David Woodhouse [Thu, 27 May 2010 09:54:40 +0000 (10:54 +0100)]
Link to knetworkmanager bug for OpenConnect support
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 15 May 2010 08:23:37 +0000 (09:23 +0100)]
Tag version 2.25
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 13 May 2010 09:45:12 +0000 (10:45 +0100)]
Compare cert IP address with that of the server... not the proxy
We mustn't use vpninfo->peer_addr when validating the server's
certificate, because that could be the address of the proxy if we're
using one. Use the result of running inet_pton() on the hostname instead.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 21:15:50 +0000 (22:15 +0100)]
Print UTF8 form of URI in messages, not raw form
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 21:10:29 +0000 (22:10 +0100)]
Make parse_url preserve its input string
It still screws with it as it parses it, but at least it puts it back now.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 21:04:01 +0000 (22:04 +0100)]
Don't match URIs with a path component
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 21:02:16 +0000 (22:02 +0100)]
Remove stray debugging printf
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 20:28:15 +0000 (21:28 +0100)]
Remove stray break which stopped processing altnames after the first GEN_DNS
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 20:22:07 +0000 (21:22 +0100)]
Use ASN1_STRING_to_UTF8 for altnames
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 19:51:50 +0000 (20:51 +0100)]
Fix handling of GEN_URI altnames.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 19:37:01 +0000 (20:37 +0100)]
Fix memory leak on non-200 HTTP result
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 18:09:34 +0000 (19:09 +0100)]
Fix handling of GEN_IPADD altnames.
In particular, the length of the altname wasn't the same as the length
of the corresponding sockaddr.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 18:03:40 +0000 (19:03 +0100)]
Accept GEN_IPADD certificate altneme for raw IPv6 address without [] too.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 14:25:46 +0000 (15:25 +0100)]
Handle wildcards in hostname matching
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 11:39:23 +0000 (12:39 +0100)]
Attempt to handle GEN_IPADD in X509 altnames. Or at least not crash.
In particular, stop assuming that every altname is an ASN1_STRING and
using strlen() on what would be its data. If the untested support for
GEN_IPADD actually works, that's an added bonus.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 11 May 2010 12:44:14 +0000 (13:44 +0100)]
Add --no-cert-check option, update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 11 May 2010 11:17:57 +0000 (12:17 +0100)]
Add basic cert hostname matching
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 11 May 2010 10:59:40 +0000 (11:59 +0100)]
Add text-mode function for validating failed certs
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 11 May 2010 10:19:46 +0000 (11:19 +0100)]
Pass failure reason to validate_peer_cert()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 11 May 2010 10:14:41 +0000 (11:14 +0100)]
Always verify server certificate, even with no cafile
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 11 May 2010 09:42:47 +0000 (10:42 +0100)]
Clean up PKCS12_parse() bug workaround
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 10 May 2010 14:05:05 +0000 (15:05 +0100)]
Fix potential memory leak in load_pkcs12_certificate()
If there were certificates in the PKCS#12 file which didn't get used, they
would never be freed. Increase the refcount on the certs we _do_ use, and
then free the entire stack properly using sk_X509_pop_free().
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 10 May 2010 14:04:50 +0000 (15:04 +0100)]
Fix memory leak in verify_peer()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 9 May 2010 11:45:16 +0000 (12:45 +0100)]
Packages now in pkgsrc-wip
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 9 May 2010 00:46:53 +0000 (01:46 +0100)]
Update changelog, improve requirements documentation
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 9 May 2010 00:45:45 +0000 (01:45 +0100)]
Update README.DTLS to reflect current OpenSSL versions
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Pouya D. Tafti [Sat, 8 May 2010 20:33:23 +0000 (21:33 +0100)]
Fix libproxy support with pkgsrc
While preparing the new package I noticed that OpenConnect
was being built without libproxy support, due to the fact that
pkgsrc's libproxy installs proxy.h under ${PREFIX}/include and not
under ${PREFIX}/include/libproxy.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Pouya D. Tafti <p@san-serriffe.org>
David Woodhouse [Sat, 8 May 2010 19:14:51 +0000 (20:14 +0100)]
Make Solaris build more user-friendly w.r.t. installing TAP driver.
Tell the user what to do if the TAP driver is missing, and don't rely on them
removing Make.config so that the Makefile goes looking for it again.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 May 2010 19:11:44 +0000 (20:11 +0100)]
Tag version 2.24
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 May 2010 19:10:09 +0000 (20:10 +0100)]
Update to more permanent URL for pkgsrc package
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 May 2010 17:58:32 +0000 (18:58 +0100)]
Pointer to pkgsrc package
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 May 2010 17:23:35 +0000 (18:23 +0100)]
Document Ubuntu status
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 May 2010 16:53:07 +0000 (17:53 +0100)]
Create libopenconnect.a for GUI authentication dialogs to use.
Now that things have stabilised, it ought to be feasible for us to put
the NetworkManager auth-dialog in the network-manager-openconnect
package where it belongs. Knetworkmanager support for openconnect will need
to use it too.
A static library is the first step; ideally we'll be able to do a sane
dynamic library with a reasonable stable ABI and no namespace pollution.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 May 2010 15:22:36 +0000 (16:22 +0100)]
Work around OpenSSL SEGV when retrying PKCS#12 passphrase
This seems to have been fixed in OpenSSL 1.0.0-beta2 by
http://cvs.openssl.org/chngview?cn=17957 but still affects 0.9.8n.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 May 2010 12:21:20 +0000 (13:21 +0100)]
Add DragonFly BSD too
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 May 2010 11:44:30 +0000 (12:44 +0100)]
Document NetBSD support
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 May 2010 11:36:15 +0000 (12:36 +0100)]
Fix NetBSD build.
We need to include <netinet/in.h>, so do that unconditionally. And let
NetBSD use the Solaris code path for fsid handling.
Based on a patch from Pouya D. Tafti.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 May 2010 11:34:15 +0000 (12:34 +0100)]
Remove gratuitous -ldl from static OpenSSL link command
NetBSD doesn't like it.
Also remove the -lz and add an explicit -lz to LDFLAGS. We use that
directly, so we shouldn't be relying on getting it pulled in indirectly.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 May 2010 11:30:01 +0000 (12:30 +0100)]
Change OpenSSL version number check for const methods to 0.9.9
NetBSD 5.0 ships with an old pre-1.0 snapshot of OpenSSL, which has the
const methods already.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 19 Apr 2010 15:34:30 +0000 (16:34 +0100)]
Update hardware support list
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 16 Apr 2010 09:50:23 +0000 (10:50 +0100)]
Make some functions static
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Apr 2010 10:13:12 +0000 (11:13 +0100)]
Update TODO list to reflect current status
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 14 Apr 2010 13:23:47 +0000 (14:23 +0100)]
Improve handling of cert passphrase errors
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 14 Apr 2010 13:15:23 +0000 (14:15 +0100)]
Fix purpose workaround to build against OpenSSL 0.9.7
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 14 Apr 2010 13:13:17 +0000 (14:13 +0100)]
Move unhex() out of DTLS ifdef, to build with OpenSSL 0.9.7 again
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 14 Apr 2010 12:58:22 +0000 (13:58 +0100)]
Include ctype.h for isxdigit()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 13 Apr 2010 08:10:30 +0000 (09:10 +0100)]
Forget preconfigured password after one attempt; don't keep retrying.
Without this, we were seeing infinite retries to post the auth form, when
the password was wrong or the required certificate was absent.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 11 Apr 2010 16:39:59 +0000 (17:39 +0100)]
Use X-CSTP-Banner header to set $CISCO_BANNER
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 9 Apr 2010 09:55:06 +0000 (10:55 +0100)]
Tag version 2.23
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 9 Apr 2010 09:45:44 +0000 (10:45 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 9 Apr 2010 09:29:10 +0000 (10:29 +0100)]
Add --no-http-keepalive option to help work around Cisco incompetence.
We know that certain versions of the ASA software (8.2.2.5 at least) are
buggy and will 'forget' the client's SSL certificate by the time they
receive the second request on a re-used HTTP connection. We have an
unconditional workaround for the case where we _know_ that bug will
trip, in commit
357c85e8 ("Always close HTTP/1.0 connection...").
Cisco's support staff are completely useless and have failed to give any
competent response to the bug report -- so not only does it look like
they won't fix it, but we don't actually know what under _other_
circumstances this same bug might manifest itself.
This patch adds an option to disable _all_ connection re-use. The
intention is that users can try it out if they encounter problems, then
report to the mailing list that it worked so that we can work out how
to trigger it automatically.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 9 Apr 2010 09:00:45 +0000 (10:00 +0100)]
Fix Debian/kFreeBSD build
Debian bug #577004
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 6 Apr 2010 19:10:37 +0000 (20:10 +0100)]
Update instructions to note that script must be executable
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 5 Apr 2010 10:19:48 +0000 (11:19 +0100)]
Print notice about lack of DNS and routing if no --script
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 5 Apr 2010 09:07:42 +0000 (10:07 +0100)]
Change mainloop idle message to look less like 'Did not work'
That can cause confusion if it's misread.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 4 Apr 2010 23:08:21 +0000 (00:08 +0100)]
Print failing host name when getaddrinfo() fails
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 4 Apr 2010 22:58:00 +0000 (23:58 +0100)]
Print non-200 HTTP responses even without -v
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 4 Apr 2010 18:52:19 +0000 (19:52 +0100)]
Fix SEGV on 404
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 29 Mar 2010 09:17:30 +0000 (10:17 +0100)]
Cope with server certs without SSL_SERVER purpose bit set, with old OpenSSL
We already had a workaround, but it didn't work with OpenSSL < 0.9.8k so
we need to do it differently, by providing our own wrapper around
X509_verify_cert().
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 24 Mar 2010 20:59:45 +0000 (20:59 +0000)]
Note DTLS support in 0.9.8m release
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 18 Mar 2010 15:58:33 +0000 (15:58 +0000)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 11 Mar 2010 18:38:55 +0000 (10:38 -0800)]
Return error on refusing to run CSD trojan, rather than exiting
This fixes the error handling in the NM auth dialog. Fix the message so that
it doesn't refer to the command-line option, too.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 11 Mar 2010 18:04:00 +0000 (10:04 -0800)]
Add CSD support for NetworkManager auth dialog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 9 Mar 2010 00:50:50 +0000 (16:50 -0800)]
Handle proxy setting in NetworkManager, ignore unnecessary 'authtype'
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 7 Mar 2010 22:10:55 +0000 (14:10 -0800)]
Tag version 2.22
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 7 Mar 2010 21:34:08 +0000 (13:34 -0800)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 28 Feb 2010 22:39:05 +0000 (23:39 +0100)]
Always close HTTP/1.0 connection, even after Connection: Keep-Alive header.
Some servers seem to fail certificate authentication after the initial
redirect unless you make a new connection. I see no valid reason in the
HTTP spec why we should do this, but it makes things work...
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Jørgen Wahlberg [Sat, 27 Feb 2010 13:56:09 +0000 (14:56 +0100)]
Avoid using vpninfo->ifname before it's set.
Commit
78e461ce2d74d7772578a07785fd96c7b784efae ("Set script environment
earlier...") was broken because we end up trying to set the $TUNDEV
environment variable before vpninfo->ifname has actually been set.
[dwmw2: slightly modified Jørgen's original patch so that we do actually
set $TUNDEV later, otherwise the script won't work.]
Signed-off-by: Jørgen Wahlberg <jorgen@jaws.no>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 24 Feb 2010 12:43:20 +0000 (12:43 +0000)]
Set script environment earlier, so it applies to script_tun too
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 23 Feb 2010 14:03:18 +0000 (14:03 +0000)]
Fix build where AI_NUMERICSERV isn't defined (OSX < 1.6)
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 23 Feb 2010 13:51:43 +0000 (13:51 +0000)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 23 Feb 2010 13:48:38 +0000 (13:48 +0000)]
Pass port number to openconnect from NetworkManager.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Jussi Kukkonen [Tue, 23 Feb 2010 09:26:58 +0000 (11:26 +0200)]
Accept full urls in nm-auth-dialog
E.g. "<host>:<port>" will now work.
Signed-off-by: Jussi Kukkonen <jku@linux.intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 22 Feb 2010 14:44:49 +0000 (14:44 +0000)]
Fix handling of port numbers above 9999
We need to allow 5 digits in the port number, which means 6 characters
including the terminating NUL. The buffer was already big enough, but
the length argument to snprintf() wasn't. Spotted by Charles Bovy (thanks).
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 22 Feb 2010 14:43:30 +0000 (14:43 +0000)]
Handle relative redirect and form action
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 22 Feb 2010 14:09:25 +0000 (14:09 +0000)]
Handle allocation failure in HTTP 1.0 loop
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Adam Piątyszek [Fri, 12 Feb 2010 21:48:08 +0000 (22:48 +0100)]
Allocate extra byte for NUL termination after HTTP 1.0 read loop, not in it.
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Adam Piątyszek [Fri, 12 Feb 2010 21:45:19 +0000 (22:45 +0100)]
Free dynamically allocated memory before returning on errors
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Adam Piątyszek [Fri, 12 Feb 2010 14:26:19 +0000 (15:26 +0100)]
Use the somewhat misnamed proxy_write() function to write the CSD script
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Adam Piątyszek [Fri, 12 Feb 2010 14:25:40 +0000 (15:25 +0100)]
Dynamically allocate buffer size for downloaded CSD script
Thanks to David for his help in rewriting this patch and to actually
make it work.
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 3 Feb 2010 07:11:27 +0000 (07:11 +0000)]
Case-insensitive comparison for server SHA1 fingerprint
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 3 Feb 2010 06:19:34 +0000 (06:19 +0000)]
Fix exit code with --background option
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 24 Jan 2010 19:30:15 +0000 (08:30 +1300)]
No strndup() on Solaris. Yay Solaris!
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 10 Jan 2010 11:01:58 +0000 (11:01 +0000)]
Tag version 2.21
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 10 Jan 2010 10:12:17 +0000 (10:12 +0000)]
Fix typo in changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 9 Jan 2010 19:25:47 +0000 (19:25 +0000)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 9 Jan 2010 13:13:15 +0000 (13:13 +0000)]
Fix handling of HTTP 1.0 responses with Connection: Keep-Alive
An HTTP 1.0 response can keepalive and have a Connection-Length: header,
and this is seen in some cases with the initial redirect when we connect
to a VPN server (Red Hat bug #553817). Fix and clean up the response
handling code accordingly.
I _really_ wish I didn't have to write my own HTTP code, and that one of
the available libraries was actually able to support SSL connections
with a certificate from a TPM.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 9 Jan 2010 13:09:48 +0000 (13:09 +0000)]
Be case-insensitive in HTTP fields (and comparing hostname for redirects)
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 5 Jan 2010 12:53:35 +0000 (12:53 +0000)]
Check return value from asprintf()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 5 Jan 2010 12:52:38 +0000 (12:52 +0000)]
Check return value from system()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 4 Jan 2010 16:06:59 +0000 (16:06 +0000)]
Tag version 2.20
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 3 Jan 2010 18:28:35 +0000 (18:28 +0000)]
Fix HTTP 1.0 body fetch.
Not that we should ever really see one.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 3 Jan 2010 18:22:40 +0000 (18:22 +0000)]
Fix handling of 'HTTP/1.1 100 Continue' response
When we jump back to 'cont' it needs to fetch the next response line,
not just check the existing contents of the buffer (which will be an
empty line).
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 3 Jan 2010 18:18:53 +0000 (18:18 +0000)]
Really, don't shut down SSL twice
It's the one in redirect handling that needs to check whether the
connection is already closed. The one in process_http_response() can't
possibly happen when the connection is already closed.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 3 Jan 2010 16:34:47 +0000 (16:34 +0000)]
Free host URL after parsing
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 3 Jan 2010 08:37:42 +0000 (08:37 +0000)]
Mention SOCKS support in feature list
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 3 Jan 2010 08:37:26 +0000 (08:37 +0000)]
Clarify that -P argument takes a URL, admit to SOCKS support
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 2 Jan 2010 19:55:44 +0000 (19:55 +0000)]
Clean up libproxy.h and if_tun.h detection for cross-compilation
Looking in /usr/include was silly. This is one thing that autoconf would
help with, but at a cost that I'm not really willing to pay.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 2 Jan 2010 19:43:27 +0000 (19:43 +0000)]
Don't include net/if_tun.h twice on Solaris
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 2 Jan 2010 17:32:02 +0000 (17:32 +0000)]
Remove SOCKS from TODO list
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>