Don't free cookies when a redirect sends you back to the same host

Fix HTTP redirect handling for non-root URLs

use a string for autoconnect, not a bool. Otherwise, the NM configuration bits get confused

autoconnect depending on gconf, not #ifdefs

remember last connected host

use configured hostname in list, not 'VPN Gateway'

don't duplicate configured host in list

Merge branch 'nm-ui-rewrite' of git://github.com/jku/openconnect

Tag version 1.00

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Merge branch 'master' into nm-ui-rewrite

Conflicts:

nm-auth-dialog.c

make cert validation dialog smaller (nicer on small screens)

fix crasher: cert validation dialog must run in main loop

Merge branch 'fixes' of git://github.com/jku/openconnect

add gthread-2.0 to cflags and libs

Fix memory leak on handled packets

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

fix regression with return values

return 0 only when there really is a cookie

fix login button mnemonic

minor UI improvements

fix handling of long labels

now usingwidget_set_size_request(), which isn't ideal but better than
before

add log textview

fix return values on error and on window close

fix possible thread synchronization bug

minor ui fixes, better dialog default size

add NM_AUTH_DIALOG_AUTOCONNECT compile flag

connects to the default host when dialog opens

fix possible race condition in form entry creation/submission

fix details in handling the challenge-response cycle

clear ssl form on ui_open()

refactor nm-openconnect-auth-dialog main()

rewrite nm-openconnect-auth-dialog, integrate ssl dialogs

ssl UI fragments get inserted into the authentication dialog.
openconnect_obtain_cookie() is now run in a worker thread
to keep UI responsive.

support user cancel in openconnect_obtain_cookie()

    Note changed return values:
     < 0  error
     = 0  no cookie (user cancel)
     = 1  obtained cookie

ssl_ui_gtk: fix flusher return value

Return value for user cancel is -1.

improve ssl ui dialogs

Make dialogs show up in taskbar and pager, add window titles.

use GTK_STOCK_DIALOG_AUTHENTICATION as default icon

improve nm-auth-dialog dialogs

Make dialogs show up in taskbar and pager, add window titles.
Make 'window close' work as cancel in host selection.
Add 'name' to openconnect_info struct.

Tag version 0.99

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

quit on interrupted sleep

Quit openconnect if sleep was interrupted by signal(e.g. ^C).

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

use adaptive reconnect_interval

Start reconnect attempts in 10s interval and enlarge
the interval by 10s each time until it reaches 100s.

This makes reasonable retry density for both small/large reconnect timeouts.

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

fix SEGV on lost connection

Stop cstp_bye() when the https connection was already lost.

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

add option --reconnect-timeout

Users could specify large reconnect-timeout to
survive unstable network connections.

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

After DPD, keep retrying to connect for longer.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix select µsec calculation to avoid integer overflow.
Pointed out by Sergey Svishchev.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

NetBSD fixes from Sergey Svishchev

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Turn certsigs gconf key into a string.

Otherwise, NetworkManager will keep deleting it.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Don't keep retrying DTLS if OpenSSL doesn't support it

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tag version 0.98

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix up licensing headers

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove OpenSSL patches

They can be handled separately. Two are upstream already, and the other
one needs redoing anyway.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tag version 0.97

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Allow empty 'select' choice element in auth form.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use NULL not 0 for pointers

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Forget password after using it once

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Ask user to accept certs in NM auth-dialog

We store the signature of accepted certs in gconf.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix cert valididation with CA files, allow manual cert validation callback.

We need to clear the 'purpose' field, because we seem to be using
certificates which don't have that correctly set, and that causes normal
certificate validation to fail.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Report reason for 'service unavailable' results from server

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add --no-passwd option. When certificate fails, fail immediately.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Set vpninfo->progress earlier to avoid segfaults with XML file

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add man page

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use -s for tag commits

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use vpninfo->progress for more messages, instead of printf/perror

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tag version 0.96

Allow SecurID tokens to be scripted/generated

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Allow queue length to be configured

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Limit outgoing packet queue length

If we were using TCP and the socket stalled, we'd just keep sucking
packets from the kernel, allocating memory and queuing them
internally with no limit except the size of the swap space. Not clever.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove unused variable 'success'

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Treat an empty cookie (null string) as undefined

This allows bootstrapping a cookie file. Initially do:
  echo '' > cookie-file

In the setup script, write the received cookie value to the
cookie file, so it will be used next time the VPN is started.

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Reorder options string; remove extra 'h'

Put the options string into alphabetical order and remove a dupe 'h'.

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add option to read password from standard input

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove argument from some long options

These long options do not take an argument:

  --script-tun
  --tpm-key
  --verbose
  --version

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Flush X event queue after closing dialog

detect success from auth_id

Handle SecurID pin in next_tokencode mode too

Use separate prompt for SecurID PIN

Use prompts from server

Handle split-includes

Add --setuid option to drop privs after connect.

Add --syslog option

don't report quit message twice

Fix Ctrl-C handling

Move to using select() instead of poll(). poll() doesn't work on MacOS

Rip the OpenSSL UI bits out on Linux too; it was just an example.

Add MacOS support to tun.c

Build fixes for MacOS

Remove the MTU hack; it didn't work anyway, and we fixed the real bug

Build fixes for MacOS

Fix bogus indenting

Document $(OPENSSL) use case a little better

Tag version 0.95

Update patches

include ctype.h

Kill dtls_state, fix --no-dtls

Handle disconnect request gracefully

initialise combo box entry counter

fix broken memset

Tag version 0.94

cookie on stdin

Handle 'script' going away

Add option for passing all traffic to a filedescript of the 'script'

This means we can just make it run something using lwip to provide a
SOCKS server.

move environment setting to separate function

print ifname

Use pointopoint mode