Skip to content

O
openconnect
Switch branch/tag
  1. 24 Feb, 2021 1 commit
  3. 20 Feb, 2021 2 commits
  5. 18 Feb, 2021 1 commit
  7. 11 Feb, 2021 2 commits
  9. 05 Feb, 2021 3 commits
  11. 03 Feb, 2021 1 commit
  13. 25 Jan, 2021 1 commit
  15. 23 Jan, 2021 5 commits
  17. 22 Jan, 2021 1 commit
  19. 20 Jan, 2021 1 commit
  21. 16 Jan, 2021 1 commit
  23. 08 Jan, 2021 2 commits
    • Daniel Lenski's avatar
      Merge branch 'assign_privkey-bug' into 'master' · 4a1fda35
      Daniel Lenski authored 
      Small memory leak in gnutls.c:assign_privkey

See merge request openconnect/openconnect!160
      4a1fda35
    • Tom Carroll's avatar
      Free pcerts array for all assign_privkey paths. · 3c9479ae
      Tom Carroll authored 
      Ensure the array pcerts is free'd for both success/fail paths. The function
gnutls_certificate_set_key() is odd as it takes ownership of the contents of
pcerts, but not the pcerts array itself. See:

gnutls-3.6.15/lib/cert-cred.c:gnutls_certificate_set_key()
...
new_pcert_list = gnutls_malloc(sizeof(gnutls_pcert_st) * pcert_list_size);
if (new_pcert_list == NULL) {
  return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
}
memcpy(new_pcert_list, pcert_list, sizeof(gnutls_pcert_st) * pcert_list_size);
Signed-off-by: default avatarTom Carroll <incentivedesign@gmail.com>
      3c9479ae
  25. 05 Jan, 2021 6 commits
  27. 14 Dec, 2020 3 commits
    • Daniel Lenski's avatar
      Merge branch 'openconnect_get_auth_expiration' into 'master' · 14a1c56a
      Daniel Lenski authored 
      add auth_expiration (AnyConnect, GP, Pulse) and openconnect_get_auth_expiration() API function

See merge request openconnect/openconnect!156
      14a1c56a
    • Daniel Lenski's avatar
      implement `auth_expiration` for Pulse protocol · e646bf0f
      Daniel Lenski authored 
      We have many examples of this field (AVP 0x583/0xd5c) being multiples of 60 or 3600,
strongly suggesting that it's the remaining auth lifetime:

- https://gitlab.com/openconnect/openconnect/-/issues/98: `AVP 0x583/0xd5c: 00 01 fa 40` (0x1fa40 seconds = 36 hours)
- private communication: `AVP 0x583/0xd5c: 00 00 a9 ec` (0xa9ec seconds = 12 hours)
- private communication: `AVP 0x583/0xd5c: 00 00 0a 70` (0xa70 seconds = 44 minutes)
Signed-off-by: default avatarDaniel Lenski <dlenski@gmail.com>
      e646bf0f
    • Daniel Lenski's avatar
      Add `openconnect_get_auth_expiration` function to library and JNI · f152cf7d
      Daniel Lenski authored 
      This allows protocols to save the moment when a session's authentication
(`vpninfo->cookie`) is expected to expire and no longer be useful for
reconnection.

The motivation is to eventually allow front-ends to know whether
reauthentication is needed, or whether they should try using a cached
cookie.

Current state:

- AnyConnect protocol: expiration is determined from the CONNECT
  response header `X-CSTP-Session-Timeout-Remaining` (with
  `X-CSTP-Session-Timeout` or `X-CSTP-Lease-Duration` as upper bounds in its
  absence)
- GlobalProtect protocol: expiration is determined from the `<lifetime>` tag of
  the XML config.
- Juniper Network Connect protocol: no currently known way to determine
  expiration. The `DSID` cookie is a standard HTTP cookie, so perhaps its
  expiration timestamp is intended for this purpose; however, I can find
  no real-world case where it has an expiration timestamp set.
- None of the currently-supported protocols provide the expiration
  timestamp until the connection phase, so it can't be obtained for
  export by the `--authenticate` option.
Signed-off-by: default avatarDaniel Lenski <dlenski@gmail.com>
      f152cf7d
  29. 13 Dec, 2020 1 commit
  31. 10 Dec, 2020 1 commit
  33. 09 Dec, 2020 3 commits
  35. 08 Dec, 2020 2 commits
  37. 03 Dec, 2020 1 commit
  39. 01 Dec, 2020 2 commits