David Woodhouse [Fri, 6 Nov 2009 11:16:08 +0000 (11:16 +0000)]
Consolidate http cookie addition
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 5 Nov 2009 12:26:10 +0000 (12:26 +0000)]
Warn when running Linux CSD trojan on non-Linux system
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 4 Nov 2009 09:38:05 +0000 (09:38 +0000)]
Tag version 2.10
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 4 Nov 2009 08:55:26 +0000 (08:55 +0000)]
Web page update
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 4 Nov 2009 07:56:13 +0000 (07:56 +0000)]
Change csd user option name
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 19:25:59 +0000 (19:25 +0000)]
Point to vpnc-scripts repo for Solaris
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 18:51:48 +0000 (18:51 +0000)]
Netmask is optional
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 18:51:15 +0000 (18:51 +0000)]
Set $INTERNAL_IP4_NETMASKLEN and $INTERNAL_IP4_NETADDR correctly.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 16:10:15 +0000 (16:10 +0000)]
Add OpenSolaris support to doc
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 16:07:22 +0000 (16:07 +0000)]
Add tun/tap support for Solaris
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 15:43:25 +0000 (15:43 +0000)]
Move tunnel shutdown into tun.c
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 15:40:05 +0000 (15:40 +0000)]
Fix includes for Solaris
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 15:39:32 +0000 (15:39 +0000)]
Use AI_NUMERICSERV; don't rely on https being in /etc/services. Yay Solaris!
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 15:38:45 +0000 (15:38 +0000)]
Use statvfs() on Solaris
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 15:38:02 +0000 (15:38 +0000)]
Provide local implementation of strcasestr for Solaris
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 2 Nov 2009 12:18:24 +0000 (12:18 +0000)]
Clarify the fact that DTLS support isn't required
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 2 Nov 2009 10:39:46 +0000 (10:39 +0000)]
Documentation updates
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 2 Nov 2009 10:36:20 +0000 (10:36 +0000)]
Enable IPv6
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 2 Nov 2009 10:28:48 +0000 (10:28 +0000)]
Attempt to handle IPv6
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 2 Nov 2009 09:54:51 +0000 (09:54 +0000)]
Kill packet type field; IPv6 and Legacy IP are carried identically
... so there's no need to remember what type of packet it is.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 19 Oct 2009 05:40:31 +0000 (14:40 +0900)]
Change verbosity with SIGUSR[12]
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 19 Oct 2009 02:56:44 +0000 (11:56 +0900)]
Move TCP closure detection to cstp.c, make it reconnect when it happens
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 8 Oct 2009 16:44:21 +0000 (17:44 +0100)]
Handle SIGTERM and disconnect cleanly
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Erik Mouw [Mon, 5 Oct 2009 19:53:05 +0000 (21:53 +0200)]
Add .PHONY target to Makefile
Signed-off-by: Erik Mouw <mouw@nl.linux.org>
Erik Mouw [Mon, 21 Sep 2009 11:40:04 +0000 (13:40 +0200)]
Added target realclean that also removes backup files
Signed-off-by: Erik Mouw <mouw@nl.linux.org>
Erik Mouw [Mon, 21 Sep 2009 10:55:50 +0000 (12:55 +0200)]
Check return value of write(2) and print an error if it fails.
Signed-off-by: Erik Mouw <mouw@nl.linux.org>
Erik Mouw [Mon, 21 Sep 2009 10:47:32 +0000 (12:47 +0200)]
Git should ignore backup files and Emacs temp files
Signed-off-by: Erik Mouw <mouw@nl.linux.org>
Erik Mouw [Mon, 21 Sep 2009 10:45:56 +0000 (12:45 +0200)]
Save errno because fprintf() could overwrite it
Signed-off-by: Erik Mouw <mouw@nl.linux.org>
Erik Mouw [Mon, 21 Sep 2009 10:40:49 +0000 (12:40 +0200)]
open(2) returns a negative value in case of an error
The previous test was !config_fd which fails exactly when most needed
(i.e.: when open(2) actually returns an error). The correct test is to
check for negative return values.
Signed-off-by: Erik Mouw <mouw@nl.linux.org>
David Woodhouse [Sat, 3 Oct 2009 09:54:34 +0000 (10:54 +0100)]
Fix compiler warnings
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 3 Oct 2009 09:54:19 +0000 (10:54 +0100)]
Fix compiler warnings with OpenSSL 1.0.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 3 Oct 2009 09:06:49 +0000 (10:06 +0100)]
Update changelog for HEAD, update distro status
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 3 Oct 2009 08:59:25 +0000 (09:59 +0100)]
Fix bye packet length
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 3 Oct 2009 08:50:24 +0000 (09:50 +0100)]
Recognise private keys generated with OpenSSL 1.0.0 (Fedora 12)
These say '-----BEGIN ENCRYPTED PRIVATE KEY-----'.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Adam Piątyszek [Mon, 21 Sep 2009 21:43:41 +0000 (23:43 +0200)]
Require "--setuid-csd=USER" option for servers with CSD functionality.
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Thu, 17 Sep 2009 20:08:42 +0000 (22:08 +0200)]
Merge remote branch 'upstream/master'
David Woodhouse [Thu, 17 Sep 2009 12:48:45 +0000 (13:48 +0100)]
Fix disconnect packet
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Adam Piątyszek [Fri, 21 Aug 2009 20:29:38 +0000 (22:29 +0200)]
Provide a list of authors and contributors
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Fri, 21 Aug 2009 20:27:59 +0000 (22:27 +0200)]
Drop root privileges during execution of CSD script
A new option "--setuid-csd=USER" is provided, which means that
a separate user can be used for CSD script execution.
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
David Woodhouse [Thu, 20 Aug 2009 11:10:33 +0000 (12:10 +0100)]
Don't try to do SSL negotiation on a socket which failed to connect
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Antonio Borneo [Fri, 7 Aug 2009 08:43:44 +0000 (10:43 +0200)]
Drop root privileges before running CSD code
This functionallity requires a valid user provided on the command
line with "-U".
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Antonio Borneo [Fri, 7 Aug 2009 08:42:31 +0000 (10:42 +0200)]
Fix compile time warning
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Adam Piątyszek [Tue, 4 Aug 2009 20:05:04 +0000 (22:05 +0200)]
Fix Makefile so "make clean" removes nm-openconnect-auth-dialog
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Tue, 4 Aug 2009 20:04:00 +0000 (22:04 +0200)]
Update .gitignore (anyconnect -> openconnect)
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
David Woodhouse [Tue, 4 Aug 2009 19:18:03 +0000 (20:18 +0100)]
Admit --useragent option
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 4 Aug 2009 19:17:26 +0000 (20:17 +0100)]
Admit CSD support
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 4 Aug 2009 19:14:06 +0000 (20:14 +0100)]
Merge branch 'master' of git://git.infradead.org/~ediap/openconnect-csd2
Antonio Borneo [Sun, 2 Aug 2009 18:26:43 +0000 (20:26 +0200)]
Support cookies in a CSD way
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Adam Piątyszek [Sun, 2 Aug 2009 18:24:58 +0000 (20:24 +0200)]
Use common implementation for get_cert_XYZ_fingerprint() functions
Specialized functions get_gert_md5_fingerprint() and
get_cert_sha1_fingerprint() call get_cert_fingerprint() function.
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Sun, 2 Aug 2009 17:20:32 +0000 (19:20 +0200)]
Pass MD5 fingerprints of client/server certificates to the CSD script
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Sun, 2 Aug 2009 17:32:08 +0000 (19:32 +0200)]
Code refactoring (get_cert_fingerprint -> get_cert_sha1_fingerprint)
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Tue, 21 Jul 2009 09:53:05 +0000 (11:53 +0200)]
Minor fixes of quotation marks in CSD script arguments
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
David Woodhouse [Tue, 21 Jul 2009 09:19:48 +0000 (10:19 +0100)]
Fix most arguments to csd script
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 21 Jul 2009 08:52:49 +0000 (09:52 +0100)]
quick hack to handle refresh
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 21 Jul 2009 08:52:28 +0000 (09:52 +0100)]
Fix double free of stuburl
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 21 Jul 2009 08:20:14 +0000 (09:20 +0100)]
Use redirect handling for form action and csd
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 21 Jul 2009 08:16:02 +0000 (09:16 +0100)]
Delete CSD script after authentication, use CSD only once
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 21 Jul 2009 08:06:41 +0000 (09:06 +0100)]
fix csd script running
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Adam Piątyszek [Tue, 4 Aug 2009 12:05:40 +0000 (14:05 +0200)]
Remove leading '/' from csd_stuburl and csd_waiturl strings
This was necessary, because of connection errors when using:
"xxx.yyy.com//CACHE/sdesktop/install/binaries/sfinst"
FIXME: this should be implemented in a more generic way!
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Tue, 4 Aug 2009 12:04:22 +0000 (14:04 +0200)]
Do not overwrite the csd_token and csd_ticket strings
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Tue, 4 Aug 2009 12:02:49 +0000 (14:02 +0200)]
Double the buffer size to 128KB
The downloaded CSD package has almost 69KB, so 64KB was not enough.
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
David Woodhouse [Tue, 4 Aug 2009 11:17:36 +0000 (12:17 +0100)]
Fix default useragent string
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Antonio Borneo [Tue, 4 Aug 2009 11:15:41 +0000 (12:15 +0100)]
Select User-Agent field
Cisco device logs User-Agent: string, as explained in
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect23/release/notes/anyconnect23rn.html#wp908512
This patch let you change OpenConnect default User-Agent: string from
command line.
e.g. --useragent 'Cisco AnyConnect VPN Agent for Windows 2.2.0133'
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 20 Jul 2009 22:24:08 +0000 (23:24 +0100)]
First attempt at CSD support
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 20 Jul 2009 12:38:30 +0000 (13:38 +0100)]
Allow parse_xml_response to redirect
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 20 Jul 2009 12:07:53 +0000 (13:07 +0100)]
Add mailing list
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 24 Jun 2009 17:30:34 +0000 (18:30 +0100)]
Tag version 2.01
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 24 Jun 2009 17:29:50 +0000 (18:29 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 23 Jun 2009 21:42:19 +0000 (22:42 +0100)]
Don't clear vpninfo->dtls_cipher on CSTP reconnect
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 16 Jun 2009 16:03:06 +0000 (17:03 +0100)]
Don't free certs while building chain
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 16 Jun 2009 14:03:42 +0000 (15:03 +0100)]
Fix install target
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 16 Jun 2009 08:20:31 +0000 (09:20 +0100)]
Mention FreeBSD port
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 10 Jun 2009 17:02:37 +0000 (18:02 +0100)]
Give up permanently when no DTLS cipher; don't keep complaining
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 4 Jun 2009 10:52:24 +0000 (11:52 +0100)]
Don't add duplicate certs
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 4 Jun 2009 10:45:07 +0000 (11:45 +0100)]
Use SSL_CTX_use_certificate_chain_file() to load extra certs too
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 3 Jun 2009 12:05:24 +0000 (13:05 +0100)]
Tag version 2.00
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 3 Jun 2009 12:04:27 +0000 (13:04 +0100)]
Update web page with tag
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 3 Jun 2009 11:32:52 +0000 (12:32 +0100)]
Add missing </LI> tags to changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 3 Jun 2009 11:08:01 +0000 (12:08 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 3 Jun 2009 10:16:25 +0000 (11:16 +0100)]
Fix documentation for --servercert option
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 3 Jun 2009 09:47:10 +0000 (10:47 +0100)]
Clean up Makefile detection of gtk/gconf, check for openssl includes
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 3 Jun 2009 09:46:42 +0000 (10:46 +0100)]
Clean up warning seen on MacOS build
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 3 Jun 2009 08:40:06 +0000 (09:40 +0100)]
Fix printf format for st_size
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 3 Jun 2009 08:37:09 +0000 (09:37 +0100)]
Remove GNUism from Makefile by printing new version in version.sh
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 3 Jun 2009 08:05:09 +0000 (09:05 +0100)]
Clean up version.sh
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 2 Jun 2009 22:38:46 +0000 (23:38 +0100)]
Remove bashisms from version.sh
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 2 Jun 2009 21:49:25 +0000 (22:49 +0100)]
Grab focus on first widget which needs entry in the form
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 2 Jun 2009 16:41:22 +0000 (17:41 +0100)]
Abort if certificate load fails, rather than continuing anyway
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 2 Jun 2009 16:35:47 +0000 (17:35 +0100)]
Only save form entries if not cancelled.. and if they're non-NULL
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 2 Jun 2009 16:26:28 +0000 (17:26 +0100)]
Use fingerprint for comparing certificates, not signature
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 2 Jun 2009 12:20:21 +0000 (13:20 +0100)]
update compatibility notes
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 2 Jun 2009 10:59:39 +0000 (11:59 +0100)]
changelog update
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 2 Jun 2009 10:56:04 +0000 (11:56 +0100)]
More OpenSSL-0.9.7 compatibility
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 2 Jun 2009 10:54:41 +0000 (11:54 +0100)]
Clean up certificate purpose workaround
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 2 Jun 2009 10:51:34 +0000 (11:51 +0100)]
Build against old OpenSSL without DTLS support (OSX, OpenBSD)
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 1 Jun 2009 19:53:19 +0000 (20:53 +0100)]
Include <arpa/inet.h> for ntohl()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 1 Jun 2009 19:40:01 +0000 (20:40 +0100)]
Include appropriate headers for statfs() on FreeBSD and OSX
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 1 Jun 2009 18:05:35 +0000 (19:05 +0100)]
Discard all but Legacy IP packets on VPN transmit
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 1 Jun 2009 17:58:57 +0000 (18:58 +0100)]
Weird tun prefix is only OpenBSD
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 1 Jun 2009 17:41:46 +0000 (18:41 +0100)]
Handle tun prefixing with AF_INET on BSD
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>