Consolidate http cookie addition

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Warn when running Linux CSD trojan on non-Linux system

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tag version 2.10

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Web page update

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Change csd user option name

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Point to vpnc-scripts repo for Solaris

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Netmask is optional

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Set $INTERNAL_IP4_NETMASKLEN and $INTERNAL_IP4_NETADDR correctly.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add OpenSolaris support to doc

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add tun/tap support for Solaris

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Move tunnel shutdown into tun.c

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix includes for Solaris

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use AI_NUMERICSERV; don't rely on https being in /etc/services. Yay Solaris!

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use statvfs() on Solaris

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Provide local implementation of strcasestr for Solaris

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Clarify the fact that DTLS support isn't required

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Documentation updates

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Enable IPv6

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Attempt to handle IPv6

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Kill packet type field; IPv6 and Legacy IP are carried identically

... so there's no need to remember what type of packet it is.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Change verbosity with SIGUSR[12]

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Move TCP closure detection to cstp.c, make it reconnect when it happens

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Handle SIGTERM and disconnect cleanly

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add .PHONY target to Makefile

Signed-off-by: Erik Mouw <mouw@nl.linux.org>

Added target realclean that also removes backup files

Signed-off-by: Erik Mouw <mouw@nl.linux.org>

Check return value of write(2) and print an error if it fails.

Signed-off-by: Erik Mouw <mouw@nl.linux.org>

Git should ignore backup files and Emacs temp files

Signed-off-by: Erik Mouw <mouw@nl.linux.org>

Save errno because fprintf() could overwrite it

Signed-off-by: Erik Mouw <mouw@nl.linux.org>

open(2) returns a negative value in case of an error

The previous test was !config_fd which fails exactly when most needed
(i.e.: when open(2) actually returns an error). The correct test is to
check for negative return values.

Signed-off-by: Erik Mouw <mouw@nl.linux.org>

Fix compiler warnings

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix compiler warnings with OpenSSL 1.0.0

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update changelog for HEAD, update distro status

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix bye packet length

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Recognise private keys generated with OpenSSL 1.0.0 (Fedora 12)

These say '-----BEGIN ENCRYPTED PRIVATE KEY-----'.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Require "--setuid-csd=USER" option for servers with CSD functionality.

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>

Merge remote branch 'upstream/master'

Fix disconnect packet

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Provide a list of authors and contributors

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>

Drop root privileges during execution of CSD script

A new option "--setuid-csd=USER" is provided, which means that
a separate user can be used for CSD script execution.

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>

Don't try to do SSL negotiation on a socket which failed to connect

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Drop root privileges before running CSD code

This functionallity requires a valid user provided on the command
line with "-U".

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>

Fix compile time warning

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>

Fix Makefile so "make clean" removes nm-openconnect-auth-dialog

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>

Update .gitignore (anyconnect -> openconnect)

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>

Admit --useragent option

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Admit CSD support

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Merge branch 'master' of git://git.infradead.org/~ediap/openconnect-csd2

Support cookies in a CSD way

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>

Use common implementation for get_cert_XYZ_fingerprint() functions

Specialized functions get_gert_md5_fingerprint() and
get_cert_sha1_fingerprint() call get_cert_fingerprint() function.

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>

Pass MD5 fingerprints of client/server certificates to the CSD script

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>

Code refactoring (get_cert_fingerprint -> get_cert_sha1_fingerprint)

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>

Minor fixes of quotation marks in CSD script arguments

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>

Fix most arguments to csd script

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

quick hack to handle refresh

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix double free of stuburl

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use redirect handling for form action and csd

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Delete CSD script after authentication, use CSD only once

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

fix csd script running

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove leading '/' from csd_stuburl and csd_waiturl strings

This was necessary, because of connection errors when using:
"xxx.yyy.com//CACHE/sdesktop/install/binaries/sfinst"
FIXME: this should be implemented in a more generic way!

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>

Do not overwrite the csd_token and csd_ticket strings

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>

Double the buffer size to 128KB

The downloaded CSD package has almost 69KB, so 64KB was not enough.

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>

Fix default useragent string

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Select User-Agent field

Cisco device logs User-Agent: string, as explained in
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect23/release/notes/anyconnect23rn.html#wp908512
This patch let you change OpenConnect default User-Agent: string from
command line.

e.g. --useragent 'Cisco AnyConnect VPN Agent for Windows 2.2.0133'

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

First attempt at CSD support

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Allow parse_xml_response to redirect

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add mailing list

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tag version 2.01

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update changelog

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Don't clear vpninfo->dtls_cipher on CSTP reconnect

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Don't free certs while building chain

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix install target

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Mention FreeBSD port

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Give up permanently when no DTLS cipher; don't keep complaining

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Don't add duplicate certs

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use SSL_CTX_use_certificate_chain_file() to load extra certs too

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tag version 2.00

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update web page with tag

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add missing </LI> tags to changelog

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update changelog

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix documentation for --servercert option

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Clean up Makefile detection of gtk/gconf, check for openssl includes

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Clean up warning seen on MacOS build

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix printf format for st_size

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove GNUism from Makefile by printing new version in version.sh

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Clean up version.sh

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove bashisms from version.sh

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Grab focus on first widget which needs entry in the form

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Abort if certificate load fails, rather than continuing anyway

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Only save form entries if not cancelled.. and if they're non-NULL

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use fingerprint for comparing certificates, not signature

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

update compatibility notes

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

changelog update

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

More OpenSSL-0.9.7 compatibility

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Clean up certificate purpose workaround

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Build against old OpenSSL without DTLS support (OSX, OpenBSD)

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Include <arpa/inet.h> for ntohl()

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Include appropriate headers for statfs() on FreeBSD and OSX

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Discard all but Legacy IP packets on VPN transmit

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Weird tun prefix is only OpenBSD

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Handle tun prefixing with AF_INET on BSD

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>