GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-19 13:26:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
981 Commits 19 Branches 88 Tags
f65e771e548d527a221aa24ff02ef693bc279e26
Commit Graph

56 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
f65e771e54 more verbose log message 2014-03-31 16:01:37 +02:00
Nikos Mavrogiannopoulos
be332174f8 Simplified debugging by allowing multiple levels. 
'ocserv -d' now accepts a numeric option from 0 (no debugging) to 9
(maximum verbosity).
 2014-02-17 20:19:39 +01:00
Nikos Mavrogiannopoulos
dd3bd9dcdd Do not enforce safe negotiation on the main TLS channel. 
This is only set when in CISCO compatibility mode, as CISCO clients
come from the past.
 2014-02-14 21:35:41 +01:00
Nikos Mavrogiannopoulos
d8162d3c0b when the client requests a rehandshake accept there request. 2014-01-21 17:24:29 +01:00
Nikos Mavrogiannopoulos
d454557649 replace always-require-cert with cisco-client-compat. 2014-01-18 11:19:19 +01:00
Nikos Mavrogiannopoulos
3d0a69e5f6 Indicate properly the status of TLS authentication when a client has reconnected. 2014-01-12 10:16:10 +01:00
Nikos Mavrogiannopoulos
cdba1ae374 Try to release as much memory as possible to be able to detect real memory leaks. 2014-01-09 17:27:49 +01:00
Nikos Mavrogiannopoulos
d8f1ec4473 print more details on certificate verification failure. 2013-12-08 08:41:06 +01:00
Nikos Mavrogiannopoulos
c0277bd9d3 corrected size of explicit nonce 2013-11-17 18:18:08 +01:00
Nikos Mavrogiannopoulos
1265b8949d be more precise in MTU calculation even without gnutls_est_record_overhead_size(). 2013-11-16 22:47:44 +01:00
Nikos Mavrogiannopoulos
39515e39f5 Better estimate the record overhead. 2013-11-16 22:30:44 +01:00
Nikos Mavrogiannopoulos
85f4db201c updated license information and authors 2013-11-05 19:38:30 +01:00
Nikos Mavrogiannopoulos
aa71216a65 updates in hash table usage. 2013-10-30 13:00:19 +01:00
Nikos Mavrogiannopoulos
009e76cac3 Do not wait for socket to be ready when sending DTLS data. 2013-10-04 09:40:46 +02:00
Kevin Cernekee
0de1a803d3 add missing GnuTLS version checks around >= v3.2.0 features 2013-07-07 23:12:24 +02:00
Nikos Mavrogiannopoulos
2fce51004b more fixes 2013-07-05 15:10:54 +02:00
Nikos Mavrogiannopoulos
cc44c63d42 avoid deinitializing garbage 2013-07-05 15:06:40 +02:00
Nikos Mavrogiannopoulos
e9be6eff7d corrected values returned in X-CSTP-MTU and X-DTLS-MTU 2013-06-10 19:39:19 +02:00
Nikos Mavrogiannopoulos
766d3bec7e small fixes 2013-05-17 20:21:08 +02:00
Nikos Mavrogiannopoulos
dd3571bc99 Updates for cisco's client. 2013-04-29 14:19:59 +03:00
Nikos Mavrogiannopoulos
376fea950f removed session ticket support 2013-03-24 18:53:30 +01:00
Nikos Mavrogiannopoulos
b994462ce1 depend on gnutls 3.1.10 2013-03-23 09:41:28 +01:00
Nikos Mavrogiannopoulos
82df00f0b0 updates in unix socket creation 2013-03-16 21:27:58 +01:00
Nikos Mavrogiannopoulos
72e086be00 combine writes to a single system call. 2013-03-15 18:49:54 +01:00
Nikos Mavrogiannopoulos
5a4ce846b7 The TLS private keys are kept into a privileged process. 
That process is called security-module (sec-mod) and communicates
with the workers using a unix domain socket.
 2013-03-15 17:47:38 +01:00
Nikos Mavrogiannopoulos
1eeb33d5d7 enable session tickets. 2013-03-11 19:49:33 +01:00
Nikos Mavrogiannopoulos
23977b5359 Added ability to specify multiple certificate and key pairs. 2013-03-07 09:51:50 +01:00
Nikos Mavrogiannopoulos
a0f1867c58 Allow setting DH parameters. 2013-03-07 09:19:25 +01:00
Nikos Mavrogiannopoulos
fcd075e6ac check the server certificate prior to initialization 2013-03-07 00:26:52 +01:00
Nikos Mavrogiannopoulos
67c6f0f4d5 Added sanity check on certificate and key reading. 2013-03-06 23:46:41 +01:00
Nikos Mavrogiannopoulos
6c54a37e69 Allow setting OCSP responses. 2013-03-05 01:42:25 +01:00
Nikos Mavrogiannopoulos
ef18851237 Added option to allow sending a cookie without the corresponding certificate. 
This option is required for the cisco clients, that do not always use the
client certificate. When this option is set to false it means that the cookie
itself is sufficient for authentication. This is bad practice of smart cards
are in use.
 2013-03-01 21:54:49 +01:00
Nikos Mavrogiannopoulos
41e8d020b5 Several updates to handle URLs requested by the cisco client. 2013-03-01 19:52:10 +01:00
Nikos Mavrogiannopoulos
2facb61dae message updates 2013-02-26 18:41:25 +01:00
Nikos Mavrogiannopoulos
e5198dd40f simplified TLS file load and reload. 2013-02-19 07:42:42 +01:00
Nikos Mavrogiannopoulos
214bec96f0 Load PINs early. 2013-02-19 07:35:11 +01:00
Nikos Mavrogiannopoulos
628877881d Added configuration options for PIN files. 2013-02-18 23:47:20 +01:00
Nikos Mavrogiannopoulos
59026fb8f1 Added some kind of path MTU discovery using DPD. 2013-02-15 22:23:35 +01:00
Nikos Mavrogiannopoulos
2262d1c34a postpone usage of cork and uncork 2013-02-13 21:10:25 +01:00
Nikos Mavrogiannopoulos
56d1847e29 corrected typo 2013-02-13 21:07:53 +01:00
Nikos Mavrogiannopoulos
7270341e62 write the correct PID in pid file 2013-02-12 18:57:05 +01:00
Nikos Mavrogiannopoulos
121b2491aa HUP signal reloads configuration 2013-02-12 18:57:05 +01:00
Nikos Mavrogiannopoulos
8ad4e50db6 ignore certificate in DTLS session 2013-02-09 13:22:19 +01:00
Nikos Mavrogiannopoulos
519f0a13ef Several changes to compile on old linux kernels, and in constrained libgnutls libraries 2013-02-09 12:15:55 +01:00
Nikos Mavrogiannopoulos
1f5f288742 fixes for newer gnutls 2013-02-08 18:20:30 +01:00
Nikos Mavrogiannopoulos
288766f628 use gnutls cork() and uncork() when available 2013-02-08 18:20:19 +01:00
Nikos Mavrogiannopoulos
bacf821953 cleaned up TLS code which was moved to tlslib 2013-02-08 18:20:17 +01:00
Nikos Mavrogiannopoulos
4370f88001 dropped dependency on gdbm. Cookies are stored in a hash. 2013-02-07 00:57:17 +01:00
Nikos Mavrogiannopoulos
10d9b144be Use CCAN hashes and lists. 2013-02-06 09:20:08 +01:00
Nikos Mavrogiannopoulos
2e43570fde deinitialize the TLS cache prior to fork 2013-02-05 09:03:58 +01:00