David Woodhouse [Mon, 27 Jun 2011 11:26:37 +0000 (12:26 +0100)]
Check for repeated tags in 'make tag'
And remove the ifdef VERSION, since $(VERSION) is always defined now.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 27 Jun 2011 11:19:28 +0000 (12:19 +0100)]
Fix dist-hook to enforce being at $(VERSION)
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 27 Jun 2011 01:30:53 +0000 (02:30 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 27 Jun 2011 00:35:35 +0000 (01:35 +0100)]
Switch to using autohate :(
I really didn't want to do this, but much as I hate libtool it is the
easiest way to portably build shared libraries, and we really do need
to build libopenconnect as a shared library. And having used libtool
we might as well concede entirely and use autoconf/automake.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 27 Jun 2011 00:45:49 +0000 (01:45 +0100)]
Add openconnect_vpninfo_new_with_cbdata() function to ease C++ integration
C++ callers really want the 'self' object pointer to be the first argument
of the callbacks. Give them the chance to get that, instead of the vpninfo
pointer.
Preserve the old openconnect_vpninfo_new() call, even with the same
prototype for the callback functions, for compatibility with the existing
GNOME auth-dialog.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 29 May 2011 08:25:50 +0000 (09:25 +0100)]
Explicitly require pkg-config. It's not installed by default on OS X
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 29 May 2011 08:16:08 +0000 (09:16 +0100)]
Add 'reconnect' invocation of vpnc-script, to re-ensure routing/DNS setup
If we reconnect because of an actual local network disconnect/reconnect, then
something (DHCP, etc.) may have screwed up the routing and DNS according to
the local configuration. Give the script a chance to remedy that.
With iproute (i.e. modern Linux) it ought to work just to make vpnc-script
do the same as it does on 'connect'. For other systems it's somewhat harder.
For now vpnc-script will ignore it, anyway.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 11 May 2011 11:04:25 +0000 (12:04 +0100)]
Use 'openssl' pkgconfig not 'libssl'. Debian doesn't include -lcrypto in libssl
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 28 Apr 2011 10:55:58 +0000 (11:55 +0100)]
Add --non-inter option
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 19 Apr 2011 20:30:46 +0000 (21:30 +0100)]
Update web page to document NetworkManager auth-dialog move
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Thomas Schwinge [Sun, 5 Dec 2010 21:12:18 +0000 (22:12 +0100)]
Clarify that --script [...] will be evaluated by the shell.
Signed-off-by: Thomas Schwinge <thomas@codesourcery.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 19 Apr 2011 13:50:25 +0000 (14:50 +0100)]
Tag version 3.02
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Ray Kohler [Tue, 22 Mar 2011 19:35:57 +0000 (15:35 -0400)]
Fix manpage formatting
Adding back a period at the start of this file fixes the broken
formatting.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 19 Apr 2011 12:01:17 +0000 (13:01 +0100)]
Clear cached peer_addr where necessary.
If the user declined to manually accept a certificate in the NetworkManager
auth-dialog, and the SSL_connect() failed, we were still keeping the cached
peer_addr around. So even after the user chose *another* host to connect to,
we weren't actually doing another DNS lookup; we were just continuing to
connect to the old address.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 22 Mar 2011 14:15:23 +0000 (14:15 +0000)]
Use pkgconfig for libssl.
Taken from the Gentoo portage. Either they hadn't bothered to send me
the patch, or I had dropped it.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 17 Mar 2011 21:16:13 +0000 (21:16 +0000)]
Bump library API for openconnect_vpninfo_free() addition
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 17 Mar 2011 21:09:56 +0000 (21:09 +0000)]
Free cert after comparing it with sslkey.
There wasn't a use-after-free here, but it *looked* like it. Swap them anyway.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 17 Mar 2011 19:09:22 +0000 (19:09 +0000)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 17 Mar 2011 17:36:35 +0000 (17:36 +0000)]
Add openconnect_vpninfo_free(); start to sanify string lifetime rules.
- openconnect_set_http_proxy() now takes ownership of the proxy string
- fix openconnect_clear_cookie() to clear string properly, and only if set
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Ray Kohler [Fri, 11 Mar 2011 20:57:54 +0000 (15:57 -0500)]
Install target fixes
don't create /usr/libexec
do create /usr/share/man/man8 and install manpage there
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 23:13:32 +0000 (23:13 +0000)]
Tag version 3.01
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 23:12:56 +0000 (23:12 +0000)]
Add libxml to pkg-config requirements. Doh!
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 22:51:43 +0000 (22:51 +0000)]
Tag version 3.00
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 22:18:31 +0000 (22:18 +0000)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 22:49:56 +0000 (22:49 +0000)]
Remove auth-dialog. It lives in NetworkManager-openconnect now.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 22:27:30 +0000 (22:27 +0000)]
Add install-lib make target
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 21:38:32 +0000 (21:38 +0000)]
Remove 'reprompt' variable which does nothing
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 21:38:00 +0000 (21:38 +0000)]
Add a dummy use of 'thread' after creating it, to shut compiler up
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 21:33:02 +0000 (21:33 +0000)]
Make a bunch of functions static to avoid compiler warnings
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 21:29:42 +0000 (21:29 +0000)]
Fix shadowed declarations of global config_path
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 21:26:14 +0000 (21:26 +0000)]
Fix shadowed declarations of global gcl
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 21:10:42 +0000 (21:10 +0000)]
Fix shadowed declarations of global ui_data
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 17:52:25 +0000 (17:52 +0000)]
Add API version to header, fix include guard
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 17:51:16 +0000 (17:51 +0000)]
Add openconnect_get_version() function
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 17:41:38 +0000 (17:41 +0000)]
Fix namespace prefix on get_cert_sha1 function
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 17:38:28 +0000 (17:38 +0000)]
Hide openconnect_close_https() and openconnect_create_useragent()
These are no longer exposed
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 17:34:33 +0000 (17:34 +0000)]
Add accessor functions for library use, convert nm-auth-dialog to use them
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 17:13:38 +0000 (17:13 +0000)]
Remove vpn_name from struct openconnect_info. It's only used by the auth-dialog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 16:50:15 +0000 (16:50 +0000)]
Rename openconnect_parse_url() to internal_parse_url()
We only need to expose a simpler version of this
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 9 Mar 2011 16:15:14 +0000 (16:15 +0000)]
Split private parts of openconnect.h out into openconnect-internal.h
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 Feb 2011 21:19:52 +0000 (21:19 +0000)]
Make install commands work on Solaris
Apparently "install -m0755" doesn't work, but "install -m 0755" does.
Pointed out by Kazuyoshi Aizawa.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Keith Moyer [Fri, 26 Nov 2010 19:18:45 +0000 (13:18 -0600)]
Add csd_wrapper gconf setting
Signed-off-by: Keith Moyer <openconnect-devel@keithmoyer.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 30 Nov 2010 08:40:10 +0000 (08:40 +0000)]
Put xml.o before main.o in build.
Just observed a strange failure when someone tried to override CFLAGS when
invoking make. It build main.o happily, but then fell over trying to build
xml.o. Then they tried again, overriding OPT_FLAGS instead. But main.o
wasn't rebuilt, and had been built without -DOPENCONNECT_LIBPROXY, hence
had a different 'struct openconnect_info' to the rest of the program, leading
to weird faults.
Ideally we ought to remember the flags used for each build and compare; the
kernel and chromium makefiles have the required magic for that which could
be easily stolen. But for now the easy fix is just to build xml.o first.
That way, if someone overrides CFLAGS they'll get an immediate failure and
no stray objects with wrong struct layout.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 30 Nov 2010 08:36:38 +0000 (08:36 +0000)]
Partly revert excessive renaming (s/passphrase_from_fsid/openconnect_\1/)
Commit
1c41ab12942fc05e9a9fa833bb9864727bb34f46 also renamed the internal
variable do_passphrase_from_fsid in main.c. Revert that part.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 29 Nov 2010 13:47:59 +0000 (13:47 +0000)]
Don't elide webvpn cookie if it's empty
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 24 Nov 2010 23:45:49 +0000 (23:45 +0000)]
Fix leak of form_buf on redirect/repost/etc
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Chaskiel Grundman [Mon, 11 Oct 2010 20:44:50 +0000 (16:44 -0400)]
Clean up auth form handling
Instead of scanning the login form and only displaying specific prompts,
display and record responses for all <input type="text">, and
<input type="password"> elements in the login form. It is still limited to
a single <select> element. The support for combining a securid code and pin
has also been removed.
Signed-off-by: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Paul Brook [Sat, 20 Nov 2010 02:45:04 +0000 (02:45 +0000)]
Add --csd-wrapper
Add option to run the CSD trojan via a user supplied script.
Signed-off-by: Paul Brook <paul@codesourcery.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 16 Nov 2010 13:59:38 +0000 (13:59 +0000)]
Fix help output for --servercert option
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 8 Sep 2010 21:31:08 +0000 (22:31 +0100)]
Clean up fingerprint routines
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 8 Sep 2010 21:26:17 +0000 (22:26 +0100)]
Namespace cleanup: s/parse_url/openconnect_parse_url/
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 8 Sep 2010 21:23:26 +0000 (22:23 +0100)]
Namespace cleanup: s/passphrase_from_fsid/openconnect_passphrase_from_fsid/
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 8 Sep 2010 21:21:06 +0000 (22:21 +0100)]
Namespace cleanup: s/set_http_proxy/openconnect_set_http_proxy/
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 20 Oct 2010 10:05:07 +0000 (11:05 +0100)]
Report and abort when cafile fails to open.
Slightly saner error handling would have prevented a wild goose chase
this morning.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 21 Sep 2010 23:05:36 +0000 (00:05 +0100)]
Tag version 2.26
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 21 Sep 2010 22:58:36 +0000 (23:58 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 3 Sep 2010 16:47:32 +0000 (17:47 +0100)]
Don't crash on relative redirect when original urlpath was NULL
Red Hat bug #629979
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 2 Sep 2010 23:31:09 +0000 (00:31 +0100)]
Android has /dev/tun, not /dev/net/tun
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 31 Aug 2010 23:52:43 +0000 (00:52 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 31 Aug 2010 23:52:15 +0000 (00:52 +0100)]
Update --script-tun description, remove non-existent --tun-fd from manpage.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 31 Aug 2010 23:19:23 +0000 (00:19 +0100)]
Fix host selection in NM auth-dialog
It wasn't actually clearing vpninfo->peer_addr, so we were always just
reconnecting to the first host, even when the user changed the selection.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 31 Aug 2010 16:58:04 +0000 (17:58 +0100)]
Use SSLv3 not TLSv1
There are servers (or firewalls) which apparently reject all connections with
any hello extensions. Seen with a Cisco VPN 3000.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 31 Aug 2010 16:57:18 +0000 (17:57 +0100)]
Check certificate expiry and complain
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Dominic Hargreaves [Sat, 28 Aug 2010 12:15:59 +0000 (13:15 +0100)]
Update status of Debian OpenSSL DTLS support
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Eric Barkie [Fri, 20 Aug 2010 18:44:57 +0000 (14:44 -0400)]
Never use protocol family prefixes with a TUN script.
Signed-off-by: Eric Barkie <ebarkie@us.ibm.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 12 Aug 2010 23:37:12 +0000 (00:37 +0100)]
Close existing connection and discard compressed packet in cstp_reconnect()
Both callers need to do this, so move it into the function.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 11 Aug 2010 23:14:35 +0000 (00:14 +0100)]
Implement DTLS and CSTP rekeying.
Don't know if there's a way to pass a new DTLS master secret and get
back a new session-id over an existing CSTP connection; reconnecting the
CSTP works though. And is the way to rekey CSTP too, since SSL
renegotiation got deprecated (we never got round to doing it that way
either, anyway).
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 7 Aug 2010 18:06:37 +0000 (19:06 +0100)]
Clean up option handling to use sane values for long-only options
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 7 Aug 2010 17:50:40 +0000 (18:50 +0100)]
Add --force-dpd option
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 7 Aug 2010 09:20:55 +0000 (10:20 +0100)]
Elide webvpn cookie from debugging output.
Hopefully this should help to stop users from posting them to the
mailing list.
The check in Exim to add a warning header if it detects a cookie, and the
Mailman rule to trap messages with that header for moderation, should also
help.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 27 May 2010 09:58:49 +0000 (10:58 +0100)]
Update ConnMan references
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 27 May 2010 09:54:40 +0000 (10:54 +0100)]
Link to knetworkmanager bug for OpenConnect support
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 15 May 2010 08:23:37 +0000 (09:23 +0100)]
Tag version 2.25
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 13 May 2010 09:45:12 +0000 (10:45 +0100)]
Compare cert IP address with that of the server... not the proxy
We mustn't use vpninfo->peer_addr when validating the server's
certificate, because that could be the address of the proxy if we're
using one. Use the result of running inet_pton() on the hostname instead.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 21:15:50 +0000 (22:15 +0100)]
Print UTF8 form of URI in messages, not raw form
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 21:10:29 +0000 (22:10 +0100)]
Make parse_url preserve its input string
It still screws with it as it parses it, but at least it puts it back now.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 21:04:01 +0000 (22:04 +0100)]
Don't match URIs with a path component
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 21:02:16 +0000 (22:02 +0100)]
Remove stray debugging printf
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 20:28:15 +0000 (21:28 +0100)]
Remove stray break which stopped processing altnames after the first GEN_DNS
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 20:22:07 +0000 (21:22 +0100)]
Use ASN1_STRING_to_UTF8 for altnames
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 19:51:50 +0000 (20:51 +0100)]
Fix handling of GEN_URI altnames.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 19:37:01 +0000 (20:37 +0100)]
Fix memory leak on non-200 HTTP result
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 18:09:34 +0000 (19:09 +0100)]
Fix handling of GEN_IPADD altnames.
In particular, the length of the altname wasn't the same as the length
of the corresponding sockaddr.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 18:03:40 +0000 (19:03 +0100)]
Accept GEN_IPADD certificate altneme for raw IPv6 address without [] too.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 14:25:46 +0000 (15:25 +0100)]
Handle wildcards in hostname matching
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 12 May 2010 11:39:23 +0000 (12:39 +0100)]
Attempt to handle GEN_IPADD in X509 altnames. Or at least not crash.
In particular, stop assuming that every altname is an ASN1_STRING and
using strlen() on what would be its data. If the untested support for
GEN_IPADD actually works, that's an added bonus.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 11 May 2010 12:44:14 +0000 (13:44 +0100)]
Add --no-cert-check option, update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 11 May 2010 11:17:57 +0000 (12:17 +0100)]
Add basic cert hostname matching
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 11 May 2010 10:59:40 +0000 (11:59 +0100)]
Add text-mode function for validating failed certs
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 11 May 2010 10:19:46 +0000 (11:19 +0100)]
Pass failure reason to validate_peer_cert()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 11 May 2010 10:14:41 +0000 (11:14 +0100)]
Always verify server certificate, even with no cafile
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 11 May 2010 09:42:47 +0000 (10:42 +0100)]
Clean up PKCS12_parse() bug workaround
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 10 May 2010 14:05:05 +0000 (15:05 +0100)]
Fix potential memory leak in load_pkcs12_certificate()
If there were certificates in the PKCS#12 file which didn't get used, they
would never be freed. Increase the refcount on the certs we _do_ use, and
then free the entire stack properly using sk_X509_pop_free().
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 10 May 2010 14:04:50 +0000 (15:04 +0100)]
Fix memory leak in verify_peer()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 9 May 2010 11:45:16 +0000 (12:45 +0100)]
Packages now in pkgsrc-wip
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 9 May 2010 00:46:53 +0000 (01:46 +0100)]
Update changelog, improve requirements documentation
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 9 May 2010 00:45:45 +0000 (01:45 +0100)]
Update README.DTLS to reflect current OpenSSL versions
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Pouya D. Tafti [Sat, 8 May 2010 20:33:23 +0000 (21:33 +0100)]
Fix libproxy support with pkgsrc
While preparing the new package I noticed that OpenConnect
was being built without libproxy support, due to the fact that
pkgsrc's libproxy installs proxy.h under ${PREFIX}/include and not
under ${PREFIX}/include/libproxy.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Pouya D. Tafti <p@san-serriffe.org>
David Woodhouse [Sat, 8 May 2010 19:14:51 +0000 (20:14 +0100)]
Make Solaris build more user-friendly w.r.t. installing TAP driver.
Tell the user what to do if the TAP driver is missing, and don't rely on them
removing Make.config so that the Makefile goes looking for it again.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 7 May 2010 19:11:44 +0000 (20:11 +0100)]
Tag version 2.24
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>