platform/upstream/openconnect.git
14 years agoFix typo in changelog
David Woodhouse [Sun, 10 Jan 2010 10:12:17 +0000 (10:12 +0000)]
Fix typo in changelog

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoUpdate changelog
David Woodhouse [Sat, 9 Jan 2010 19:25:47 +0000 (19:25 +0000)]
Update changelog

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoFix handling of HTTP 1.0 responses with Connection: Keep-Alive
David Woodhouse [Sat, 9 Jan 2010 13:13:15 +0000 (13:13 +0000)]
Fix handling of HTTP 1.0 responses with Connection: Keep-Alive

An HTTP 1.0 response can keepalive and have a Connection-Length: header,
and this is seen in some cases with the initial redirect when we connect
to a VPN server (Red Hat bug #553817). Fix and clean up the response
handling code accordingly.

I _really_ wish I didn't have to write my own HTTP code, and that one of
the available libraries was actually able to support SSL connections
with a certificate from a TPM.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoBe case-insensitive in HTTP fields (and comparing hostname for redirects)
David Woodhouse [Sat, 9 Jan 2010 13:09:48 +0000 (13:09 +0000)]
Be case-insensitive in HTTP fields (and comparing hostname for redirects)

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoCheck return value from asprintf()
David Woodhouse [Tue, 5 Jan 2010 12:53:35 +0000 (12:53 +0000)]
Check return value from asprintf()

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoCheck return value from system()
David Woodhouse [Tue, 5 Jan 2010 12:52:38 +0000 (12:52 +0000)]
Check return value from system()

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoTag version 2.20 v2.20
David Woodhouse [Mon, 4 Jan 2010 16:06:59 +0000 (16:06 +0000)]
Tag version 2.20

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoFix HTTP 1.0 body fetch.
David Woodhouse [Sun, 3 Jan 2010 18:28:35 +0000 (18:28 +0000)]
Fix HTTP 1.0 body fetch.

Not that we should ever really see one.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoFix handling of 'HTTP/1.1 100 Continue' response
David Woodhouse [Sun, 3 Jan 2010 18:22:40 +0000 (18:22 +0000)]
Fix handling of 'HTTP/1.1 100 Continue' response

When we jump back to 'cont' it needs to fetch the next response line,
not just check the existing contents of the buffer (which will be an
empty line).

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoReally, don't shut down SSL twice
David Woodhouse [Sun, 3 Jan 2010 18:18:53 +0000 (18:18 +0000)]
Really, don't shut down SSL twice

It's the one in redirect handling that needs to check whether the
connection is already closed. The one in process_http_response() can't
possibly happen when the connection is already closed.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoFree host URL after parsing
David Woodhouse [Sun, 3 Jan 2010 16:34:47 +0000 (16:34 +0000)]
Free host URL after parsing

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoMention SOCKS support in feature list
David Woodhouse [Sun, 3 Jan 2010 08:37:42 +0000 (08:37 +0000)]
Mention SOCKS support in feature list

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoClarify that -P argument takes a URL, admit to SOCKS support
David Woodhouse [Sun, 3 Jan 2010 08:37:26 +0000 (08:37 +0000)]
Clarify that -P argument takes a URL, admit to SOCKS support

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoClean up libproxy.h and if_tun.h detection for cross-compilation
David Woodhouse [Sat, 2 Jan 2010 19:55:44 +0000 (19:55 +0000)]
Clean up libproxy.h and if_tun.h detection for cross-compilation

Looking in /usr/include was silly. This is one thing that autoconf would
help with, but at a cost that I'm not really willing to pay.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoDon't include net/if_tun.h twice on Solaris
David Woodhouse [Sat, 2 Jan 2010 19:43:27 +0000 (19:43 +0000)]
Don't include net/if_tun.h twice on Solaris

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoRemove SOCKS from TODO list
David Woodhouse [Sat, 2 Jan 2010 17:32:02 +0000 (17:32 +0000)]
Remove SOCKS from TODO list

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoUse $https_proxy environment variable, if set.
David Woodhouse [Sat, 2 Jan 2010 14:28:39 +0000 (14:28 +0000)]
Use $https_proxy environment variable, if set.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoDisable libproxy by default
David Woodhouse [Sat, 2 Jan 2010 14:26:52 +0000 (14:26 +0000)]
Disable libproxy by default

Most people don't need to go through a proxy, but might have one
configured anyway for https because it's harmless. But it's _not_ actually
harmless for openconnect, because it'll prevent DTLS from working. So if
a user really needs proxy support, let them ask for it.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoUpdate changelog
David Woodhouse [Sat, 2 Jan 2010 13:33:00 +0000 (13:33 +0000)]
Update changelog

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoFix up DTLS vs. reconnection address confusion
David Woodhouse [Sat, 2 Jan 2010 14:01:24 +0000 (14:01 +0000)]
Fix up DTLS vs. reconnection address confusion

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoAdd SOCKS5 support
David Woodhouse [Sat, 2 Jan 2010 13:17:48 +0000 (13:17 +0000)]
Add SOCKS5 support

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoFix non-libproxy build
David Woodhouse [Sat, 2 Jan 2010 13:19:02 +0000 (13:19 +0000)]
Fix non-libproxy build

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoFix use-after-free of UI elements (RH bug #551665)
David Woodhouse [Sat, 2 Jan 2010 11:03:47 +0000 (11:03 +0000)]
Fix use-after-free of UI elements (RH bug #551665)

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoAdd libproxy support, conditionally
David Woodhouse [Sat, 2 Jan 2010 00:43:34 +0000 (00:43 +0000)]
Add libproxy support, conditionally

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoUse URL in example command line
David Woodhouse [Sat, 2 Jan 2010 00:18:21 +0000 (00:18 +0000)]
Use URL in example command line

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoHandle IPv6 literal [] in connection, accept https:// URL for server
David Woodhouse [Fri, 1 Jan 2010 22:54:25 +0000 (22:54 +0000)]
Handle IPv6 literal [] in connection, accept https:// URL for server

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoUpdate copyright years
David Woodhouse [Fri, 1 Jan 2010 22:12:15 +0000 (22:12 +0000)]
Update copyright years

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoAdd proxy support (based on Pál Dorogi's version)
David Woodhouse [Fri, 1 Jan 2010 22:09:25 +0000 (22:09 +0000)]
Add proxy support (based on Pál Dorogi's version)

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoHandle IPv6 server correctly when setting $VPNGATEWAY
David Woodhouse [Fri, 1 Jan 2010 17:51:18 +0000 (17:51 +0000)]
Handle IPv6 server correctly when setting $VPNGATEWAY

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoFix various memory leaks, mostly with libxml
David Woodhouse [Fri, 1 Jan 2010 10:45:21 +0000 (10:45 +0000)]
Fix various memory leaks, mostly with libxml

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoDon't shut down SSL twice
David Woodhouse [Fri, 1 Jan 2010 10:44:41 +0000 (10:44 +0000)]
Don't shut down SSL twice

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoAdd parse_url() function, which will be useful for proxies too
David Woodhouse [Fri, 25 Dec 2009 00:40:29 +0000 (00:40 +0000)]
Add parse_url() function, which will be useful for proxies too

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoClean up redirection, support non-standard port
David Woodhouse [Wed, 23 Dec 2009 22:33:10 +0000 (22:33 +0000)]
Clean up redirection, support non-standard port

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoTag version 2.12 v2.12
David Woodhouse [Mon, 7 Dec 2009 16:40:34 +0000 (16:40 +0000)]
Tag version 2.12

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoUpdate changelog
David Woodhouse [Mon, 7 Dec 2009 16:40:21 +0000 (16:40 +0000)]
Update changelog

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoReconnect CSTP to the previously-used IP address; don't redo DNS lookup
David Woodhouse [Mon, 7 Dec 2009 16:32:40 +0000 (16:32 +0000)]
Reconnect CSTP to the previously-used IP address; don't redo DNS lookup

Some people use a fucking stupid schizoDNS setup where they abuse the
real public domain name "company.com" for internal machines, rather than
using a separate and unambiguous domain like "company.internal".

Some people compound this mistake by having some hosts which don't even
_exist_ in the internal domain, or worse which get different IP
addresses depending on which version of the domain you're in.

So if you're already on the VPN and have configured DNS for it, looking
up "vpnserver.company.com" isn't necessarily such a cunning thing to do.
We're _already_ remembering the IP address of the server, so that DTLS
can use it. Just ensure that it's getting cleared correctly on HTTP
redirects, then use it for HTTP reconnections too.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoFix buffer overrun in useragent. Use asprintf
David Woodhouse [Mon, 7 Dec 2009 16:14:00 +0000 (16:14 +0000)]
Fix buffer overrun in useragent. Use asprintf

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoTry to clean up os-dependent tun handling a bit. Fix OSX IPv6, DragonflyBSD
David Woodhouse [Wed, 18 Nov 2009 17:09:30 +0000 (17:09 +0000)]
Try to clean up os-dependent tun handling a bit. Fix OSX IPv6, DragonflyBSD

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoTag version 2.11 v2.11
David Woodhouse [Tue, 17 Nov 2009 15:01:13 +0000 (15:01 +0000)]
Tag version 2.11

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoMinor web page updates
David Woodhouse [Tue, 17 Nov 2009 12:18:05 +0000 (12:18 +0000)]
Minor web page updates

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoWarn about lack of DTLS compatibility at build time
David Woodhouse [Tue, 17 Nov 2009 11:34:40 +0000 (11:34 +0000)]
Warn about lack of DTLS compatibility at build time

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoNote that the 2009-11-16 version of Solaris tun/tap driver is required for IPv6
David Woodhouse [Mon, 16 Nov 2009 13:20:43 +0000 (13:20 +0000)]
Note that the 2009-11-16 version of Solaris tun/tap driver is required for IPv6

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoUpdate IPv6 references in documentation
David Woodhouse [Fri, 13 Nov 2009 16:54:39 +0000 (16:54 +0000)]
Update IPv6 references in documentation

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoAdd IPv6 support for FreeBSD
David Woodhouse [Fri, 13 Nov 2009 16:23:05 +0000 (16:23 +0000)]
Add IPv6 support for FreeBSD

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoPass IPv6 routes separately from Legacy IP routes
David Woodhouse [Wed, 11 Nov 2009 00:32:19 +0000 (00:32 +0000)]
Pass IPv6 routes separately from Legacy IP routes

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoCalculate client cert MD5 for CSD with all cert types, when needed
David Woodhouse [Mon, 9 Nov 2009 12:03:09 +0000 (12:03 +0000)]
Calculate client cert MD5 for CSD with all cert types, when needed

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoClean up error reporting when cert/key can't be loaded
David Woodhouse [Mon, 9 Nov 2009 10:55:21 +0000 (10:55 +0000)]
Clean up error reporting when cert/key can't be loaded

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoUpdate note on OpenSSL versions
David Woodhouse [Mon, 9 Nov 2009 01:46:11 +0000 (01:46 +0000)]
Update note on OpenSSL versions

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoClean up fsid routines, use asprintf()
David Woodhouse [Fri, 6 Nov 2009 11:26:59 +0000 (11:26 +0000)]
Clean up fsid routines, use asprintf()

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoCheck for alloc failure in cookie addition
David Woodhouse [Fri, 6 Nov 2009 11:16:22 +0000 (11:16 +0000)]
Check for alloc failure in cookie addition

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoConsolidate http cookie addition
David Woodhouse [Fri, 6 Nov 2009 11:16:08 +0000 (11:16 +0000)]
Consolidate http cookie addition

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
14 years agoWarn when running Linux CSD trojan on non-Linux system
David Woodhouse [Thu, 5 Nov 2009 12:26:10 +0000 (12:26 +0000)]
Warn when running Linux CSD trojan on non-Linux system

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoTag version 2.10 v2.10
David Woodhouse [Wed, 4 Nov 2009 09:38:05 +0000 (09:38 +0000)]
Tag version 2.10

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoWeb page update
David Woodhouse [Wed, 4 Nov 2009 08:55:26 +0000 (08:55 +0000)]
Web page update

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoChange csd user option name
David Woodhouse [Wed, 4 Nov 2009 07:56:13 +0000 (07:56 +0000)]
Change csd user option name

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoPoint to vpnc-scripts repo for Solaris
David Woodhouse [Tue, 3 Nov 2009 19:25:59 +0000 (19:25 +0000)]
Point to vpnc-scripts repo for Solaris

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoNetmask is optional
David Woodhouse [Tue, 3 Nov 2009 18:51:48 +0000 (18:51 +0000)]
Netmask is optional

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoSet $INTERNAL_IP4_NETMASKLEN and $INTERNAL_IP4_NETADDR correctly.
David Woodhouse [Tue, 3 Nov 2009 18:51:15 +0000 (18:51 +0000)]
Set $INTERNAL_IP4_NETMASKLEN and $INTERNAL_IP4_NETADDR correctly.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoAdd OpenSolaris support to doc
David Woodhouse [Tue, 3 Nov 2009 16:10:15 +0000 (16:10 +0000)]
Add OpenSolaris support to doc

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoAdd tun/tap support for Solaris
David Woodhouse [Tue, 3 Nov 2009 16:07:22 +0000 (16:07 +0000)]
Add tun/tap support for Solaris

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoMove tunnel shutdown into tun.c
David Woodhouse [Tue, 3 Nov 2009 15:43:25 +0000 (15:43 +0000)]
Move tunnel shutdown into tun.c

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoFix includes for Solaris
David Woodhouse [Tue, 3 Nov 2009 15:40:05 +0000 (15:40 +0000)]
Fix includes for Solaris

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoUse AI_NUMERICSERV; don't rely on https being in /etc/services. Yay Solaris!
David Woodhouse [Tue, 3 Nov 2009 15:39:32 +0000 (15:39 +0000)]
Use AI_NUMERICSERV; don't rely on https being in /etc/services. Yay Solaris!

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoUse statvfs() on Solaris
David Woodhouse [Tue, 3 Nov 2009 15:38:45 +0000 (15:38 +0000)]
Use statvfs() on Solaris

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoProvide local implementation of strcasestr for Solaris
David Woodhouse [Tue, 3 Nov 2009 15:38:02 +0000 (15:38 +0000)]
Provide local implementation of strcasestr for Solaris

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoClarify the fact that DTLS support isn't required
David Woodhouse [Mon, 2 Nov 2009 12:18:24 +0000 (12:18 +0000)]
Clarify the fact that DTLS support isn't required

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoDocumentation updates
David Woodhouse [Mon, 2 Nov 2009 10:39:46 +0000 (10:39 +0000)]
Documentation updates

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoEnable IPv6
David Woodhouse [Mon, 2 Nov 2009 10:36:20 +0000 (10:36 +0000)]
Enable IPv6

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoAttempt to handle IPv6
David Woodhouse [Mon, 2 Nov 2009 10:28:48 +0000 (10:28 +0000)]
Attempt to handle IPv6

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoKill packet type field; IPv6 and Legacy IP are carried identically
David Woodhouse [Mon, 2 Nov 2009 09:54:51 +0000 (09:54 +0000)]
Kill packet type field; IPv6 and Legacy IP are carried identically

... so there's no need to remember what type of packet it is.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoChange verbosity with SIGUSR[12]
David Woodhouse [Mon, 19 Oct 2009 05:40:31 +0000 (14:40 +0900)]
Change verbosity with SIGUSR[12]

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoMove TCP closure detection to cstp.c, make it reconnect when it happens
David Woodhouse [Mon, 19 Oct 2009 02:56:44 +0000 (11:56 +0900)]
Move TCP closure detection to cstp.c, make it reconnect when it happens

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoHandle SIGTERM and disconnect cleanly
David Woodhouse [Thu, 8 Oct 2009 16:44:21 +0000 (17:44 +0100)]
Handle SIGTERM and disconnect cleanly

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoAdd .PHONY target to Makefile
Erik Mouw [Mon, 5 Oct 2009 19:53:05 +0000 (21:53 +0200)]
Add .PHONY target to Makefile

Signed-off-by: Erik Mouw <mouw@nl.linux.org>
15 years agoAdded target realclean that also removes backup files
Erik Mouw [Mon, 21 Sep 2009 11:40:04 +0000 (13:40 +0200)]
Added target realclean that also removes backup files

Signed-off-by: Erik Mouw <mouw@nl.linux.org>
15 years agoCheck return value of write(2) and print an error if it fails.
Erik Mouw [Mon, 21 Sep 2009 10:55:50 +0000 (12:55 +0200)]
Check return value of write(2) and print an error if it fails.

Signed-off-by: Erik Mouw <mouw@nl.linux.org>
15 years agoGit should ignore backup files and Emacs temp files
Erik Mouw [Mon, 21 Sep 2009 10:47:32 +0000 (12:47 +0200)]
Git should ignore backup files and Emacs temp files

Signed-off-by: Erik Mouw <mouw@nl.linux.org>
15 years agoSave errno because fprintf() could overwrite it
Erik Mouw [Mon, 21 Sep 2009 10:45:56 +0000 (12:45 +0200)]
Save errno because fprintf() could overwrite it

Signed-off-by: Erik Mouw <mouw@nl.linux.org>
15 years agoopen(2) returns a negative value in case of an error
Erik Mouw [Mon, 21 Sep 2009 10:40:49 +0000 (12:40 +0200)]
open(2) returns a negative value in case of an error

The previous test was !config_fd which fails exactly when most needed
(i.e.: when open(2) actually returns an error). The correct test is to
check for negative return values.

Signed-off-by: Erik Mouw <mouw@nl.linux.org>
15 years agoFix compiler warnings
David Woodhouse [Sat, 3 Oct 2009 09:54:34 +0000 (10:54 +0100)]
Fix compiler warnings

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoFix compiler warnings with OpenSSL 1.0.0
David Woodhouse [Sat, 3 Oct 2009 09:54:19 +0000 (10:54 +0100)]
Fix compiler warnings with OpenSSL 1.0.0

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoUpdate changelog for HEAD, update distro status
David Woodhouse [Sat, 3 Oct 2009 09:06:49 +0000 (10:06 +0100)]
Update changelog for HEAD, update distro status

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoFix bye packet length
David Woodhouse [Sat, 3 Oct 2009 08:59:25 +0000 (09:59 +0100)]
Fix bye packet length

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoRecognise private keys generated with OpenSSL 1.0.0 (Fedora 12)
David Woodhouse [Sat, 3 Oct 2009 08:50:24 +0000 (09:50 +0100)]
Recognise private keys generated with OpenSSL 1.0.0 (Fedora 12)

These say '-----BEGIN ENCRYPTED PRIVATE KEY-----'.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoRequire "--setuid-csd=USER" option for servers with CSD functionality.
Adam Piątyszek [Mon, 21 Sep 2009 21:43:41 +0000 (23:43 +0200)]
Require "--setuid-csd=USER" option for servers with CSD functionality.

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
15 years agoMerge remote branch 'upstream/master'
Adam Piątyszek [Thu, 17 Sep 2009 20:08:42 +0000 (22:08 +0200)]
Merge remote branch 'upstream/master'

15 years agoFix disconnect packet
David Woodhouse [Thu, 17 Sep 2009 12:48:45 +0000 (13:48 +0100)]
Fix disconnect packet

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoProvide a list of authors and contributors
Adam Piątyszek [Fri, 21 Aug 2009 20:29:38 +0000 (22:29 +0200)]
Provide a list of authors and contributors

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
15 years agoDrop root privileges during execution of CSD script
Adam Piątyszek [Fri, 21 Aug 2009 20:27:59 +0000 (22:27 +0200)]
Drop root privileges during execution of CSD script

A new option "--setuid-csd=USER" is provided, which means that
a separate user can be used for CSD script execution.

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
15 years agoDon't try to do SSL negotiation on a socket which failed to connect
David Woodhouse [Thu, 20 Aug 2009 11:10:33 +0000 (12:10 +0100)]
Don't try to do SSL negotiation on a socket which failed to connect

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoDrop root privileges before running CSD code
Antonio Borneo [Fri, 7 Aug 2009 08:43:44 +0000 (10:43 +0200)]
Drop root privileges before running CSD code

This functionallity requires a valid user provided on the command
line with "-U".

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
15 years agoFix compile time warning
Antonio Borneo [Fri, 7 Aug 2009 08:42:31 +0000 (10:42 +0200)]
Fix compile time warning

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
15 years agoFix Makefile so "make clean" removes nm-openconnect-auth-dialog
Adam Piątyszek [Tue, 4 Aug 2009 20:05:04 +0000 (22:05 +0200)]
Fix Makefile so "make clean" removes nm-openconnect-auth-dialog

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
15 years agoUpdate .gitignore (anyconnect -> openconnect)
Adam Piątyszek [Tue, 4 Aug 2009 20:04:00 +0000 (22:04 +0200)]
Update .gitignore (anyconnect -> openconnect)

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
15 years agoAdmit --useragent option
David Woodhouse [Tue, 4 Aug 2009 19:18:03 +0000 (20:18 +0100)]
Admit --useragent option

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoAdmit CSD support
David Woodhouse [Tue, 4 Aug 2009 19:17:26 +0000 (20:17 +0100)]
Admit CSD support

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
15 years agoMerge branch 'master' of git://git.infradead.org/~ediap/openconnect-csd2
David Woodhouse [Tue, 4 Aug 2009 19:14:06 +0000 (20:14 +0100)]
Merge branch 'master' of git://git.infradead.org/~ediap/openconnect-csd2

15 years agoSupport cookies in a CSD way
Antonio Borneo [Sun, 2 Aug 2009 18:26:43 +0000 (20:26 +0200)]
Support cookies in a CSD way

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
15 years agoUse common implementation for get_cert_XYZ_fingerprint() functions
Adam Piątyszek [Sun, 2 Aug 2009 18:24:58 +0000 (20:24 +0200)]
Use common implementation for get_cert_XYZ_fingerprint() functions

Specialized functions get_gert_md5_fingerprint() and
get_cert_sha1_fingerprint() call get_cert_fingerprint() function.

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
15 years agoPass MD5 fingerprints of client/server certificates to the CSD script
Adam Piątyszek [Sun, 2 Aug 2009 17:20:32 +0000 (19:20 +0200)]
Pass MD5 fingerprints of client/server certificates to the CSD script

Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>