12:43:34 +01:00
Nikos Mavrogiannopoulos	91de6c889e	Merge branch 'tmp-coverity' into 'master' ... .gitlab-ci.yml: coverity jobs only run on schedules See merge request openconnect/ocserv!138	2020-02-22 23:21:16 +00:00
Nikos Mavrogiannopoulos	bc092793f0	.gitlab-ci.yml: coverity jobs only run on schedules ... Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-02-22 23:43:48 +01:00
Nikos Mavrogiannopoulos	c3ff69e7c4	added ubuntu18 build and minor cleanup ... Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-02-22 22:43:55 +01:00
Nikos Mavrogiannopoulos	a6994ef1e7	.gitlab-ci.yml: specify the master branch coverity and web pages generation runs ... Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-02-13 23:04:38 +01:00
Nikos Mavrogiannopoulos	613242f343	.gitlab-ci.yml: added epel8 rpm build ... Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-02-13 23:02:55 +01:00
Nikos Mavrogiannopoulos	476638a52a	.gitlab-ci.yml: avoid the use of '&&' ... gitlab CI will often mask a failure when multiple '&&' are present. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-02-13 22:50:00 +01:00
Nikos Mavrogiannopoulos	f4126fa095	.gitlab-ci.yml: change raddb permissions ... Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-02-13 22:45:42 +01:00
Nikos Mavrogiannopoulos	a8d34a80b9	tests: radius: save log on CI failure ... Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-02-13 22:25:13 +01:00
Nikos Mavrogiannopoulos	fc901e03c4	.gitlab-ci.yml: use parallel builds ... Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-02-13 22:06:22 +01:00
Nikos Mavrogiannopoulos	243c5e9fa2	.gitlab-ci.yml: added centos8 build ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-02-11 12:33:39 +01:00
Nikos Mavrogiannopoulos	9bd3c136e1	.gitlab-ci.yml: run jobs on linux only ... Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-01-26 09:25:44 +01:00
Nikos Mavrogiannopoulos	c9e907c841	tests: replaced docker-based kerberos test case with one that runs in CI ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-11-17 14:51:21 +01:00
Nikos Mavrogiannopoulos	a5a1b2d62f	.gitlab-ci.yml: added coverity build ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-10-23 10:37:46 +02:00
Nikos Mavrogiannopoulos	5247833d91	.gitlab-ci.yml: build rpm as part of the CI process ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-07-01 21:56:03 +02:00
Nikos Mavrogiannopoulos	15380220ac	tests: rewrite the radius tests using namespaces ... This simplifies the test and makes it runnable in our CI. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-06-03 22:47:23 +02:00
Nikos Mavrogiannopoulos	6cac225203	tests: make ping cmd functional in centos7,6 ... It requires the '-6' option to be able to function with IPv6 addresses. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-03-12 17:21:17 +01:00
Nikos Mavrogiannopoulos	383c25e239	.gitlab-ci.yml: run code coverage with -O0 ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-01-30 19:23:05 +01:00
Nikos Mavrogiannopoulos	385af4e831	.gitlab-ci.yml: ensure gcov scripts are writeable ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-01-20 06:44:29 +01:00
Nikos Mavrogiannopoulos	27c83dcf42	tests: consistently disable isolate-workers in tests ... That is to prevent coverage reporting in tests. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-01-20 06:43:47 +01:00
Nikos Mavrogiannopoulos	a67c45099f	.gitlab-ci.yml: removed XFAIL from centos6; previous changes seem to fix it ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-01-10 19:30:36 +01:00
Nikos Mavrogiannopoulos	a5502022c2	.gitlab-ci.yml: skip Centos6 tests that fail ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-01-06 20:07:53 +01:00
Nikos Mavrogiannopoulos	c9c50909b9	.gitlab-ci.yml: disabled asan job as it conflicts with cwrap tools in F28 ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-07-23 21:18:44 +02:00
Nikos Mavrogiannopoulos	4f79db43b6	.gitlab-ci.yml: parallelize make check in fedora build ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-07-20 22:15:42 +02:00
Nikos Mavrogiannopoulos	5a2bed6a58	.gitlab-ci.yml: updated for new debian build name ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-06-26 03:26:13 +02:00
Nikos Mavrogiannopoulos	6bc5da342f	.gitlab-ci.yml: updated for new project ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-06-26 03:13:35 +02:00
Nikos Mavrogiannopoulos	ece70b0d6c	configure: always work-around brokenness of gnutls_certificate_set_key ... That is, instead of requiring the user to explicitly pass --with-broken-gnutls warn at the end of the configure script. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-05-12 05:20:02 +00:00
Nikos Mavrogiannopoulos	094145bf54	configure: refuse to compile with known dependency issues ... In particular require gnutls 3.5.5 which fixes cleanups in gnutls_certificate_set_key(), or a recent version of the 3.3.x branch. When forced to use a broken version work-around issues (at the cost of a memory leak). Resolves #152 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-05-04 23:21:37 +02:00
Nikos Mavrogiannopoulos	b4bb6c2049	.gitlab-ci.yml: do not use PAM under asan ... PAM tests would fail due to address sanitizer not detecting the stack switches. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-14 18:55:10 +02:00
Nikos Mavrogiannopoulos	eb41aa8f45	.gitlab-ci.yml: corrected run of ubsan/asan ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-14 14:23:21 +02:00
Nikos Mavrogiannopoulos	017bd414f9	.gitlab-ci.yml: update code coverage ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-05 20:09:36 +02:00
Nikos Mavrogiannopoulos	265e30dab7	tests: full-test was moved into traffic test ... The new traffic test only requires namespaces and no docker. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-05 20:06:27 +02:00
Nikos Mavrogiannopoulos	7b4c1bae5a	.gitlab-ci.yml: added ubsan build ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-12 21:56:03 +01:00
Nikos Mavrogiannopoulos	dfab7f6e30	Create coverage report and depend on pre-built CI images ... It will be made available at: https://ocserv.gitlab.io/ocserv/coverage/ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-12 21:54:44 +01:00
Nikos Mavrogiannopoulos	26bc265652	.gitlab-ci.yml: disabled rawhide build ... The fedora image is broken since long time. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-02 19:36:18 +01:00
Nikos Mavrogiannopoulos	83d37ace16	.gitlab-ci.yml: rawhide: do not rely on tcp wrappers ... They are no longer part of Fedora28. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-02-19 16:07:43 +01:00
Nikos Mavrogiannopoulos	7d762748db	.gitlab-ci.yml: corrected artifacts dir in builds ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-30 20:19:58 +01:00
Nikos Mavrogiannopoulos	760199a33c	doc: man-pages are modified to be generated using ronn ... That eliminates the need for autogen and also combines doc/sample.config and manpage contents. Now the doc/sample.config is the primary config documentation location. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos	1b8079a11a	Replaced the configuration parser with inih parser ... That eliminates the dependency on libopts as well as autogen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos	cbac133b07	.gitlab-ci.yml: added a -Werror build under F27 ... That helps catch any potential issues early. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos	ba92389b0c	.gitlab-ci.yml: correctly point to scan-build artifacts ... Also added missing gperf package. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-14 19:14:56 +01:00
Nikos Mavrogiannopoulos	2134f139a2	.gitlab-ci.yml: added fedora rawhide build ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-11-19 16:42:58 +01:00
Nikos Mavrogiannopoulos	6bf1341c21	.gitlab-ci.yml: root tests are run on CI systems ... Because these tests can only be run in-tree, the CI builds were switched to be in-tree, except for FreeBSD build which now runs out-of-tree. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-09-09 11:35:14 +02:00
Nikos Mavrogiannopoulos	3b01e2addc	.gitlab-ci.yml: use fedora26 for address sanitizer ... Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-09-09 10:56:29 +02:00