David Woodhouse [Thu, 3 Nov 2011 00:57:22 +0000 (00:57 +0000)]
Fix out-of-source-tree invocation of version.sh
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 3 Nov 2011 00:51:50 +0000 (00:51 +0000)]
Fix out-of-source-tree build of web pages
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 31 Oct 2011 12:28:54 +0000 (12:28 +0000)]
Remove -Wundef and -Wmissing-noreturn from default CFLAGS
These just cause unwanted noise.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 29 Oct 2011 13:33:36 +0000 (15:33 +0200)]
Attempt to build without NLS if intltool isn't available
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 28 Oct 2011 22:04:12 +0000 (00:04 +0200)]
Pointers to translated strings must be const
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 28 Oct 2011 21:42:12 +0000 (23:42 +0200)]
Fix arithmetic on void pointers in cstp.c
This is a gccism and not portable. And could have been dereferencing an
unaligned pointer too. Thanks to Florian Wobbe for pointing it out.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 28 Oct 2011 10:19:21 +0000 (12:19 +0200)]
Update translations from Transifex
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 28 Oct 2011 10:19:08 +0000 (12:19 +0200)]
Fix newlines in nl translations
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 24 Oct 2011 12:01:59 +0000 (14:01 +0200)]
Update translations from Transifex
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 Oct 2011 23:30:18 +0000 (00:30 +0100)]
Make usage help output translatable
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 Oct 2011 22:57:42 +0000 (23:57 +0100)]
Add maintainer mode
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 Oct 2011 22:54:20 +0000 (23:54 +0100)]
Make more strings translatable
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 Oct 2011 22:41:31 +0000 (23:41 +0100)]
Fix newlines in nl translations
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 Oct 2011 22:04:09 +0000 (23:04 +0100)]
Update translations from Transifex
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 4 Oct 2011 13:25:30 +0000 (14:25 +0100)]
Update translations from Transifex
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 4 Oct 2011 11:29:34 +0000 (12:29 +0100)]
Add update-translations make target
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 30 Sep 2011 21:46:17 +0000 (22:46 +0100)]
Tag version 3.13
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 30 Sep 2011 20:18:58 +0000 (21:18 +0100)]
Add openconnect_set_cert_expiry_warning() to library
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 30 Sep 2011 12:49:49 +0000 (13:49 +0100)]
Update translations from Transifex
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 29 Sep 2011 19:57:59 +0000 (20:57 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 29 Sep 2011 15:47:49 +0000 (16:47 +0100)]
Add --cert-expire-warning,-e option to set warning level
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 29 Sep 2011 15:18:01 +0000 (16:18 +0100)]
Make certificate expiry warning time variable (still default 60 days)
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 29 Sep 2011 15:17:41 +0000 (16:17 +0100)]
Clean up DTLS Session-ID length warning
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 29 Sep 2011 12:45:23 +0000 (13:45 +0100)]
Switch to using PNG image in web site. Android can't show SVG. Still!
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 28 Sep 2011 23:16:43 +0000 (00:16 +0100)]
Update transations from Transifex
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 28 Sep 2011 23:15:44 +0000 (00:15 +0100)]
Add OpenSuSE to distribution status list
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 28 Sep 2011 22:51:20 +0000 (23:51 +0100)]
Man page update: clarify which fsid is used, forget Solaris tuntap IPv6 patch.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 28 Sep 2011 22:06:33 +0000 (23:06 +0100)]
Add links to manual page, don't number 'started' subpages
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 28 Sep 2011 22:06:23 +0000 (23:06 +0100)]
Fix header on connecting page
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 28 Sep 2011 22:05:34 +0000 (23:05 +0100)]
Fix up distro status page.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 28 Sep 2011 01:41:37 +0000 (02:41 +0100)]
Use automake for www/ directory
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 28 Sep 2011 00:40:06 +0000 (01:40 +0100)]
Update new web pages in release, not openconnect.html
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 27 Sep 2011 22:47:17 +0000 (23:47 +0100)]
Add new version of web pages
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 27 Sep 2011 14:22:21 +0000 (15:22 +0100)]
Translatability fix for 'Discard bad split xxclude' message
Thanks to Jussi Kukkonen for pointing it out.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 27 Sep 2011 10:52:39 +0000 (11:52 +0100)]
Add Transifex config file so 'tx pull' works in any checkout.
Would be nicer if it worked anonymously rather than having to have an account.
For that see http://trac.transifex.org/ticket/740
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 27 Sep 2011 10:51:54 +0000 (11:51 +0100)]
Add (empty) translation files from Transifex
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 25 Sep 2011 22:27:00 +0000 (23:27 +0100)]
Add error message when SSL cert fails
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 23 Sep 2011 20:32:00 +0000 (21:32 +0100)]
Fix build instructions on web page.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 23 Sep 2011 09:50:49 +0000 (10:50 +0100)]
Reduce certificate warning to PRG_INFO
We're going to call back into the validate_peer_cert() function anyway.
Let it handle things properly.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 22 Sep 2011 22:01:00 +0000 (23:01 +0100)]
Use dgettext() so the domain is always correct even in libopenconnect
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 22 Sep 2011 21:09:27 +0000 (22:09 +0100)]
Make user-visible strings translatable
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 22 Sep 2011 14:50:50 +0000 (15:50 +0100)]
Add translation support
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 22 Sep 2011 13:38:24 +0000 (14:38 +0100)]
Fix libproxy build.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 22 Sep 2011 13:11:06 +0000 (14:11 +0100)]
Fix DTLS-may-fail warning when built against OpenSSL 1.0.0e and run with older
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 22:18:13 +0000 (23:18 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 20:56:27 +0000 (21:56 +0100)]
Refactor xmlnode_msg() not to use server-provided string as asprintf() format.
auth.c: In function 'xmlnode_msg':
auth.c:287:2: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]
There wasn't actually a problem here; we *were* vetting the string. But this
is cleaner and stops the compiler bitching.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 17:41:04 +0000 (18:41 +0100)]
Fix handling of vpninfo->ifname. Always strdup()
We don't actually free it; there will only be one instance during the whole
lifetime of the openconnect process. But stop the compiler bitching about it.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 17:40:20 +0000 (18:40 +0100)]
Make in_ex and route args to process_split_xxclude const
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 17:38:19 +0000 (18:38 +0100)]
Fix another const char warning in start_cstp_connection()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 17:35:15 +0000 (18:35 +0100)]
Make vpninfo->quit_reason const to avoid compiler complaints
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 17:24:17 +0000 (18:24 +0100)]
Avoid unused 'autoproxy' variable when built without libproxy support.
If we change the way we detect and abort, we can *check* that variable
that the compiler is complaining about.
I just noticed that libproxy support isn't working; OPENCONNECT_LIBPROXY
is never being defined. Will fix that shortly...
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 17:09:43 +0000 (18:09 +0100)]
Make 'base' arg to openconnect_create_useragent() const
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 17:06:45 +0000 (18:06 +0100)]
Make usage() static to avoid compiler complaints
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 17:01:48 +0000 (18:01 +0100)]
Fix compiler warnings about constness of csd_argv[]
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 17:00:12 +0000 (18:00 +0100)]
Make parse_xml_response() method and request_body_type args const
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 16:57:57 +0000 (17:57 +0100)]
Make 'print_equals' string const to avoid compiler complaints
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 16:48:54 +0000 (17:48 +0100)]
Fix char pointers in check_certificate_expiry() to be const
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 16:47:06 +0000 (17:47 +0100)]
Make match_cert_hostname() static to avoid compiler complaints
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 11:33:09 +0000 (12:33 +0100)]
Enable various compiler warnings
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 10:24:19 +0000 (11:24 +0100)]
Enable AM_SILENT_RULES so that warnings are more visible.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 15 Sep 2011 12:37:42 +0000 (13:37 +0100)]
Clean up DTLS timer workaround to make it work with Debian OpenSSL, hopefully
The Debian libraries don't export dtls1_stop_timer() since it's supposed to
be an internal function. But thankfully I think we can do it manually. This
sucks; it means that a misguided attempt at restricting us has forced us
into poking at even *more* internal stuff than we ever wanted to. Yay Debian.
Try to make it slightly less insane by putting upper and lower bounds on
the versions for which we'll do it: We know that OpenSSL 1.0.0e and
above won't be resending the ChangeCipherSpec messages anyway, because
of the fix for OpenSSL RT#2505. I'm dubious about that being the correct
thing to do, but it's working and it matches the Cisco client so I'm going
to try not to think about it too hard.
Also stop *defining* SSL_OP_CISCO_ANYCONNECT for ourselves, and simply
refuse to build DTLS support if it's absent. That patch is merged into
OpenSSL long ago, so we are effectively requiring 0.9.8m or above.
That version is, by coincidence, also the first version where our own
dirty reimplementation of dtls1_stop_timer() is valid. If someone does
backport the Cisco compatibility patch to even-more-ancient OpenSSL than
that, they'd best make sure they backport the other fixes too.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 11 Sep 2011 23:56:23 +0000 (00:56 +0100)]
Tag version 3.12
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 9 Sep 2011 20:18:43 +0000 (21:18 +0100)]
Print SHA1 fingerprint with server certificate details.
...so that it can be used with --servercert next time.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Steven Allen [Fri, 9 Sep 2011 20:10:53 +0000 (21:10 +0100)]
Add --pid-file option
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 8 Sep 2011 13:05:46 +0000 (14:05 +0100)]
Fix DTLS compatibility with ASA firmware 8.4.1(11) and above.
It seems to get very upset when we resend our ChangeCipherSpec messages,
as the RFC says we're supposed to do. Without a periodic resend, if the
original did get lost in transit, the server wouldn't be able to decrypt
any of our data packets.
Perhaps there's something "wrong" with our packets; the ChangeCipherSpec
messages is is one of the areas in which Cisco's "speshul" version of
DTLS differs from RFC4347. But the Cisco client doesn't seem to resend it
at all, ever. Making it hard to tell what Cisco want it to look like,
unless we wanted to reverse-engineer their code. Which we don't.
If Cisco get away without resending, I suppose we can, until/unless we
work it out. DPD should mostly let us get away with it, because if the
first packet *does* get lost, DPD will soon tell us that the DTLS
connection is dead and we'll make a new one. Sucks, but that's what you
get for using crappy not-quite-RFC-compliant kit. Yay Cisco. Why not join
us in 2006 and start using the proper standard? It's not even as if it'd
be hard to support both in parallel for a while.
Thanks to Eric Barkie for the initial diagnosis.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 24 Aug 2011 08:56:16 +0000 (09:56 +0100)]
Changelog entry for build fixes
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 16 Aug 2011 11:09:34 +0000 (05:09 -0600)]
Fix build failure with ancient OpenSSL lacking SSL_OP_NO_TICKET
If it doesn't support the ticket extension, that means we don't need
to stop it from *sending* the ticket extension...
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Svante Signell [Tue, 16 Aug 2011 10:24:19 +0000 (12:24 +0200)]
Fix build failure on GNU Hurd (Debian bug #637362)
Currently openconnect does not compile on hurd-i386. The problem is a
missing inclusion of sys/statfs.h in ssl.c. The inlined patch fixes
this issue.
Signed-off-by: svante.signell@telia.com
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Ilia Kats [Tue, 26 Jul 2011 16:14:21 +0000 (18:14 +0200)]
Add zlib to linker line to fix building on Debian
Signed-off-by: Ilia Kats <ilia-kats@gmx.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 21 Jul 2011 00:36:36 +0000 (17:36 -0700)]
Tag version 3.11
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 20 Jul 2011 16:41:39 +0000 (09:41 -0700)]
Output to stderr too in Android's syslog_progress()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 19 Jul 2011 06:32:22 +0000 (23:32 -0700)]
Mention Android in supported platforms
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Jason Cooper [Mon, 18 Jul 2011 18:50:57 +0000 (18:50 +0000)]
android: fix typo in #include header
Signed-off-by: Jason Cooper <cyanogen@lakedaemon.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Jason Cooper [Fri, 15 Jul 2011 01:38:49 +0000 (01:38 +0000)]
Android build support.
[dwmw2: Clean up file lists, define IF_TUN_HDR]
Signed-off-by: Jason Cooper <cyanogen@lakedaemon.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Jason Cooper [Fri, 15 Jul 2011 17:51:12 +0000 (10:51 -0700)]
Add Android logging support
[dwmw2: make it use the --syslog option instead of removing it]
Signed-off-by: Jason Cooper <cyanogen@lakedaemon.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 15 Jul 2011 17:22:41 +0000 (10:22 -0700)]
Remove <sys/syslog.h> inclusion. It should be <syslog.h>
Android doesn't have <sys/syslog.h>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 15 Jul 2011 17:21:02 +0000 (10:21 -0700)]
Make TPM ENGINE support optional
Android's OpenSSL doesn't have ENGINE support; don't require it.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 15 Jul 2011 17:19:57 +0000 (10:19 -0700)]
Changelog entry for the switch back to TLSv1
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 15 Jul 2011 15:03:58 +0000 (08:03 -0700)]
Use TLSv1 again, but with no extensions.
In commit
3bee59cd8c4fd6dc38bc2c7d5edb9b5795509fca ("Use SSLv3 not TLSv1")
we switched to SSLv3 to avoid problems with VPN servers (or firewalls)
which reject extensions in ClientHello. Another user now reports that
using SSLv3 is failing, and he needs to use TLSv1.
Testing confirms that the originally problematic server *does* work with
TLSv1, as long as we disable the session ticket extension. So that makes
everyone happy... for now, until a new extension is invented and enabled
by default, and we have to block that too. It's a shame that there's no
SSL_OP_NO_EXTENSIONS which would turn them *all* off.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 29 Jun 2011 23:30:08 +0000 (00:30 +0100)]
Tag version 3.10
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 29 Jun 2011 23:28:47 +0000 (00:28 +0100)]
Note the existence of KDE support for NetworkManager + openconnect
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 29 Jun 2011 18:31:01 +0000 (19:31 +0100)]
Silence output from tag checks
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 29 Jun 2011 18:26:15 +0000 (19:26 +0100)]
Remove debugging from uncommitted-check rule
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 27 Jun 2011 12:01:00 +0000 (13:01 +0100)]
Add 'make tmp-dist' for testing tarballs, to work around the tag check
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 27 Jun 2011 11:26:37 +0000 (12:26 +0100)]
Check for repeated tags in 'make tag'
And remove the ifdef VERSION, since $(VERSION) is always defined now.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 27 Jun 2011 11:19:28 +0000 (12:19 +0100)]
Fix dist-hook to enforce being at $(VERSION)
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 27 Jun 2011 01:30:53 +0000 (02:30 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 27 Jun 2011 00:35:35 +0000 (01:35 +0100)]
Switch to using autohate :(
I really didn't want to do this, but much as I hate libtool it is the
easiest way to portably build shared libraries, and we really do need
to build libopenconnect as a shared library. And having used libtool
we might as well concede entirely and use autoconf/automake.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 27 Jun 2011 00:45:49 +0000 (01:45 +0100)]
Add openconnect_vpninfo_new_with_cbdata() function to ease C++ integration
C++ callers really want the 'self' object pointer to be the first argument
of the callbacks. Give them the chance to get that, instead of the vpninfo
pointer.
Preserve the old openconnect_vpninfo_new() call, even with the same
prototype for the callback functions, for compatibility with the existing
GNOME auth-dialog.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 29 May 2011 08:25:50 +0000 (09:25 +0100)]
Explicitly require pkg-config. It's not installed by default on OS X
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 29 May 2011 08:16:08 +0000 (09:16 +0100)]
Add 'reconnect' invocation of vpnc-script, to re-ensure routing/DNS setup
If we reconnect because of an actual local network disconnect/reconnect, then
something (DHCP, etc.) may have screwed up the routing and DNS according to
the local configuration. Give the script a chance to remedy that.
With iproute (i.e. modern Linux) it ought to work just to make vpnc-script
do the same as it does on 'connect'. For other systems it's somewhat harder.
For now vpnc-script will ignore it, anyway.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 11 May 2011 11:04:25 +0000 (12:04 +0100)]
Use 'openssl' pkgconfig not 'libssl'. Debian doesn't include -lcrypto in libssl
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 28 Apr 2011 10:55:58 +0000 (11:55 +0100)]
Add --non-inter option
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 19 Apr 2011 20:30:46 +0000 (21:30 +0100)]
Update web page to document NetworkManager auth-dialog move
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Thomas Schwinge [Sun, 5 Dec 2010 21:12:18 +0000 (22:12 +0100)]
Clarify that --script [...] will be evaluated by the shell.
Signed-off-by: Thomas Schwinge <thomas@codesourcery.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 19 Apr 2011 13:50:25 +0000 (14:50 +0100)]
Tag version 3.02
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Ray Kohler [Tue, 22 Mar 2011 19:35:57 +0000 (15:35 -0400)]
Fix manpage formatting
Adding back a period at the start of this file fixes the broken
formatting.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 19 Apr 2011 12:01:17 +0000 (13:01 +0100)]
Clear cached peer_addr where necessary.
If the user declined to manually accept a certificate in the NetworkManager
auth-dialog, and the SSL_connect() failed, we were still keeping the cached
peer_addr around. So even after the user chose *another* host to connect to,
we weren't actually doing another DNS lookup; we were just continuing to
connect to the old address.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 22 Mar 2011 14:15:23 +0000 (14:15 +0000)]
Use pkgconfig for libssl.
Taken from the Gentoo portage. Either they hadn't bothered to send me
the patch, or I had dropped it.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 17 Mar 2011 21:16:13 +0000 (21:16 +0000)]
Bump library API for openconnect_vpninfo_free() addition
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
projects / platform / upstream / openconnect.git / log