1. 06 Mar, 2013 4 commits
  2. 04 Mar, 2013 5 commits
  3. 03 Mar, 2013 1 commit
    • David Woodhouse's avatar
      Fix Android build with NDK · ed16cfcf
      David Woodhouse authored
      The NDK doesn't include keystore.h but that only has a few error numbers
      so we can define those locally.
      
      We also can't call socket_local_client() but that's only a simple socket()
      and connect() call on a Unix socket anyway.
      
      Also make keystore_strerror() return a const char *.
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      ed16cfcf
  4. 02 Mar, 2013 1 commit
  5. 25 Feb, 2013 1 commit
  6. 22 Feb, 2013 1 commit
    • David Woodhouse's avatar
      Fix hostname canonicalisation to stop breaking certifcate checks · de24aad5
      David Woodhouse authored
      Commit b0b4b34f ('Canonicalise hostname during authentication if necessary')
      replaces the hostname with a bare IP address if necessary, so that
      reconnecting is guaranteed to get the *same* host from a round-robin and
      comparing the SSL cert with its previous SHA1 fingerprint (which is how we
      do it for two-stage connection for example from NetworkManager) is
      guaranteed to work.
      
      However, this breaks certificate auth when invoked in one-stage mode from
      the command line to authenticate *and* actually make the connection. When
      vpninfo->hostname is replaced with a bare IP address, that might not
      actually be what's listed in the certificate's Subject or Altname fields.
      So users have reported a certificate validation failure on *reconnecting*
      to the server which was acceptable the first time round when we looked it
      up by name.
      
      So, don't actually replace vpninfo->hostname at all. Introduce a new field
      vpninfo->unique_hostname which is returned by openconnect_get_hostname(),
      and leave vpninfo->hostname as it was.
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      de24aad5
  7. 20 Feb, 2013 1 commit
  8. 18 Feb, 2013 3 commits
  9. 17 Feb, 2013 5 commits
  10. 13 Feb, 2013 9 commits
  11. 12 Feb, 2013 5 commits
  12. 07 Feb, 2013 2 commits
  13. 05 Feb, 2013 1 commit
  14. 04 Feb, 2013 1 commit