GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,870 Commits 19 Branches 88 Tags
fdaac88e37fc2d3c3959d48f12443add5deb1799
Commit Graph

1870 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
fdaac88e37 dbus: added new commands for ban/list 2015-04-03 10:38:17 +02:00
Nikos Mavrogiannopoulos
a35f020b32 server header moved to X-CSTP-Server 
That would allow viewing the server from openconnect verbose output.
 2015-04-02 15:59:02 +02:00
Nikos Mavrogiannopoulos
a9d562064a tlslib: define DTLS1_2 when needed 2015-03-31 13:37:43 +02:00
Nikos Mavrogiannopoulos
9ab82246de configure: no need to require libtasn1 3.9 2015-03-31 10:58:49 +02:00
Nikos Mavrogiannopoulos
3741cdb2f8 doc update 2015-03-31 10:46:22 +02:00
Nikos Mavrogiannopoulos
1483f51062 ciphersuite check is made dynamic 
That would allow ocserv to be compiled with GnuTLS earlier than
3.2.7 but still use GCM if linked with a proper version.
 2015-03-31 10:30:29 +02:00
Nikos Mavrogiannopoulos
e09eac37cb tests: docker-common includes common.sh 2015-03-31 10:14:19 +02:00
Nikos Mavrogiannopoulos
0967f05f8d sec-mod: do not impose timeouts on reads from main 2015-03-31 10:13:13 +02:00
Nikos Mavrogiannopoulos
eba415def6 tests: openconnect binary is now set in variable 2015-03-29 19:38:38 +02:00
Nikos Mavrogiannopoulos
9e3e039dc3 released 0.10.2 ocserv_0_10_2 2015-03-29 19:07:26 +02:00
Nikos Mavrogiannopoulos
4a40ec6afa reduce messages sent by main to sec-mod 2015-03-26 07:48:02 +01:00
Nikos Mavrogiannopoulos
bb5500854d bumped version 2015-03-26 07:12:46 +01:00
Nikos Mavrogiannopoulos
5395f481e8 tests: rely on fedora's openconnect for kerberos-test 2015-03-25 14:01:36 +01:00
Nikos Mavrogiannopoulos
8edbdf4292 doc update 2015-03-23 11:17:12 +01:00
Nikos Mavrogiannopoulos
7ea22d3aac receive SM_CMD_AUTH_BAN_IP_REPLY asynchronously to prevent race conditions 2015-03-23 11:13:26 +01:00
Nikos Mavrogiannopoulos
bf7394b091 worker: don't use getsockopt(TCP_MAXSEG) on unix sockets 
That avoids unhelpful warnings on the log. Reported by Claudio Luck.
 2015-03-17 12:30:10 +01:00
Nikos Mavrogiannopoulos
a2e33f71a1 tests: corrected full-test checks 2015-03-16 16:00:17 +01:00
Nikos Mavrogiannopoulos
cbed2ac57b doc update 2015-03-16 15:48:51 +01:00
Nikos Mavrogiannopoulos
f64e373084 worker: when receiving auth_cookie_reply from main update the SID 
That fixes an issue where the worker didn't know its correct
SID, because (1) we didn't always send the SID as cookie - corrected in
the previous patch, and (2) openconnect client doesn't honour all cookies,
only the webvpnc one. In all cases it is more trustworthy to check our
view of the SID rather than rely on the cookie.

Resolves issue with stats not being transmitted to sec-module when
using certificate authentication.
 2015-03-16 15:47:23 +01:00
Nikos Mavrogiannopoulos
89ecadf183 worker: always set the webvpncontext cookie 2015-03-16 15:41:14 +01:00
Nikos Mavrogiannopoulos
b9c9904903 full-test: set PORT_OCSERV 2015-03-16 14:07:05 +01:00
Nikos Mavrogiannopoulos
53aa95bc1e print unknown SIDs 2015-03-16 14:06:45 +01:00
Nikos Mavrogiannopoulos
e81c6755ee released 0.10.1 ocserv_0_10_1 2015-03-15 16:47:36 +01:00
Nikos Mavrogiannopoulos
419ac8ecff ensure that sendmsg and recvmsg don't get interrupted 2015-03-15 11:25:09 +01:00
Nikos Mavrogiannopoulos
872f39f777 sec-mod: handle unknown messages as bad commands 2015-03-15 11:20:42 +01:00
Nikos Mavrogiannopoulos
95b9f61f90 doc update 2015-03-15 11:14:00 +01:00
Nikos Mavrogiannopoulos
542597d08b bumped version 2015-03-14 19:24:33 +01:00
Nikos Mavrogiannopoulos
87fe1747b8 call session_close only when session_open has succeeded 2015-03-14 19:19:41 +01:00
Nikos Mavrogiannopoulos
fac64468dc tests: enhance test-cookie-timeout to detect issues with main-sec-mod not in sync 2015-03-14 19:15:47 +01:00
Nikos Mavrogiannopoulos
da29bb99f3 doc update 2015-03-14 18:57:59 +01:00
Nikos Mavrogiannopoulos
423540b757 tolerate session close in unusual cases, and avoid desync 2015-03-14 18:54:22 +01:00
Nikos Mavrogiannopoulos
6c1f88a090 sec-mod: only exit on ERR_BAD_COMMAND errors from main msg handler 2015-03-14 18:46:17 +01:00
Nikos Mavrogiannopoulos
00e775dac6 radius-test: include radius accounting test 2015-03-13 15:53:07 +01:00
Nikos Mavrogiannopoulos
fed17e005a config: simplified comparison 2015-03-12 09:12:47 +01:00
Nikos Mavrogiannopoulos
d3c0d6a2c8 icmp-ping: explicitly specify type 2015-03-12 09:12:47 +01:00
Nikos Mavrogiannopoulos
d9fb482361 configure: removed stray ',' 2015-03-12 09:12:47 +01:00
Nikos Mavrogiannopoulos
551f22f57c released 0.10.0 ocserv_0_10_0 2015-03-10 18:22:30 +01:00
Nikos Mavrogiannopoulos
54dfdf3d59 doc update 2015-03-06 13:56:25 +01:00
Nikos Mavrogiannopoulos
755f8ad6c2 document GSSAPI authentication 2015-03-06 13:49:22 +01:00
Nikos Mavrogiannopoulos
e3df6c9cf0 doc update 2015-03-06 13:42:50 +01:00
Nikos Mavrogiannopoulos
b27ff28971 updated sample.config 2015-03-04 10:28:15 +01:00
Nikos Mavrogiannopoulos
17edec6bc6 disable DTLS if there is no ciphersuite in common 2015-03-04 10:25:26 +01:00
Nikos Mavrogiannopoulos
642edaae59 doc update: mention that banning cannot be combined with listen-clear-file 2015-03-03 15:37:58 +01:00
Nikos Mavrogiannopoulos
adc8473328 chroot_dir, occtl_socket_file and socket_file_prefix were moved to permanent config options 2015-03-03 11:50:48 +01:00
Nikos Mavrogiannopoulos
b4347e4971 updated documentation with options that will be read in reload 2015-03-03 11:44:51 +01:00
Nikos Mavrogiannopoulos
cf483b046b increased the maximum configuration options to 96 
That allows for up to 96 routes to be sent by the server.
 2015-03-03 11:28:53 +01:00
Nikos Mavrogiannopoulos
81b6b6bd3c doc update 2015-03-03 11:26:44 +01:00
Nikos Mavrogiannopoulos
b732a6e91e doc update 2015-03-03 11:19:30 +01:00
Nikos Mavrogiannopoulos
3693f1baa5 tests: check whether local-map in gssapi is required by default 2015-03-03 11:13:28 +01:00
Nikos Mavrogiannopoulos
f33b7f9559 doc update 2015-03-03 11:06:54 +01:00