David Woodhouse [Wed, 1 Oct 2008 16:31:31 +0000 (17:31 +0100)]
support mangling in SecurID PIN
David Woodhouse [Wed, 1 Oct 2008 16:07:41 +0000 (17:07 +0100)]
quieten a little more, don't get name twice
David Woodhouse [Wed, 1 Oct 2008 15:54:50 +0000 (16:54 +0100)]
don't remember username if not from command line
David Woodhouse [Wed, 1 Oct 2008 15:17:08 +0000 (16:17 +0100)]
slight cleanup
David Woodhouse [Wed, 1 Oct 2008 14:41:00 +0000 (15:41 +0100)]
Attempt second form
David Woodhouse [Wed, 1 Oct 2008 13:20:26 +0000 (14:20 +0100)]
remember username
David Woodhouse [Wed, 1 Oct 2008 13:17:37 +0000 (14:17 +0100)]
move more form handling out into separate function
David Woodhouse [Wed, 1 Oct 2008 12:59:02 +0000 (13:59 +0100)]
move error and message stuff into UI; print cookie
David Woodhouse [Wed, 1 Oct 2008 12:53:47 +0000 (13:53 +0100)]
username has to be allocated since we might free it
David Woodhouse [Wed, 1 Oct 2008 12:42:16 +0000 (13:42 +0100)]
use username if given
David Woodhouse [Wed, 1 Oct 2008 12:38:39 +0000 (13:38 +0100)]
Add user argument
David Woodhouse [Wed, 1 Oct 2008 12:38:16 +0000 (13:38 +0100)]
echo input
David Woodhouse [Wed, 1 Oct 2008 12:31:33 +0000 (13:31 +0100)]
use OpenSSL UI for prompting user. Don't abort on login fail
David Woodhouse [Wed, 1 Oct 2008 12:17:20 +0000 (13:17 +0100)]
Attempt form handling
David Woodhouse [Wed, 1 Oct 2008 12:01:35 +0000 (13:01 +0100)]
attempt to handle POST
David Woodhouse [Wed, 1 Oct 2008 11:56:11 +0000 (12:56 +0100)]
let method change
David Woodhouse [Wed, 1 Oct 2008 11:51:26 +0000 (12:51 +0100)]
Submit cookies with request
David Woodhouse [Wed, 1 Oct 2008 11:47:00 +0000 (12:47 +0100)]
Handle cookie deletion properly
David Woodhouse [Wed, 1 Oct 2008 11:27:21 +0000 (12:27 +0100)]
start to parse xml response
David Woodhouse [Wed, 1 Oct 2008 11:01:26 +0000 (12:01 +0100)]
move cookie func to http.c
David Woodhouse [Wed, 1 Oct 2008 11:00:35 +0000 (12:00 +0100)]
Single function to obtain cookie
David Woodhouse [Wed, 1 Oct 2008 10:59:41 +0000 (11:59 +0100)]
Some cookies have no attributes
David Woodhouse [Wed, 1 Oct 2008 10:44:08 +0000 (11:44 +0100)]
Only check config sha1 if we have a config
David Woodhouse [Wed, 1 Oct 2008 10:39:26 +0000 (11:39 +0100)]
Tidy up cookie handling, check XML config file sha1 against server
David Woodhouse [Wed, 1 Oct 2008 10:02:20 +0000 (11:02 +0100)]
Attempt to avoid the assert() which Marcel saw.
David Woodhouse [Wed, 1 Oct 2008 09:14:23 +0000 (10:14 +0100)]
Justify wheel re-invention
David Woodhouse [Wed, 1 Oct 2008 02:30:47 +0000 (03:30 +0100)]
fixme: cookies
David Woodhouse [Wed, 1 Oct 2008 02:28:21 +0000 (03:28 +0100)]
Bugger it. Own HTTP parsing
David Woodhouse [Wed, 1 Oct 2008 00:04:45 +0000 (01:04 +0100)]
Start of code to use neon. This doesn't work either.
Maybe I will just fall back to doing the bloody http parsing for myself.
David Woodhouse [Tue, 30 Sep 2008 23:41:02 +0000 (00:41 +0100)]
Switch to using Neon for XML parsing.
Marcel Holtmann [Tue, 30 Sep 2008 22:38:16 +0000 (00:38 +0200)]
Use SecurID based login to retrieve webvpn cookie
David Woodhouse [Tue, 30 Sep 2008 21:21:31 +0000 (22:21 +0100)]
fixme: redirects happen
David Woodhouse [Tue, 30 Sep 2008 21:18:25 +0000 (22:18 +0100)]
Look up hosts in XML config file
David Woodhouse [Tue, 30 Sep 2008 17:29:10 +0000 (18:29 +0100)]
Remove a bunch of stuff from TODO
David Woodhouse [Tue, 30 Sep 2008 13:13:00 +0000 (14:13 +0100)]
Make cert and key options a little saner
David Woodhouse [Tue, 30 Sep 2008 08:40:18 +0000 (09:40 +0100)]
doh. Fix latency fuckup
David Woodhouse [Tue, 30 Sep 2008 08:20:55 +0000 (09:20 +0100)]
Clean up exit handling a little
David Woodhouse [Tue, 30 Sep 2008 08:20:29 +0000 (09:20 +0100)]
Enable compression by default, allow DTLS to be disabled
David Woodhouse [Tue, 30 Sep 2008 07:39:22 +0000 (08:39 +0100)]
Change name of MTU environment variable
David Woodhouse [Tue, 30 Sep 2008 07:15:15 +0000 (08:15 +0100)]
fix up server verification a bit
David Woodhouse [Tue, 30 Sep 2008 04:01:17 +0000 (05:01 +0100)]
Add server cert verification
David Woodhouse [Tue, 30 Sep 2008 03:34:00 +0000 (04:34 +0100)]
handle SIGHUP too
David Woodhouse [Tue, 30 Sep 2008 03:31:59 +0000 (04:31 +0100)]
Clean up messages a little
David Woodhouse [Tue, 30 Sep 2008 03:20:48 +0000 (04:20 +0100)]
Clean up CSTP option handling
David Woodhouse [Mon, 29 Sep 2008 17:53:26 +0000 (18:53 +0100)]
admit what we know about xml download
David Woodhouse [Mon, 29 Sep 2008 14:51:24 +0000 (15:51 +0100)]
Add comments on OpenSSL patches
David Woodhouse [Mon, 29 Sep 2008 14:41:42 +0000 (15:41 +0100)]
Tidy up option handling a little
David Woodhouse [Mon, 29 Sep 2008 14:23:27 +0000 (15:23 +0100)]
Add capability to use vpnc's route mangling script
David Woodhouse [Mon, 29 Sep 2008 13:56:53 +0000 (14:56 +0100)]
set up for invoking script for config
David Woodhouse [Mon, 29 Sep 2008 13:48:25 +0000 (14:48 +0100)]
FD_CLOEXEC
David Woodhouse [Mon, 29 Sep 2008 12:31:22 +0000 (13:31 +0100)]
Remove the 'FIXME: keepalive' comment. I implemented that already
David Woodhouse [Mon, 29 Sep 2008 12:27:02 +0000 (13:27 +0100)]
Implement DTLS rekey
David Woodhouse [Mon, 29 Sep 2008 12:06:32 +0000 (13:06 +0100)]
Start of DTLS rekey support, clean up comments about protocol
David Woodhouse [Mon, 29 Sep 2008 12:00:28 +0000 (13:00 +0100)]
Add OpenSSL patches
David Woodhouse [Mon, 29 Sep 2008 08:54:17 +0000 (09:54 +0100)]
Use SSL_OP_CISCO_ANYCONNECT option to match the patch I sent upstream
David Woodhouse [Mon, 29 Sep 2008 08:52:44 +0000 (09:52 +0100)]
commit makefile hacks for openssl testing
David Woodhouse [Mon, 29 Sep 2008 01:15:33 +0000 (02:15 +0100)]
Latency will be a lot better if we actually select on the right fd
David Woodhouse [Mon, 29 Sep 2008 01:15:10 +0000 (02:15 +0100)]
Use explicit numbers for DTLS1_BAD_VER and DTLS1_VERSION
That way it can build against either 0.9.8e or 0.9.8f
David Woodhouse [Sun, 28 Sep 2008 08:17:54 +0000 (09:17 +0100)]
Set MTU too.
From the server's response, rather than what we asked the server for.
David Woodhouse [Sat, 27 Sep 2008 07:05:44 +0000 (01:05 -0600)]
Set default UI method so it works for PEM passphrases too.
Looks like this means we can't set the UI userdata to vpninfo,
unfortunately.
David Woodhouse [Sat, 27 Sep 2008 06:45:10 +0000 (00:45 -0600)]
fixme for cert passphrase
David Woodhouse [Sat, 27 Sep 2008 06:41:39 +0000 (00:41 -0600)]
Demonstrate how to do callback for TPM password; proper UIs will need this
David Woodhouse [Sat, 27 Sep 2008 05:47:33 +0000 (23:47 -0600)]
Take TPM SRK password on command line too, optionally
The callback does seem to work; a GUI client might want something more
special.
David Woodhouse [Sat, 27 Sep 2008 05:27:59 +0000 (23:27 -0600)]
Use OpenSSL TPM engine
David Woodhouse [Sat, 27 Sep 2008 05:27:38 +0000 (23:27 -0600)]
quieter
David Woodhouse [Sat, 27 Sep 2008 05:27:12 +0000 (23:27 -0600)]
Make interface name configurable
Marcel Holtmann [Fri, 26 Sep 2008 16:46:28 +0000 (18:46 +0200)]
Add IPv4 address and netmask configuration
David Woodhouse [Fri, 26 Sep 2008 16:43:05 +0000 (09:43 -0700)]
silence warnings, and output
David Woodhouse [Thu, 25 Sep 2008 01:08:33 +0000 (18:08 -0700)]
Add cookie fetching code, given a certificate. This bit sucks
David Woodhouse [Thu, 25 Sep 2008 01:06:36 +0000 (18:06 -0700)]
Another response seen in the wild
David Woodhouse [Wed, 24 Sep 2008 22:03:21 +0000 (15:03 -0700)]
fix curl_err uninitialised
David Woodhouse [Wed, 24 Sep 2008 21:43:37 +0000 (14:43 -0700)]
Remove abstraction crap
David Woodhouse [Tue, 23 Sep 2008 23:31:49 +0000 (16:31 -0700)]
Fall back to SSL if DTLS dies
David Woodhouse [Tue, 23 Sep 2008 23:25:40 +0000 (16:25 -0700)]
Sort out DPD and Keepalive
This could be cleaner -- and shared between DTLS and SSL. But this seems
to work...
David Woodhouse [Tue, 23 Sep 2008 22:47:38 +0000 (15:47 -0700)]
one fewer FIXME...
David Woodhouse [Tue, 23 Sep 2008 22:46:27 +0000 (15:46 -0700)]
check DPD config
David Woodhouse [Tue, 23 Sep 2008 22:46:16 +0000 (15:46 -0700)]
tidy up, add DPD
David Woodhouse [Tue, 23 Sep 2008 22:39:54 +0000 (15:39 -0700)]
macros for packet types
David Woodhouse [Tue, 23 Sep 2008 22:08:38 +0000 (15:08 -0700)]
data transport over DTLS working
David Woodhouse [Tue, 23 Sep 2008 22:08:15 +0000 (15:08 -0700)]
don't send data over SSL while DTLS active
David Woodhouse [Tue, 23 Sep 2008 21:45:42 +0000 (14:45 -0700)]
attempt actual data transport over DTLS. Not working yet
David Woodhouse [Tue, 23 Sep 2008 21:05:34 +0000 (14:05 -0700)]
fix typo
David Woodhouse [Tue, 23 Sep 2008 21:02:11 +0000 (14:02 -0700)]
wheee. dtls works... at least with their library
David Woodhouse [Tue, 23 Sep 2008 07:56:41 +0000 (00:56 -0700)]
Add readahead to UDP socket, to avoid throwing away ends of packets.
Still doesn't work though -- but it's the same failure mode as when I run
the Cisco client with my own build of OpenSSL.
David Woodhouse [Tue, 23 Sep 2008 06:57:57 +0000 (23:57 -0700)]
Attempt DTLS setup. Broken.
David Woodhouse [Tue, 23 Sep 2008 00:06:04 +0000 (17:06 -0700)]
connect in separate func
David Woodhouse [Tue, 23 Sep 2008 00:00:08 +0000 (17:00 -0700)]
Start on DTLS setup
David Woodhouse [Mon, 22 Sep 2008 22:58:47 +0000 (15:58 -0700)]
move DTLS comments
David Woodhouse [Mon, 22 Sep 2008 22:55:41 +0000 (15:55 -0700)]
document ssl packetisation
David Woodhouse [Mon, 22 Sep 2008 22:47:25 +0000 (15:47 -0700)]
quit cleanly when receive unknown packet
David Woodhouse [Mon, 22 Sep 2008 22:45:34 +0000 (15:45 -0700)]
simplify payload_len handling
David Woodhouse [Mon, 22 Sep 2008 22:43:28 +0000 (15:43 -0700)]
a little more debug
David Woodhouse [Mon, 22 Sep 2008 22:35:33 +0000 (15:35 -0700)]
move inflate_and_queue_packet() into ssl.c
David Woodhouse [Mon, 22 Sep 2008 22:32:59 +0000 (15:32 -0700)]
split out queue_packet()
David Woodhouse [Mon, 22 Sep 2008 20:02:16 +0000 (13:02 -0700)]
server cert check in TODO
David Woodhouse [Mon, 22 Sep 2008 19:59:57 +0000 (12:59 -0700)]
add todo list
David Woodhouse [Mon, 22 Sep 2008 09:31:03 +0000 (02:31 -0700)]
Add compression support
David Woodhouse [Mon, 22 Sep 2008 08:22:28 +0000 (01:22 -0700)]
oops, anyconnect.h too
David Woodhouse [Mon, 22 Sep 2008 06:11:02 +0000 (23:11 -0700)]
actually send BYE packet on exit
David Woodhouse [Mon, 22 Sep 2008 06:03:48 +0000 (23:03 -0700)]
Add bye handling, not that it's used yet