Age | Commit message (Collapse) | Author | Files | Lines |
|
If a string with value NULL is set with g_key_file_set_string(),
a critical glib error will be printed.
|
|
Openconnect saves VPN MTU, Server and CA cert file paths.
|
|
Switch the gateway and prefix_length order to be consistent with the ipv4
version.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When we spawn openconnect to make a VPN connection, it obviously needs
to validate the server's SSL certificate to protect against a MiTM
attack. But it may not have full access to the user's CA chain, or the
user may have manually accepted a dubious certificate.
To allow for this, the GUI authentication dialog returns a SHA1 of the
server's SSL certificate fingerprint, for the *specific* server that it
managed to authenticate to.
The intention is that this should be passed through to openconnect when
it connects. That way, openconnect doesn't need to do any normal
validation; it only needs to compare the certificate with what's
expected.
From openconnect v2.26, certificate validation is enabled by default;
rather than only when a --cafile option is given. So it's important that
we start passing the certificate fingerprint through, to avoid
connection failures (which we don't currently detect and report
gracefully, btw).
|
|
|
|
This patch will remove all vpn services on offline mode. It also
make sure it exits after releasing all resources.
Fixes BMC #6591
|
|
The VPN service refcount is bumped at creation time and decreased at
destruction time.
The openconnect provider bumps the provider refcount at task creation
time and decreases it at task destruction time.
The service code bumps the provider refcount at service creation time and
decreases it at service releasing time.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|