review.tizen.org Git - platform/upstream/openconnect.git/log

projects / platform / upstream / openconnect.git / log

David Woodhouse [Sun, 31 May 2009 21:18:43 +0000 (22:18 +0100)]

Ask for PKCS#12 passphrase if we need it

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

David Woodhouse [Sun, 31 May 2009 20:39:09 +0000 (21:39 +0100)]

Only use issuer certificate if X509_STORE_CTX_get1_issuer() succeeded.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sun, 31 May 2009 19:00:16 +0000 (20:00 +0100)]

Work around OpenSSL bug with certificate chains.

This will probably be RT#1942 -- OpenSSL will look up issuer
certificates by name, but there might be more than one certificate in
the trust chain with the same name, and it doesn't make sure it gets the
right one. The server suffers this bug too, which is why the client has
to submit the full trust chain with its own certificate.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sun, 31 May 2009 18:38:27 +0000 (19:38 +0100)]

Include only useful certificates from PKCS#12 file

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sun, 31 May 2009 14:33:56 +0000 (15:33 +0100)]

Add PKCS#12 support

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Thu, 28 May 2009 19:24:53 +0000 (20:24 +0100)]

Add option to generate PEM passphrase from fsid

This is entirely stupid; some corporations have a policy which requires
that we make some token effort to 'prevent' people from moving
certificates from machine to machine -- even if it's trivially
bypassable.

So they accept idiotic nonsense like the 'non-exportable' flag in the
Windows certificate store (despite the existence of tools like Jailbreak
http://www.isecpartners.com/jailbreak.html) and they accept this stupid
trick to use a passphrase which is taken from the file system's fsid --
on the basis that if you copy the certificate file to another machine,
the fsid will be different and you might actually have to sober up and
spend more than 5 seconds thinking about it before you can use the
copied certificate.

Obviously you lose the protection of a _real_ passphrase, but that was
redundant anyway in the case where they use two-stage authentication and
ask for a RADIUS password after your certificate is accepted.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Thu, 28 May 2009 16:09:41 +0000 (17:09 +0100)]

Allow PEM passphrase to be set on command line

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 27 May 2009 12:54:51 +0000 (13:54 +0100)]

Tag version 1.40

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 27 May 2009 12:54:30 +0000 (13:54 +0100)]

update changelog for 1.40

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 27 May 2009 10:38:55 +0000 (11:38 +0100)]

Retry passphrase entry when it's wrong

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 27 May 2009 10:19:50 +0000 (11:19 +0100)]

Report SSL errors through vpninfo->progress()

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 27 May 2009 08:41:28 +0000 (09:41 +0100)]

Fix double-free of vpninfo->dtls_cipher

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Tue, 26 May 2009 18:00:21 +0000 (19:00 +0100)]

Pass only the signature of the server's cert from NetworkManager.

Since we run openconnect as an unprivileged user, it may not be able to
read the original trust chain and validate the certificate for itself.
But since the auth-dialog has already connected to the server and done
the authentication, it can just give us the known signature for the
certificate the server is using today...

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Tue, 26 May 2009 17:59:58 +0000 (18:59 +0100)]

Reconnect after SSL write fails

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 13 May 2009 12:46:22 +0000 (13:46 +0100)]

Tag version 1.30

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 13 May 2009 12:46:12 +0000 (13:46 +0100)]

changelog for 1.30 release

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sun, 10 May 2009 23:05:16 +0000 (00:05 +0100)]

Add changelog entry for form saving

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sun, 10 May 2009 09:28:33 +0000 (10:28 +0100)]

Handle dependencies on stuff like gconf/gtk better.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 9 May 2009 16:45:37 +0000 (17:45 +0100)]

Avoid duplicate form entries, especially in wrong order

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 9 May 2009 16:16:12 +0000 (17:16 +0100)]

Remember form entries

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 9 May 2009 15:43:24 +0000 (16:43 +0100)]

Ensure prompt overrides are honoured for default selection

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 9 May 2009 15:23:48 +0000 (16:23 +0100)]

Use form answers from gconf

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 9 May 2009 15:14:40 +0000 (16:14 +0100)]

Allow default settings for UI form elements to be set

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 9 May 2009 15:13:49 +0000 (16:13 +0100)]

Fix default result for combobox

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 9 May 2009 14:31:09 +0000 (15:31 +0100)]

Import web page into git where it'll be easier to manage.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

commit | commitdiff | tree

David Woodhouse [Sat, 9 May 2009 14:06:08 +0000 (15:06 +0100)]

Fix up TODO list. We seem to have done everything that was in there before.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Fri, 8 May 2009 18:56:06 +0000 (19:56 +0100)]

Tag version 1.20

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Fri, 8 May 2009 18:32:34 +0000 (19:32 +0100)]

Handle parameters in messages

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Fri, 8 May 2009 18:02:51 +0000 (19:02 +0100)]

shift message handling into separate function

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Fri, 8 May 2009 17:55:20 +0000 (18:55 +0100)]

Don't set form->{banner,error,message} if it's empty

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Fri, 8 May 2009 17:46:51 +0000 (18:46 +0100)]

Abort when no login form opts

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Fri, 8 May 2009 17:46:36 +0000 (18:46 +0100)]

Ask user about authentication group

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Thu, 7 May 2009 19:48:00 +0000 (20:48 +0100)]

Allow auth group selection to be set on command line

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Thu, 7 May 2009 19:32:12 +0000 (20:32 +0100)]

apply configured username/password more selectively

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 2 May 2009 11:21:24 +0000 (12:21 +0100)]

Fix various bugs in split_{in,ex}clude list handling

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 29 Apr 2009 13:29:42 +0000 (14:29 +0100)]

Expose all CSTP options to script

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 29 Apr 2009 13:04:26 +0000 (14:04 +0100)]

Support proxy autoconfiguration

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 29 Apr 2009 12:54:51 +0000 (13:54 +0100)]

Add processing of Split-Exclude headers from server

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

Thomas Wood [Fri, 24 Apr 2009 19:22:33 +0000 (20:22 +0100)]

Add a command line option to continue in background after startup

[dwmw2: Don't add background flag to struct openconnect_info]
Signed-off-by: Thomas Wood <thomas.wood@intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Tue, 28 Apr 2009 15:18:47 +0000 (16:18 +0100)]

clean up printing of server disconnect message

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Fri, 24 Apr 2009 22:27:35 +0000 (23:27 +0100)]

Don't SEGV on empty selection

commit | commitdiff | tree

David Woodhouse [Fri, 24 Apr 2009 15:34:52 +0000 (16:34 +0100)]

Allow user to set DTLS ciphers

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Fri, 24 Apr 2009 15:27:17 +0000 (16:27 +0100)]

Handle failure to agree DTLS cipher more gracefully

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 16:32:15 +0000 (17:32 +0100)]

handle login button visibility

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 16:05:09 +0000 (17:05 +0100)]

silence warning about do_override_label func

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 15:56:43 +0000 (16:56 +0100)]

handle label overrides

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 15:22:28 +0000 (16:22 +0100)]

print banner/error/message only if they aren't empty

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 15:21:48 +0000 (16:21 +0100)]

handle select opts in NM UI

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 15:03:49 +0000 (16:03 +0100)]

Start at processing form directly instead of through OpenSSL UI

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 13:20:02 +0000 (14:20 +0100)]

create ssl_box_add_info()

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 13:16:42 +0000 (14:16 +0100)]

Don't print banner/error/message when empty

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 13:04:45 +0000 (14:04 +0100)]

Allow automatic vertical resize

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 12:52:26 +0000 (13:52 +0100)]

Allow process_auth_form() to be overridden in vpninfo

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 12:49:37 +0000 (13:49 +0100)]

drop request body args from process_form

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 12:48:10 +0000 (13:48 +0100)]

Add README.DTLS

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 12:27:16 +0000 (13:27 +0100)]

remove 'verbose' variable

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 12:25:58 +0000 (13:25 +0100)]

Clean up openconnect_obtain_cookie() return value

Bring it into line with other things. Zero for success, 1 for
cancellation, and -errno for errors.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 12:17:50 +0000 (13:17 +0100)]

Clean up parse_xml_response() and process_form() return values.

This was a mess; now it's simple. Return values are:
        0 when a form has been filled in and needs submitting
        1 for user cancellation
        2 when the xml indicated that login was already successful
        -errno for other errors

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 11:38:49 +0000 (12:38 +0100)]

move form definitions to openconnect.h

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 11:34:24 +0000 (12:34 +0100)]

Move append_form_opts() up to avoid having to declare it first

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 11:17:05 +0000 (12:17 +0100)]

rename form structures, basic documentation on string handling

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 11:12:26 +0000 (12:12 +0100)]

All input types process after user-interaction now

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 10:12:14 +0000 (11:12 +0100)]

Handle choice in append_form_opts() too

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 22 Apr 2009 10:06:39 +0000 (11:06 +0100)]

Move towards building form submission req _after_ processing input

... starting with just the hidden opts...

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Tue, 21 Apr 2009 00:29:07 +0000 (01:29 +0100)]

Fix banner/error messages, don't complain about submit/reset inputs

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Tue, 21 Apr 2009 00:21:59 +0000 (01:21 +0100)]

Split XML parsing from form handling

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Mon, 20 Apr 2009 14:18:54 +0000 (15:18 +0100)]

Move all authentication form handling to auth.c

...in preparation for fixing/rewriting it.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 18 Apr 2009 19:51:18 +0000 (20:51 +0100)]

version.c depends on Makefile too

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 18 Apr 2009 19:47:26 +0000 (20:47 +0100)]

Include version.c in tarballs

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 18 Apr 2009 19:20:20 +0000 (20:20 +0100)]

Add '-unknown' tag when git unavailable

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 18 Apr 2009 19:19:57 +0000 (20:19 +0100)]

Fix dependencies for version.c

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 18 Apr 2009 13:26:50 +0000 (14:26 +0100)]

DTLS: Use cipher specified by server, not the one from the TCP connection

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 18 Apr 2009 13:26:08 +0000 (14:26 +0100)]

Detect TCP connection closure; OpenSSL doesn't.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 18 Apr 2009 13:25:35 +0000 (14:25 +0100)]

Use TLSv1, not SSLv23 for TCP connection

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Sat, 18 Apr 2009 13:14:54 +0000 (14:14 +0100)]

Allow auth-type choice without authtype, since some people seem to need it

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Thu, 9 Apr 2009 16:07:44 +0000 (09:07 -0700)]

Fix description of --tpm-key option in man page too

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

Nick Andrew [Thu, 9 Apr 2009 15:23:27 +0000 (01:23 +1000)]

Whitespace cleanups

Remove trailing blanks; put whitespace around operators as
appropriate.

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

Nick Andrew [Thu, 9 Apr 2009 15:23:26 +0000 (01:23 +1000)]

Correct filename in the script comments

Script was renamed, so show the current name.

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

Nick Andrew [Thu, 9 Apr 2009 15:23:25 +0000 (01:23 +1000)]

URL no longer exists; here's an alternate

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

Nick Andrew [Thu, 9 Apr 2009 15:23:24 +0000 (01:23 +1000)]

Improve readability of progress message

"remaining timeout 8s" reads better than "remain timeout 8s".

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

Nick Andrew [Thu, 9 Apr 2009 15:23:23 +0000 (01:23 +1000)]

Fix a compile warning on fprintf argument

st.st_size is an off_t which should be printed using %ld.

Also add my (C) to openconnect.h

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

Nick Andrew [Thu, 9 Apr 2009 15:23:22 +0000 (01:23 +1000)]

Fix no-password progress report message

Clarify that the option is '--no-passwd' not 'nopasswd' (which is
the internal name for it).

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

Nick Andrew [Thu, 9 Apr 2009 15:23:21 +0000 (01:23 +1000)]

Fix description of --tpm-key option

The option name is --tpm-key, not --tpm.

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 1 Apr 2009 14:32:32 +0000 (15:32 +0100)]

Tag version 1.10

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit | commitdiff | tree

David Woodhouse [Wed, 1 Apr 2009 12:14:30 +0000 (13:14 +0100)]

no need to conditionally free urlpath

commit | commitdiff | tree

David Woodhouse [Wed, 1 Apr 2009 12:12:23 +0000 (13:12 +0100)]

Sanify urlpath settings... no longer include leading /

commit | commitdiff | tree

David Woodhouse [Tue, 31 Mar 2009 23:12:54 +0000 (00:12 +0100)]

show autoconnect option