Tag version 1.00

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Merge branch 'fixes' of git://github.com/jku/openconnect

Fix memory leak on handled packets

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

fix regression with return values

return 0 only when there really is a cookie

support user cancel in openconnect_obtain_cookie()

    Note changed return values:
     < 0  error
     = 0  no cookie (user cancel)
     = 1  obtained cookie

ssl_ui_gtk: fix flusher return value

Return value for user cancel is -1.

improve ssl ui dialogs

Make dialogs show up in taskbar and pager, add window titles.

use GTK_STOCK_DIALOG_AUTHENTICATION as default icon

improve nm-auth-dialog dialogs

Make dialogs show up in taskbar and pager, add window titles.
Make 'window close' work as cancel in host selection.
Add 'name' to openconnect_info struct.

Tag version 0.99

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

quit on interrupted sleep

Quit openconnect if sleep was interrupted by signal(e.g. ^C).

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

use adaptive reconnect_interval

Start reconnect attempts in 10s interval and enlarge
the interval by 10s each time until it reaches 100s.

This makes reasonable retry density for both small/large reconnect timeouts.

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

fix SEGV on lost connection

Stop cstp_bye() when the https connection was already lost.

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

add option --reconnect-timeout

Users could specify large reconnect-timeout to
survive unstable network connections.

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

After DPD, keep retrying to connect for longer.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix select µsec calculation to avoid integer overflow.
Pointed out by Sergey Svishchev.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

NetBSD fixes from Sergey Svishchev

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Turn certsigs gconf key into a string.

Otherwise, NetworkManager will keep deleting it.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Don't keep retrying DTLS if OpenSSL doesn't support it

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tag version 0.98

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix up licensing headers

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove OpenSSL patches

They can be handled separately. Two are upstream already, and the other
one needs redoing anyway.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tag version 0.97

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Allow empty 'select' choice element in auth form.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use NULL not 0 for pointers

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Forget password after using it once

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Ask user to accept certs in NM auth-dialog

We store the signature of accepted certs in gconf.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix cert valididation with CA files, allow manual cert validation callback.

We need to clear the 'purpose' field, because we seem to be using
certificates which don't have that correctly set, and that causes normal
certificate validation to fail.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Report reason for 'service unavailable' results from server

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add --no-passwd option. When certificate fails, fail immediately.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Set vpninfo->progress earlier to avoid segfaults with XML file

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add man page

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use -s for tag commits

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use vpninfo->progress for more messages, instead of printf/perror

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tag version 0.96

Allow SecurID tokens to be scripted/generated

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Allow queue length to be configured

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Limit outgoing packet queue length

If we were using TCP and the socket stalled, we'd just keep sucking
packets from the kernel, allocating memory and queuing them
internally with no limit except the size of the swap space. Not clever.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove unused variable 'success'

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Treat an empty cookie (null string) as undefined

This allows bootstrapping a cookie file. Initially do:
  echo '' > cookie-file

In the setup script, write the received cookie value to the
cookie file, so it will be used next time the VPN is started.

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Reorder options string; remove extra 'h'

Put the options string into alphabetical order and remove a dupe 'h'.

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add option to read password from standard input

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove argument from some long options

These long options do not take an argument:

  --script-tun
  --tpm-key
  --verbose
  --version

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Flush X event queue after closing dialog

detect success from auth_id

Handle SecurID pin in next_tokencode mode too

Use separate prompt for SecurID PIN

Use prompts from server

Handle split-includes

Add --setuid option to drop privs after connect.

Add --syslog option

don't report quit message twice

Fix Ctrl-C handling

Move to using select() instead of poll(). poll() doesn't work on MacOS

Rip the OpenSSL UI bits out on Linux too; it was just an example.

Add MacOS support to tun.c

Build fixes for MacOS

Remove the MTU hack; it didn't work anyway, and we fixed the real bug

Build fixes for MacOS

Fix bogus indenting

Document $(OPENSSL) use case a little better

Tag version 0.95

Update patches

include ctype.h

Kill dtls_state, fix --no-dtls

Handle disconnect request gracefully

initialise combo box entry counter

fix broken memset

Tag version 0.94

cookie on stdin

Handle 'script' going away

Add option for passing all traffic to a filedescript of the 'script'

This means we can just make it run something using lwip to provide a
SOCKS server.

move environment setting to separate function

print ifname

Use pointopoint mode

mention server cert

Add DTLS test hacks

explain the dtls wrong-packet problem now we know the cause

Don't abort on all http response failures

Only set write_new_config() callback if user gives a filename

Tag version 0.93

no gnomeui

vpn name in title

we have some form of error feedback now, at least

Display dialog box on connect failure.

It's still horrid but at least it's better than nothing.

Use progress callback for output

make write_new_config a callback

update todo for auth-dialog

Fix disconnections with JF endpoint.

kill host selection dialog when done with it

choose host to connect to

update xmlconfig into gconf

silent when downloading config

fix sha1 comparison

Eliminate references to xmlconfig path in generic code

Tag version 0.92

todo update

install auth dialog

don't include version.h

Rename to openconnect to avoid potential trademark issues