2019-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: corrected typo Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2019-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.12.2 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2019-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Makefile: allow out-of-tree builds with bundled
	protobuf Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2019-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit a67c45099ff9de96f5eed418477806d1189d27ee Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Thu Jan 10 19:30:36 2019
	+0100

2019-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-http.c: worker-http: use the same workaround string for
	all ciphersuites Resolves #193 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2019-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 232de85d171a411ceee680f40966c3a076978401 Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Wed Jan 9 19:03:04 2019
	+0100

2019-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: setup_dtls0_9_keys: renamed and updated log
	messages for clarity Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2019-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-http.c, src/worker.h: worker-http: dropped txt_version All the versions checked were prior to the minimum gnutls version we
	require.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2019-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/http-heads.gperf, src/worker-http.c, src/worker-vpn.c,
	src/worker.h: worker-http: added support for anyconnect DTLS1.2
	ciphersuites This adds support for DTLS1.2 ciphersuite header as sent by
	anyconnect clients.  Resolves #188 Resolves #193 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2019-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: updated instructions on debian Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2019-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: skip Centos6 tests that fail Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2019-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: cfg_ini_handler: notify static analyzers that
	defvhost is always non-null Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2019-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: moved server-cert-rsa-pss to
	dist_check_scripts The gnutls included in distributions is expected to work well with
	RSA-PSS.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 34b39d213cb48f6d4688ac71712f5e676a976b84 Author:
	pumpkin031 <www.carrotsoft@gmail.com> Date:   Sun Nov 18 12:54:18
	2018 +0900

2018-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit d4a4e780fcd9f95fc1044453b7039f950fba93f2 Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Sun Nov 4 11:38:49 2018
	+0100

2018-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod: log sucessful authentication Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/common.sh,
	tests/data/config-per-group.config, tests/data/group-config/tost,
	tests/test-config-per-group: tests: added functionality test for
	config-per-group Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 39c6d578b54fd1b46f2f9515b9d0a9e16481b14c Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Sat Sep 22 21:35:55 2018
	+0200

2018-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-pam, tests/test-pam-noauth, tests/test-pass: tests:
	added check with empty password Relates #171 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-07-21  Timo Frster <tfoerster@webfoersterei.de>

	* doc/sample.config: Change documentation url for UsersFile. Fixes
	#163 Signed-off-by: Timo Förster <tfoerster@webfoersterei.de>

2018-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: disabled asan job as it conflicts
	with cwrap tools in F28 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 4f79db43b67eda84ebd6d535dbe0bbde94734f1e Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Fri Jul 20 22:15:42 2018
	+0200

2018-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/aes128-cipher, tests/aes128-gcm-cipher,
	tests/aes256-cipher, tests/aes256-gcm-cipher,
	tests/cipher-common.sh: tests: added unit tests for AES-128-GCM and
	AES-256-GCM Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-07-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, src/worker-http.c, tests/Makefile.am,
	tests/aes128-cipher, tests/aes256-cipher,
	tests/data/test-ciphers.config, tests/ns.sh: Added support for
	AES-256-CBC This enables support for AES-256 for anyconnect clients which do not
	support AES-GCM. Also prioritized the 256-bit ciphers higher than
	the 128-bit ones.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: updated for new debian build name Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: updated for new project Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.8.md: ocserv.8: link to openconnect(8) Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-06-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker-vpn: more reasonable messages for timeout
	and disconnections Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c: radius: be more verbose with groups found Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README-radius.md: README-radius.md: mention groupconfig=true
	relevance for Class attribute [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-05-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: updated for release Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-05-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: added missing file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-05-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.12.1 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-05-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit c1aee4fe9a5c4df02d8a8327ff61c224ba277d6f Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Fri May 11 22:10:17 2018
	+0200

2018-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml, configure.ac: configure: always work-around
	brokenness of gnutls_certificate_set_key That is, instead of requiring the user to explicitly pass
	--with-broken-gnutls warn at the end of the configure script.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 807ce345de41b2969ba76ef31812cc9beded7249 Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Thu May 10 19:38:50 2018
	+0200

2018-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/vpn.h: ocserv: added the --no-chdir
	command line option This allows running on the background but without changing the
	current directory.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 094145bf541d520cd372034b7c287b5199f7c23d Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Mon Apr 30 17:40:36 2018
	+0200

2018-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: doc: fail safe when ronn is not available Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: doc: corrected typo in manpage generation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: doc: dist_man_MANS are defined unconditionally Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-04-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: ship missing test [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-04-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: doc: added missing file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: bumped version Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit a4525385bbea7275475e1a73985664733ca6885a Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Sun Apr 15 20:53:17 2018
	+0200

2018-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: .gitignore: ignore new tests Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/data/{test-compression.config =>
	test-compression-lz4.config},
	tests/data/test-compression-lzs.config, tests/{compression =>
	lz4-compression}, tests/lzs-compression: tests: separated
	compression tests to lzs and lz4 That allows testing both code paths separately.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/vpn.h, src/worker-http.c: config: added options
	to change compression algorithm priorities Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: sample.config: the example paths reflect real
	system paths Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 03bccbcaefa0fef98e7dacb5e444409088e2436b Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Sun Apr 15 09:13:54 2018
	+0200

2018-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common/common.h: ms_sleep: do wait for the specified amount of
	time That is, do not return earlier due to a signal.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/certs/crl.pem,
	tests/data/test-sighup.config, tests/test-maintenance,
	tests/test-sighup: tests: added test to unit test the maintenance
	cycle This allows to catch issues like crashes late in the server
	operation as in #149 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/main.h: main: allow forcing maintenance cycle with
	SIGUSR2 This is done for testing purposes; allow test the maintenance cycle
	without waiting for the necessary time.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: main: corrected call of CRL reload Resolves #149 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/gssapi.c: gssapi auth: set the virtual host data early That prevents a crash on its use from get_name() later in the
	initialization.  Resolves #145 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit b4bb6c2049609aad4a5c48bef6ec1e5f958aaf3a Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Sat Apr 14 18:24:04 2018
	+0200

2018-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md, tests/data/pam/ocserv.in, tests/test-pam: tests:
	pam-test was restricted to pam_matrix valgrind and asan were indicating issues with pam_oath, so avoid
	using it in the testsuite.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-sec-mod-cmd.c, src/main.c, src/sec-mod.c,
	src/sec-mod.h, src/tlslib.c, src/vpn.h: sec-mod/main: eliminate mem
	leaks related to vhost transition Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/port-parsing.c: tests: properly handle memory in
	cfg_parse_ports() unit test Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/str.c: trim_trailing_whitespace: avoid invalid memory
	access/read Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-worker-cmd.c: proxy protocol: added check to avoid memcpy
	on zero data Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: corrected run of ubsan/asan Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: do not warn on string truncation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c: radius: allow more space in route from txt to
	avoid truncation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c: pam: corrected check for empty password Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c, src/tlslib.c, src/worker-http-handlers.c,
	src/worker-vpn.c: tlslib: eliminated unneeded code for GnuTLS >=
	3.3.0 We already require GnuTLS 3.3.0 or later.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/proc-search.c: proc_table_update_ip: corrected DTLS address
	comparison Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: server-cert-rsa-pss moved to xfail set Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: tlslib: set public key algorithm with
	gnutls_privkey_import_ext4 Previously we would require communication with sec-mod, which is not
	setup during configuration time.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/auth/plain.c, src/ocpasswd/ocpasswd.c: include
	crypt.h to use crypt() This is necessary in Fedora28 as it doesn't provide crypt()
	prototype in unistd.h https://bugzilla.redhat.com/show_bug.cgi?id=1566464 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-04-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: tlslib: added missing struct element Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 158b099c9f0da83695d37b28ee78ff939588e96c Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Fri Apr 6 06:44:35 2018
	+0200

2018-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: update code coverage Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml, configure.ac, tests/Makefile.am, tests/common.sh,
	tests/data/test-haproxy-connect.config,
	tests/data/test-traffic.config, tests/full-test, tests/ns.sh,
	tests/traffic: tests: full-test was moved into traffic test The new traffic test only requires namespaces and no docker.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/haproxy-connect, tests/ns.sh: 
	haproxy-connect: split into lib Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 86fe0fc4573a29ff1560ce17d6260338db8f56e2 Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Mon Mar 26 18:02:28 2018
	+0200

2018-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/proc-search.c: proc_table_update_ip: do not update IP if
	the previous IP is not found That adds a safety net in case there is a mismatch of IPs, to
	prevent adding two entries in the hashtable for the same IP.  Resolves #146 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/proc-search.c: proc-search: indentation fixes Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md, tests/Makefile.am, tests/common.sh,
	tests/data/haproxy-auth.cfg, tests/data/test-haproxy-auth.config,
	tests/haproxy-auth: tests: added test with proxy-protocol That tests operation under haproxy with proxy-protocol without
	docker.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-proxyproto.c: worker: properly handle the haproxy
	health commands That is, do not close that connection, but follow up and accept it,
	according to the protocol.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: document only entries which are not available in
	0.11.x branch Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 1aa3056849155bd419264c26d07558183b40b379 Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Wed Mar 21 12:52:54 2018
	+0100

2018-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: warn when no worker isolation is
	available Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: tun: better separation of OS dependent tun
	functionality Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: combined bsd_open_tun with bsd_ifrename Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: rename tun device on FreeBSD Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 1e88a224eeef4e0b0173f41f5a6b4e12a83ce3ec Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Wed Mar 21 12:24:31 2018
	+0100

2018-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/data/multiple-routes.config,
	tests/multiple-routes: tests: added reproducer for #141 This tests whether more than 128 options can be read in routes or
	dns fields.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: added ubsan build Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml, Makefile.am, README.md, configure.ac: Create
	coverage report and depend on pre-built CI images It will be made available at:
	https://ocserv.gitlab.io/ocserv/coverage/ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: config: allow empty device name on vhosts Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: config: corrected check for empty device name Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: sec-mod: move variable in the ifdef block it is
	used at Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/sec-mod.c, src/tlslib.c: tlslib: added support
	for gnutls 3.6.3 (unreleased) That adds support for GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS which is
	necessary for RSA-PSS private keys.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: better presentation of badges [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .travis.yml, README.md: .travis.yml: removed; ocserv cannot be
	built in ubuntu14.04 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker.h: worker.h: removed socklen_t
	non-presence work-around The socklen_t use is spread out in the code, making that work around
	non-functional.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/icmp-ping.c, src/main-auth.c, src/main-user.c,
	src/vpn.h, src/worker-http.c, src/worker-misc.c, src/worker-vpn.c: 
	use casts to avoid various clang warnings under BSD systems Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated URI Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/ocserv.8.md, doc/sample.config: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/common.sh,
	tests/data/test-vhost-pass-cert.config,
	tests/data/test-vhost2.passwd, tests/data/test-vhost3.passwd,
	tests/data/vhost.hosts, tests/test-vhost: tests: introduced test
	program to check basic vhost functionality This checks whether connecting to different virtual hosts with
	different authentication methods works.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/Makefile.am, src/acct/pam.c,
	src/acct/radius.c, src/auth/gssapi.c, src/auth/pam.c,
	src/auth/plain.c, src/auth/radius.c, src/auth/radius.h,
	src/common-config.h, src/common/common.c, src/common/common.h,
	src/config.c, src/ctl.proto, src/icmp-ping.c, src/ip-lease.c,
	src/ipc.proto, src/log.c, src/main-ban.c, src/main-ctl-unix.c,
	src/main-proc.c, src/main-sec-mod-cmd.c, src/main-user.c,
	src/main-worker-cmd.c, src/main.c, src/main.h, src/occtl/geoip.c,
	src/occtl/unix.c, src/route-add.c, src/sec-mod-acct.h,
	src/sec-mod-auth.c, src/sec-mod-auth.h, src/sec-mod-cookies.c,
	src/sec-mod-db.c, src/sec-mod-resume.c, src/sec-mod-sup-config.c,
	src/sec-mod.c, src/sec-mod.h, src/subconfig.c, src/tlslib.c,
	src/tlslib.h, src/tun.c, src/vhost.h, src/vpn.h, src/worker-auth.c,
	src/worker-http-handlers.c, src/worker-http.c, src/worker-kkdcp.c,
	src/worker-misc.c, src/worker-privs.c, src/worker-resume.c,
	src/worker-vpn.c, src/worker.h, tests/Makefile.am, tests/ban-ips.c,
	tests/certs/server-cert-secp521r1.pem,
	tests/certs/server-key-secp521r1.pem: Introduced the notion of
	virtual hosts This provides virtualized server configurations which take effect
	after client connection when client hello is received.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: disabled rawhide build The fedora image is broken since long time.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: config: properly warn on duplicate pid-file option Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-pass, tests/test-pass-opt-cert: tests: use the
	--pid-file and -p options in ocserv This allows detecting issues like in #143 where these two options
	regressed.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: ocserv: avoid crash when --pid-file is used Resolves #143 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-http.c: worker: only switch to GSSAPI authentication if
	not already used certificate That allows using gssapi as primary and certificate as fallback.  Resolves #108 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: worker: use explicit parenthesis for clarity Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/data/test-gssapi-opt-cert.config,
	tests/data/test-gssapi-opt-pass.config, tests/test-gssapi-opt-cert,
	tests/test-gssapi-opt-pass: tests: introduced tests with gssapi
	falling back to pass or certs Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-http.c, src/worker.h: worker:
	simplified fallback to next authentication method That, also allows falling back from certificate authentication
	failure, allowing it being listed as primary, with alternatives
	present.  Resolves #108 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: config.c: clarify if clause Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/data/test-cert-opt-pass.config,
	tests/test-cert-opt-pass: tests: added check cert or pass auth This is the similar to the test case (test-pass-opt-cert) of pass or
	cert, but in that case the certificate method is set as primary.  Relates #108 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/data/test-pass-opt-cert.config,
	tests/test-pass-opt-cert: test-pass-opt-cert: modified not to
	require root access Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-otp, tests/test-otp-cert: tests: check whether ocserv
	is build with oath support prior to running otp tests Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/data/test-otp.config,
	tests/docker-ocserv/Dockerfile-fedora-otp,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/ocserv-otp.conf,
	tests/docker-ocserv/users2.oath, tests/otp-test, tests/test-otp,
	tests/test-otp-cert: test: replaced docker otp-test with cwrap
	test-otp Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/common.sh,
	tests/data/test-otp-cert.config, tests/data/test-otp.oath,
	tests/data/test-otp.passwd, tests/test-otp-cert: tests: introduced
	test with OTP-password and certificate auth Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/plain.c: amend: plain: avoid crash on locked accounts The null pointer dereference fix broke plain OTP setup of ocserv.  Resolves #114, #137 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: unix: corrected header size when receiving
	events Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: removed references to autogen Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2016-07-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/main.h, src/proc-search.c, src/proc-search.h: Hash
	the peer's DTLS IP separately from its CSTP IP This allows keeping track of clients which have their DTLS stream
	come from a different IP location than their CSTP stream.  Relates ocserv/ocserv#61

2018-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: rawhide: do not rely on tcp
	wrappers They are no longer part of Fedora28.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: doc: clarify auth and enable-auth Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-misc.c: worker: mark new UDP fd received as UDP data
	reception time That prevents errors such as switching to TCP when no UDP packets
	are received immediatelly after connection establishment.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/config.c, src/sec-mod.c: gnutls: increased
	dependency to 3.3.0 That way PKCS#11 reinitialization and global initialization are
	implicit.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: corrected artifacts dir in builds Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/ax_code_coverage.m4: ax_code_coverage: updated to latest
	version Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-01-28  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-http.c: Set AGENT_OPENCONNECT for Java/Android clients These use a slightly different User-Agent string.  If they are not
	detected correctly, then IPv6-only VPNs will not work.  Since the Android bindings did not exist until 6.00, the V3 check is
	unnecessary.  Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

2018-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml, Makefile.am, configure.ac, doc/Makefile.am,
	doc/occtl.8.md, doc/ocpasswd.8.md, doc/ocserv.8.md,
	src/Makefile.am, src/occtl/occtl-args.def,
	src/ocpasswd/ocpasswd-args.def, src/ocserv-args.def: doc: man-pages
	are modified to be generated using ronn That eliminates the need for autogen and also combines
	doc/sample.config and manpage contents. Now the doc/sample.config is
	the primary config documentation location.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/sup-config/file.c: config: skip unknown sections This would allow future extensibility, by making clients which don't
	support a section to skip it.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml, LICENSE, Makefile.am, configure.ac,
	libopts/COPYING.gplv3, libopts/COPYING.lgplv3,
	libopts/COPYING.mbsd, libopts/MakeDefs.inc, libopts/Makefile.am,
	libopts/README, libopts/ag-char-map.h, libopts/alias.c,
	libopts/ao-strs.c, libopts/ao-strs.h, libopts/autoopts.c,
	libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/project.h, libopts/autoopts/usage-txt.h,
	libopts/boolean.c, libopts/check.c, libopts/compat/_Noreturn.h,
	libopts/compat/compat.h, libopts/compat/pathfind.c,
	libopts/compat/snprintf.c, libopts/compat/strchr.c,
	libopts/compat/strdup.c, libopts/compat/windows-config.h,
	libopts/configfile.c, libopts/cook.c, libopts/enum.c,
	libopts/env.c, libopts/file.c, libopts/find.c, libopts/genshell.c,
	libopts/genshell.h, libopts/gettext.h, libopts/init.c,
	libopts/intprops.h, libopts/libopts.c, libopts/load.c,
	libopts/m4/libopts.m4, libopts/m4/liboptschk.m4,
	libopts/m4/stdnoreturn.m4, libopts/makeshell.c, libopts/nested.c,
	libopts/numeric.c, libopts/option-value-type.c,
	libopts/option-value-type.h, libopts/option-xat-attribute.c,
	libopts/option-xat-attribute.h, libopts/parse-duration.c,
	libopts/parse-duration.h, libopts/pgusage.c, libopts/proto.h,
	libopts/putshell.c, libopts/reset.c, libopts/restore.c,
	libopts/save.c, libopts/sort.c, libopts/stack.c,
	libopts/stdnoreturn.in.h, libopts/streqvcmp.c, libopts/text_mmap.c,
	libopts/time.c, libopts/tokenize.c, libopts/usage.c,
	libopts/value-type.c, libopts/value-type.h, libopts/version.c,
	libopts/xat-attribute.c, libopts/xat-attribute.h, src/Makefile.am,
	src/common-config.h, src/common.mk, src/config.c,
	src/inih/LICENSE.txt, src/inih/ini.c, src/inih/ini.h,
	src/sup-config/file.c, src/sup-config/radius.c, src/tlslib.c,
	src/vpn.h: Replaced the configuration parser with inih parser That eliminates the dependency on libopts as well as autogen.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, src/Makefile.am, src/config.c,
	src/ocserv-args.c.in, src/ocserv-args.h.in, src/sup-config/file.c,
	src/sup-config/radius.c: ocserv: use getopt for command line parsing The complexity of its command line options didn't require the use of
	libopts, and by eliminating that dependency for cmd parsing, we can
	chose another parser for config file parsing.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, src/Makefile.am,
	src/ocpasswd/ocpasswd-args.c.in, src/ocpasswd/ocpasswd-args.h.in,
	src/ocpasswd/ocpasswd.c: ocpasswd: removed dependency on autogen The complexity of its command line options didn't require the
	linking to yet another library.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml, configure.ac, src/Makefile.am: .gitlab-ci.yml:
	added a -Werror build under F27 That helps catch any potential issues early.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker: check for POLLERR condition When checking the events returned from poll, handle the POLLERR
	condition. This fixes an infinite loop on the worker's main loop.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: correctly point to scan-build
	artifacts Also added missing gperf package.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: .gitignore: ignore static libs Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-13  Daniel Lenski <daniel.lenski@finalphasesystems.com>

	* src/html.c, tests/Makefile.am, tests/url-escape.c,
	tests/url-unescape.c: Make escape_url() percent-escape fewer
	characters and escape ' ' as '+' Per RFC 3986, neither ASCII alphanumeric characters, nor any of '-',
	'_', '.', '~', need to be escaped anywhere in a URL or query string.

2018-01-13  Daniel Lenski <daniel.lenski@finalphasesystems.com>

	* tests/Makefile.am, tests/html-escape.c, tests/url-unescape.c: 
	tests for unescaping decimal HTML escapes and '+' in URLs

2018-01-12  Daniel Lenski <daniel.lenski@finalphasesystems.com>

	* src/html.c: Correctly unescape '+' in URLs and decimal escapes in
	XML (e.g. '&#32;' instead of '&#x20;') This patch changes only URL/XML unescaping, not escaping--changing
	escaping would remove the reversibility of the tests.  I've been meaning to submit this ever since

	http://lists.infradead.org/pipermail/openconnect-devel/2016-October/004042.htmlbut didn't have a particularly good reason.  However, I recently ran into a (weirdly-customized) version of
	AnyConnect which actually sends '+' in one of the authentication
	forms. So this should improve AnyConnect compatibility in some
	corner cases.

2018-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-user.c, src/worker-http.c: replaced 'const static'
	definitions with 'static const' Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: use the -Wextra gcc flag for warnings Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: config: fixed incorrect sign check Resolves #132 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: updated link on technical info Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd/ocpasswd-args.c.in, src/ocpasswd/ocpasswd-args.h.in,
	src/ocserv-args.c.in, src/ocserv-args.h.in: updated auto-generated
	files Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: occtl: sessions: print the location when
	printing the remote IP Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/occtl/unix.c, src/sec-mod-cookies.c: occtl:
	improved session output That is, do not print expiration time in sessions that are in use
	(they don't expire during that time), and print whether a session is
	in use.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: ocserv: improved session disconnection due to
	re-use messages Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/occtl/occtl.c, src/occtl/occtl.h,
	src/occtl/session-cache.c, src/occtl/unix.c: occtl: introduced 'show
	session' option This allows printing information related to a session.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod: always mark an active (open) session Previously it was only marked when an accounting module was present,
	though now that we export data to occtl, that information is useful
	even without accounting module.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: occtl: don't print compatibility fields by
	default Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-cookies.c: sec-mod: avoid infinite loop in listing for
	sessions When having only a single expired session, the security module could
	enter an infinite loop attempting to list it.  Resolves #130 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: occtl: Last-Modified session printout moved to
	compatibility options Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cookie-invalidation, tests/test-cookie-timeout: tests:
	updated for increase in slack time Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2018-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: forward_udp_to_owner: reduce the error log severity on
	bind error There are case cases where binding on the received address is not
	possible. As this is not a critical error, reduce its logging level
	to info.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-cookies.c: ocserv: pass cookie expiration time to
	occtl Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2018-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl/unix.c: occtl: ensure initialization of printed
	expiration and creation time Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h: vpn.h: increased AUTH_SLACK_TIME to 15 secs and
	documented its use Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: sample.config: added
	session-timeout parameter Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cookie-invalidation: tests: updated to account for
	changes in cookie invalidation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/occtl/unix.c: occtl: print cookie expiration
	time Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/occtl/unix.c, src/sec-mod-cookies.c: occtl:
	replaced last_modified time with created ocserv no longer sends the last modified time, but rather the cookie
	creation time.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/sec-mod-cookies.c, src/sec-mod-db.c,
	src/sec-mod.h: sec-mod: separated expiration from creation time
	fields That allows to set explicit expiration of the cookie, and ensure
	that we can close a session in a way that we provide a limited time
	window for it to re-open. That handles anyconnect client
	compatibility; this client terminates and reconnects using the
	original cookie, multiple times.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common/base64-helper.c: base64-helper: use casts to avoid
	warnings with various nettle3 versions Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-http.c: lz4: use LZ4_compress_default instead of the
	deprecated limitedOutput Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-sec-mod-cmd.c, src/tun.c: Avoid gcc
	warnings due to snprintf truncation Detect such truncation and act accordingly.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c, src/tlslib.c: tlslib: eliminate warnings due to
	unused functions These warnings were related to gnutls 3.6.x support.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: dtls: do increase handshake timeout and decrease
	retransmission time That in effect enables the default timeouts described in
	gnutls_dtls_set_timeouts which are 60 seconds, and sets
	retransmissions to occur in half a second.  Relates #122 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common/common.c: cmd_request_to_str: print the name of list
	cookies msg and its reply Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: added fedora rawhide build Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd/ocpasswd-args.c.in, src/ocpasswd/ocpasswd-args.h.in,
	src/ocserv-args.c.in, src/ocserv-args.h.in: updated auto-generated
	files Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.11.9 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-12  Frank Huang <chuang213@gmail.com>

	* tests/ocpasswd-test: Update ocpasswd-test Signed-off-by: Frank Huang <chuang213@gmail.com>

2017-09-03  Frank Huang <chuang213@gmail.com>

	* src/ocpasswd/ocpasswd.c: ocpasswd: the lock command -l will add
	multiple lock mark to the password file The changes will check if it is already locked before apply the
	locking.  This would be consistent with passwd like facilities.  Signed-off-by: Frank Huang <chuang213@gmail.com>

2017-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-pass-script: tests: test-pass-script: only run when
	openconnect supports --local-hostname Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README: updated to reflect the fact that more tests run
	under CI Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml, tests/common.sh: .gitlab-ci.yml: root tests are
	run on CI systems Because these tests can only be run in-tree, the CI builds were
	switched to be in-tree, except for FreeBSD build which now runs
	out-of-tree.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am: Separate root from docker tests This allows running the root tests under CI, even if the docker
	tests (which cannot be run) are not.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: clarify coverage report [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: use fedora26 for address sanitizer Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: centos7: skip tests with
	gssntlmssp They do not seem to run reliably.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure.ac: also check /lib/security for PAMDIR This is the path used in Debian.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/data/test-gssapi-local-map.config,
	tests/data/test-gssapi.config, tests/test-gssapi: tests: test-gssapi
	is now run as non-root Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-pam: tests: provide more verbose output on test-pam Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: use fedora26 builds Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: added static analyzers Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: occtl: disable code during static analysis that
	causes trouble to clang Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: config: avoid compiler warning Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-sec-mod-cmd.c: sec-mod: avoid null pointer dereference Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: occtl: avoid null pointer dereference Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: occtl: removed unused variables Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/acct/radius.c, src/worker-auth.c, src/worker-kkdcp.c,
	src/worker-vpn.c: removed dead assignments Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, tests/Makefile.am,
	tests/certs/server-cert-ed25519.pem,
	tests/certs/server-cert-rsa-pss.pem,
	tests/certs/server-key-ed25519.pem,
	tests/certs/server-key-rsa-pss.pem, tests/data/test-ed25519.config,
	tests/data/test-rsa-pss.config, tests/server-cert-ed25519,
	tests/server-cert-rsa-pss: tests: check server functionality with
	Ed25519/RSA-PSS certs Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/defs.h, src/ipc.proto, src/sec-mod.c, src/tlslib.c: ocserv:
	handle RSA-PSS and ed25519 key types when compiled with gnutls 3.6.0 That is, enhance the security module to accept and understand more
	elaborate signing commands.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: is_ipv4_ok: corrected access to mask This prevents the acceptance of an invalid IPv4 address as valid.  Resolves #112 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/data/test1.config, tests/data/test1.passwd, tests/test-pass: 
	tests: verify correct operation with locked account That checks whether connecting to a locked account will have
	unexpected effects (e.g., login allowed).  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/plain.c: plain: avoid crash on locked accounts That is, avoid a null pointer dereference when crypt() fails.  Resolves #114 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: enabled build for freebsd Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-07-08  Aaron LI <aly@aaronly.me>

	* src/tun.c: Fix build on DragonFly BSD With this fix, I can successfully build `ocserv-0.11.8` on DragonFly
	BSD (4.9-DEVELOPMENT) using the `net/ocserv` port from FreeBSD [1]
	without any further modifications.  [1] https://github.com/freebsd/freebsd-ports/tree/master/net/ocserv Signed-off-by: Aaron LI <aly@aaronly.me>

2017-06-16  Lele Long <schemacs@gmail.com>

	* src/ocserv-args.def: Update --load-ca-certificate argument to
	ca-cert.pem in examples Signed-off-by: Lele Long <schemacs@gmail.com>

2017-06-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: disabled freebsd builds; system no
	longer available [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: document that not all
	methods can be combined Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/worker-vpn.c: Avoid the use of the VERS-ALL priority
	string when gnutls < 3.3.24 is present That priority string is only available on gnutls 3.3.24+ versions of
	gnutls.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: compile using GeoIP-devel in
	F25/Centos7 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: allow disabling libgeoip detection Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/occtl/geoip.c,
	src/occtl/geoip.h, src/occtl/unix.c: occtl: print peer location on
	show user info That utilizes libgeoip.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl/unix.c: occtl: print Status grouped with general info Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-kkdcp.c: kkdcp: increased read timeout and made it a
	definition Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-kkdcp.c: kkdcp: increase maximum packet size to 64kb There are cases where our previous limit (16kb) was insufficient
	(see #100), and it is reasonable to switch to a limit related to
	maximum UDP packet size.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-worker-cmd.c: handle_worker_commands: fix use of
	send_msg_to_worker Relates #100 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd/ocpasswd-args.c.in, src/ocpasswd/ocpasswd-args.h.in,
	src/ocserv-args.c.in, src/ocserv-args.h.in: updated auto-generated
	files [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: bumped version Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/occtl.c, src/occtl/occtl.h, src/occtl/unix.c: occtl:
	combined stats and status cmd Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/ocserv-args.def: config: increased
	the default max-ban-score to 8 wrong password attempts This still prevents abuse, while allowing few more attempts than 5,
	which are typically easily reached through software which remembers
	passwords.  At the same time increase the default ban time to 20
	minutes.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: occtl: always print the stats reset time Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, TODO: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-sec-mod-cmd.c: reset_stats: print session statistics
	prior to reset Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: sample.config: added server-stats-reset-time Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl/unix.c: occtl:
	improved presentation of printed statistics Also added different values to keep authentication failures and
	closed sessions, in total and per accounting period.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-sec-mod-cmd.c, src/main.h,
	src/ocserv-args.def, src/sec-mod.c, src/sec-mod.h, src/vpn.h: Reset
	periodically the server statistics kept Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/defs.h, src/ipc.proto, src/main-sec-mod-cmd.c,
	src/sec-mod-auth.c, src/sec-mod.c: secmod sends periodically stats
	to main That ensures that statistics will reach main even if no users are
	logged in/logged out.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl/occtl-args.def,
	src/occtl/occtl.c, src/occtl/occtl.h, src/occtl/unix.c: occtl: print
	statistics provided by main Also introduced the --debug option.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-ctl-unix.c, src/main-proc.c,
	src/main-sec-mod-cmd.c, src/main.c, src/main.h, src/sec-mod-auth.c,
	src/sec-mod.h: main: store additional statistics globally That is, store:  * number of timed out sessions  * number of timed out due being idle sessions  * number of errored sessions  * total number of session handled (closed)  * total number of kbytes sent  * total number of kbytes received  * minimum MTU seen  * maximum MTU seen  * total authentication failures  * average/max authentication time (in secs)  * average/max session time (in minutes) Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: tun: defined undeclared variable 'e' Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: update fedora build to F25 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: explicitly install make in
	Centos/Fedora Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: tun: be more verbose in bsd tun device creation errors Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/proxyproto-v1.c: tests: added unit test
	for proxy protocol v1 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto-v1,
	tests/docker-ocserv/haproxy-proxyproto-v1.cfg,
	tests/docker-ocserv/ocserv-proxyproto-v1.conf,
	tests/proxyproto-v1-test: tests: added check for proxy protocol v1 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/ocserv-args.def: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-proxyproto.c: worker: added support for proxy protocol
	v1 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc: document limitations
	of listen-clear-file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-proxyproto.c: worker-proxyproto: improved error message Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h, src/tlslib.c, src/tlslib.h, src/worker.h,
	tests/Makefile.am, tests/cstp-recv.c: tests: added unit test for
	cstp_recv_nb() Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h: cstp_recv_nb: improve operation under
	receiving from UNIX socket That is, ensure that all possible packet size combinations are
	correctly received.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/Dockerfile-fedora-client,
	tests/docker-kerberos/Dockerfile-fedora-kerberos: tests: kerberos
	tests use F25 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-user-config: tests: test-user-config: fixed check for
	401 error Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: Revert "cstp_recv_nb: improve operation under
	receiving from UNIX socket" This reverts commit 409f114d9ee8aa556059163b612cb8cb45c9aed3.

2017-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/worker-vpn.c: Disable DTLS-PSK protocol when run
	under a unix socket It is not possible to derive PSK keys when only the TCP CSTP session
	is available, without the TLS session.  Relates #22 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: cstp_recv_nb: improve operation under receiving from
	UNIX socket That is, ensure that all possible packet size combinations are
	correctly received.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/defs.h: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker-vpn: use TCP_INFO on linux to obtain
	accurate MTU information This provides a more accurate value than the one obtained using the
	TCP MSS value. The latter is affected by many factors (such as tcp
	options), to provide a reliable value.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker-vpn: corrected calculation for MTU via
	TCP MSS Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: added missing file to dist files

2017-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd/ocpasswd-args.c.in, src/ocpasswd/ocpasswd-args.h.in,
	src/ocserv-args.c.in, src/ocserv-args.h.in: updated auto-generated
	files

2017-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2017-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: occtl: added compatibility with the 0.11.6
	output Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/occtl.c, src/occtl/unix.c: occtl: renamed cookie to
	session That reflects more close the actual use of the printed identifier.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common/common.c, src/common/common.h, src/worker-auth.c: 
	worker: do not log real session ID but rather the masked one Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/ipc.proto: Explicitly specify the protocol
	buffers syntax used in .proto files.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod: Do not log any received invalid SID Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-02-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/docker-ocserv/Dockerfile-fedora-fw,
	tests/docker-ocserv/Dockerfile-fedora-fw-neg,
	tests/docker-ocserv/Makefile.am, tests/docker-ocserv/fw-script,
	tests/docker-ocserv/ocserv-fw-neg.conf,
	tests/docker-ocserv/ocserv-fw.conf, tests/firewall-neg-test,
	tests/firewall-test: tests: removed firewall tests These were no longer up-to-date and were not checking the provided
	functionality.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2017-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/acct/radius.c, src/common/common.c, src/common/common.h,
	src/ctl.proto, src/ipc.proto, src/main-ctl-unix.c,
	src/occtl/unix.c, src/sec-mod-auth.c, src/sec-mod-cookies.c,
	src/sec-mod-db.c, src/sec-mod.h, src/tlslib.h: Do not log the
	internal session ID nor re-use it in radius Use instead a value derived from it, to avoid access to the
	debugging log files, or radius result to access to the server.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/occtl/occtl-args.def,
	src/ocpasswd/ocpasswd-args.def, src/ocserv-args.def: doc update [ci
	skip]

2017-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2017-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c, src/auth/radius.h: radius: use the reply
	message from server on rejection That is, log it, and forward it to the worker process in order to
	deliver it to the user.  Resolves #72 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c: auth: pam: minor cleanups Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/certs/user-san-cert.pem,
	tests/common.sh, tests/data/test-san-cert.config,
	tests/test-san-cert: tests: Added check for certificate alternative
	name checking Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-24  Johannes Sjkvist <johannes@konsept-it.no>

	* doc/sample.config, src/config.c, src/ocserv-args.def,
	src/worker-auth.c: Add support for oid 2.5.29.17 RFC822Name This is needed to be able to retreive email from the Subject
	Alternative Name from the certificate.  Signed-off-by: Johannes Sjøkvist <johannes@konsept-it.no>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/acct/radius.c: radius: removed error checking from
	rc_avpair_add() When a dictionary misses an element, we would previously bail out
	and not send any following value pairs. With that change we ensure
	that we send as many value-pairs as are available in the dictionary.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker-kkdcp.c: worker: avoid sending an
	X-Reason header HTTP/1.x allows sending any arbitrary reason we would like after the
	error code. We now do that.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod.c: sec-mod: reduced level of error processing ... in
	worker commands This was providing virtually no information since more specific
	errors are typically printed prior to it.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-01-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/freeradius-users,
	tests/docker-ocserv/ocserv-radius.conf, tests/radius-test: 
	radius-test: check whether the special IP values are handled In particular we check whether 255.255.255.254 is correctly and the
	expected IP is assigned to client.

2017-01-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-fedora-fw,
	tests/docker-ocserv/Dockerfile-fedora-fw-neg,
	tests/docker-ocserv/Dockerfile-fedora-otp,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto-unix,
	tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius-config,
	tests/docker-ocserv/Dockerfile-fedora-radius-group,
	tests/docker-ocserv/Dockerfile-fedora-reload,
	tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix: tests: use fedora 25 for
	docker tests Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/radius.c: radius: handle the special Framed-IP-Address
	values That is if 0xFFFFFFFF or 0xFFFFFFFE are given ignore the value and
	ensure they are allocated from our pool.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* CONTRIBUTING.md, Makefile.am, doc/DCO.txt, doc/Makefile.am: Added
	contribution guide and require DCO Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-01-09  John Thiltges <jthiltges2@unl.edu>

	* src/ocserv-fw: ocserv-fw should send all traffic to the
	device-specific forwarding chain After adding port-specific rules to FORWARD and creating
	SEC_FORWARD_CHAIN with route-specific rules, send any remaining
	FORWARD traffic to SEC_FORWARD_CHAIN.

2017-01-09  John Thiltges <jthiltges2@unl.edu>

	* src/ocserv-fw: ocserv-fw should still create a chain if
	restrict-user-to-routes is set ocserv-fw only creates SEC_FORWARD_CHAIN if ports are being blocked.
	This leads to an error if restrict-user-to-routes is used without
	any port blocking.  Since ocserv-fw is only called if restrict-user-to-routes or -ports
	is set, remove the conditional check for creating the chain.

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: worker: increase the waiting time of cookie
	auth message This allows the connect-script to run for more time than the default
	socket timeout, and be limited by the configured authentication
	timeout ("auth-timeout").

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: improved documentation of
	user-profile option

2016-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/vpn.h, src/worker-auth.c,
	src/worker-http-handlers.c, src/worker-http.c: Send "config client"
	XML field after successful auth This allows to advertise the XML configuration file for the client
	to download, in recent openconnect clients. In addition made support
	for the client XML file unconditional (no longer depending on the
	anyconnect client compatibility flag).

2016-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: improved message on file limit update Relates #85

2016-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: when setting limits keep untouched the maximum number Relates #85

2016-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: Improve output of --version

2016-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: optimized loop in check_multiple_users That is return early, once exceeding entries have been detected.

2016-12-22  Mike Miller <mtmiller@debian.org>

	* tests/common.sh: tests: allow running tests with alternate
	OpenConnect Allow $OPENCONNECT in the caller's environment to override the
	default openconnect system installation.  Signed-off-by: Mike Miller <mtmiller@debian.org>

2016-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 888cbeabc79915d0523f37edbba9899a0f65b469 Author: Mike
	Miller <mtmiller@debian.org> Date:   Thu Dec 22 18:48:23 2016 -0800

2016-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit dc222463e0a18292c82143ed308f94c2fbae4340 Author: Mike
	Miller <mtmiller@debian.org> Date:   Thu Dec 15 15:01:39 2016 -0800

2016-12-16  Mike Miller <mtmiller@debian.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: add gnutls-bin to Debian build
	environment Signed-off-by: Mike Miller <mtmiller@debian.org>

2016-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit b18cd67917be218e154868dbdb30516f2cf7d6bb Author: Nikos
	Mavrogiannopoulos <nmav@redhat.com> Date:   Fri Dec 16 09:37:40 2016
	+0100

2016-12-15  Mike Miller <mtmiller@debian.org>

	* tests/test-gssapi: tests: allow test-gssapi to run on Debian Check for alternate filename of ntlmssp.conf on Debian-based
	systems.  Resolves #82 Signed-off-by: Mike Miller <mtmiller@debian.org>

2016-12-15  Mike Miller <mtmiller@debian.org>

	* tests/common.sh: tests: ensure unique temporary config file names Some unit tests share the same ocserv config file. Ensure that the
	file written and used by each test script has a unique name.  Resolves #83 Signed-off-by: Mike Miller <mtmiller@debian.org>

2016-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-pam, tests/test-pam-noauth: tests: coverted to bash
	tests which had bashishms

2016-12-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added Debian:stretch build

2016-12-13  Mike Miller <mtmiller@debian.org>

	* configure.ac: configure: discover pam_wrapper directory from
	pkg-config Signed-off-by: Mike Miller <mtmiller@debian.org>

2016-12-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: Makefile.am: corrected typo

2016-12-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: README.md: corrected name of pam-oath in debian Also added packages where were not previously mentioned in Debian.

2016-12-12  Mike Miller <mtmiller@debian.org>

	* README.md, doc/README-radius.md, doc/sample.config,
	src/occtl/occtl-args.def, src/ocserv-args.def,
	src/worker-proxyproto.c, tests/docker-kerberos/ocserv.conf,
	tests/docker-ocserv/ocserv-fw-neg.conf,
	tests/docker-ocserv/ocserv-fw.conf,
	tests/docker-ocserv/ocserv-otp.conf,
	tests/docker-ocserv/ocserv-proxyproto-unix.conf,
	tests/docker-ocserv/ocserv-proxyproto.conf,
	tests/docker-ocserv/ocserv-radius-config.conf,
	tests/docker-ocserv/ocserv-radius-group.conf,
	tests/docker-ocserv/ocserv-radius.conf,
	tests/docker-ocserv/ocserv-reload.conf,
	tests/docker-ocserv/ocserv-unix.conf,
	tests/docker-ocserv/ocserv.conf: Fix typos in man pages, config
	files, and comments Signed-off-by: Mike Miller <mtmiller@debian.org>

2016-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am, configure.ac, src/Makefile.am, src/ccan/Makefile.am,
	src/common.mk, src/common/Makefile.am, src/occtl/Makefile.am,
	src/ocpasswd/Makefile.am, src/pcl/Makefile.am,
	src/protobuf/Makefile.am, tests/Makefile.am: Reverted recursive make
	in src/ This simplifies the make process and allows for greater parallelism
	during build.

2016-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am, configure.ac, doc/Makefile.am,
	src/occtl/Makefile.am, src/occtl/{args.def => occtl-args.def},
	src/ocpasswd/Makefile.am, src/ocpasswd/{args.c.in =>
	ocpasswd-args.c.in}, src/ocpasswd/{args.def => ocpasswd-args.def},
	src/ocpasswd/{args.h.in => ocpasswd-args.h.in},
	src/ocpasswd/ocpasswd.c: Use unique names for autogen files This addresses issue in parallel builds caused by autogen using the
	same temporary files for both occtl and ocpasswd files.  Resolves #76

2016-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/ocpasswd/Makefile.am: use stamp files to
	allow parallel build of autogen files Autogen seems to output on the creates files gradually, something
	that makes 'make' believe that the command is complete prior to the
	output file being fully populated. The current approach uses stamp
	files to ensure that no incomplete files are used for compilation.

2016-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: update autogenerated files prior
	to make dist

2016-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: cleanups

2016-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, src/Makefile.am,
	src/ocpasswd/Makefile.am, src/ocpasswd/args.c.in,
	src/ocpasswd/args.h.in, src/ocserv-args.c.in, src/ocserv-args.h.in: 
	autogen: store and use auto-generated autogen .in files in git
	builds This simplifies the generation of the files (delegated to
	configure), and allows systems without autogen to be used to compile
	git sources.

2016-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml, src/Makefile.am, src/autogen/ocpasswd-args.c,
	src/autogen/ocpasswd-args.h, src/autogen/ocserv-args.c,
	src/autogen/ocserv-args.h, src/ocpasswd/Makefile.am: Revert
	"autogen: store and use auto-generated autogen files in git builds" This reverts commit d0908f2c522d82126f5482b59a14175d4f47fd9d.

2016-11-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: sample.config: include switch-to-tcp-timeout
	directive

2016-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.11.6

2016-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl/args.def: occtl.8: Added examples of usage

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl/args.def: occtl.8: added more info on JSON output

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added centos6 build

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.mk: common.mk: corrected path of generated static libs

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml, src/Makefile.am, src/autogen/ocpasswd-args.c,
	src/autogen/ocpasswd-args.h, src/autogen/ocserv-args.c,
	src/autogen/ocserv-args.h, src/ocpasswd/Makefile.am: autogen: store
	and use auto-generated autogen files in git builds That is, if autogen is not present in the build system use the
	stored files.

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: require automake 1.11.1 This allows ocserv to compile on Centos 6.

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: when compiled with gnutls 3.5.6 or later use its
	pre-generated DH parameters

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/tlslib.h: ocserv: pre-load the OCSP response
	file That allows the worker processes to serve OCSP responses, even when
	they have no access to the actual file.

2016-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-09-23  Andrew Patrikalakis <anrp.gitlab@anrp.net>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Automatically switch to TCP in case of no received UDP traffic and
	enable by default

2016-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/README-radius.md: doc update

2016-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/html.c: html: enhanced HTML decoding with decoding of explicit
	unicode chars

2016-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/html-escape.c: tests: added basic checks
	for HTML escaping/unescaping

2016-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/url-escape.c: tests: added basic checks
	for URL escaping/unescaping

2016-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/html.c: html: fixed URL escaping

2016-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc: point to
	README-radius.md for radius configuration attributes

2016-09-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/README-radius.md: doc: mention about NAS-Port in radius README
	file

2016-09-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/sec-mod.c, src/sec-mod.h: radius: update
	the worker's pid on subsequent updates That is, even if we initially advertize the PID of the worker
	handling the client as NAS-Port, the client may eventually end-up
	being served by another process. In that case we make sure that the
	radius server is notified on the next accounting message.

2016-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/http-heads.gperf, src/ipc.proto,
	src/main-worker-cmd.c, src/ocserv-args.def, src/vpn.h,
	src/worker-http.c, src/worker-vpn.c, src/worker.h: Use the
	X-AnyConnect-Identifier-Platform header to identify mobile clients That is, if the header contains "android" or "apple-ios" mark it as
	a mobile client. The header X-AnyConnect-Identifier-DeviceType is
	only considered for logging purposes and appended to the user-agent
	name if present.

2016-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: restrict freebsd build on ocserv
	branches This runner is not shared and cannot be taken advantage outside the
	ocserv group.

2016-09-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: bumped version

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: get_session_id: added explicit casts

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: config: more consistent printing of startup error
	and info messages

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.def,
	src/vpn.h, src/worker-http.c, src/worker-vpn.c: untied the
	cisco-client-compat option from the DTLS-LEGACY protocol Introduced instead the 'dtls-legacy' config option which can be used
	to explicitly disable the legacy DTLS protocol.

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.def,
	src/worker-vpn.c: renamed match-tls-and-dtls-ciphers to
	match-tls-dtls-ciphers

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/main.c, src/ocserv-args.def,
	src/vpn.h, src/worker-http.c, src/worker-vpn.c: Added configuration
	option 'dtls-psk' When this option is set to false, the DTLS-PSK protocol will not be
	negotiated by worker processes. The process will fallback to the
	legacy protocol in that case.

2016-09-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/worker-vpn.c: Updated the new DTLS protocol
	negotiation The server sends the X-DTLS-App-ID header in the new protocol; the
	X-DTLS-Session-ID is only used in the legacy protocol. The server
	expects the Application identifier to be placed in a TLS extension.

2016-09-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-privs.c: seccomp: add getrandom syscall to filter only
	when it is available

2016-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: worker: increased the wait time for the
	SEC_AUTH_REPLY message from sec-mod That is, to allow for authentication methods which require the user
	input prior to returning a reply.

2016-09-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Only send the X-DTLS-MTU in the legacy protocol There the DTLS ciphersuite and DTLS version are negotiated and we
	cannot accurately predict the actual tunnel size. In that case the
	client must rely on the Base-MTU.

2016-09-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: link valid-hostname with gnulib It is used by its included file.

2016-09-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocpasswd/Makefile.am: ocspasswd: compile with LIBGNUTLS_CFLAGS

2016-09-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/common/common.c, src/defs.h, src/vpn.h: added
	defs.h containing definitions from vpn.h These are the definitions used by common/ library and a split from
	vpn.h to reduce the dependencies (in headers) to common library.

2016-09-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-09-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-privs.c: seccomp: added getrandom() to the accepted
	list of calls

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/vpn.h, src/worker-http.c, src/worker-vpn.c: Use a macro for
	the DTLS-PSK protocol indicator Also corrected its usage in worker-http

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-http.c, src/worker-vpn.c: Modified the
	X-DTLS-CipherSuite parameter for PSK to PSK-NEGOTIATE This was changed so that it is explicitly made incompatible with
	existing openconnect patch. The new openconnect client patch for PSK
	negotiation is incompatible with the protocol as implemented in
	0.11.4 and requires the option match-tls-and-dtls-ciphers for its
	openssl variant.

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-http.c, src/worker-vpn.c: Added the
	match-tls-and-dtls-ciphers config option That when enable, it will prevent any DTLS negotiation other than
	the DTLS-PSK, and will ensure that the cipher/mac combination
	matches on the TLS and DTLS connections. The cisco-client-compat
	config option when disabled, it will disable the pre-draft-DTLS
	negotiation.

2016-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-gssapi: test-gssapi: use an unlikely username to avoid
	clashes That prevents the test from failing if the host system contains a
	user called 'test'.

2016-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: use gitlab.com shared runners

2016-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: added coverage badge

2016-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am: Allow disabling the tests
	requiring root This allows seamless operation on the CI.

2016-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2016-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: released 0.11.4

2016-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-http.c: removed support for chacha20-poly1305 using the
	legacy protocol

2016-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-07-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl/unix.c, src/tlslib.c, src/tlslib.h, src/worker-http.c,
	src/worker-vpn.c, src/worker.h: Enhanced the openconnect protocol
	DTLS negotiation If the client's X-DTLS-CipherSuite contains the PSK keyword, the
	server will reply with "X-DTLS-CipherSuite: PSK" and will enable
	DTLS-PSK negotiation on the DTLS channel. The ciphersuite set in the
	DTLS channel, must match the one set in TLS one. That, makes the
	protocol consistent in security properties (DTLS and TLS channel
	will match cipher/mac combinations), and allows the protocol to use
	any new DTLS versions, as well as new DTLS ciphersuites without any
	code changes.  That change still requires to client to pretend it is resuming by
	setting in the DTLS client hello the session ID provided by
	X-DTLS-Session-ID.

2016-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: NEWS: corrected typo

2016-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2016-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common-config.h: improved config macro CHECK_TRUE

2016-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/http-heads.gperf, src/ip-util.c,
	src/ip-util.h, src/main.c, src/ocserv-args.def,
	src/worker-bandwidth.c, src/worker-bandwidth.h, src/worker-http.c,
	src/worker-misc.c, src/worker-vpn.c, src/worker.h: Reworked MTU
	discovery Disable MTU discovery when not requested, set the minimum packet
	size to 1280 for IPv6 and 800 bytes for IPv4. When MTU discovery
	fails to calculate an MTU over the minimum, it disables itself and
	ocserv will rely on packet fragmentation. This also enhances DTLS
	connection detection (due to MTU issues), by setting the DPD packet
	size to equal to the current data MTU.

2016-08-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-worker-cmd.c, src/proc-search.c, src/proc-search.h: 
	update the IP and the proc table hashes when updating the proxy
	protocol IP This prevents stray pointers to the replaced IP being present in the
	proc hash table.

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/Dockerfile-fedora-client,
	tests/docker-kerberos/Dockerfile-fedora-kerberos,
	tests/docker-ocserv/Dockerfile-fedora-fw,
	tests/docker-ocserv/Dockerfile-fedora-fw-neg,
	tests/docker-ocserv/Dockerfile-fedora-otp,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto-unix,
	tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius-config,
	tests/docker-ocserv/Dockerfile-fedora-radius-group,
	tests/docker-ocserv/Dockerfile-fedora-reload,
	tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix: tests: use fedora24

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common/system.c: ocsignal: memset to zero the new sigaction

2016-07-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c: recv_from_new_fd: changed to unsigned type

2016-07-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-07-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c: recv_from_new_fd: update tmsg pointer This addresses issue where tmsg was free'd by the dtls_pull
	function, and free'd again by the caller of recv_from_new_fd.

2016-07-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c: worker: use the main buffer for receiving
	commands from main This avoids large stack allocations.

2016-07-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc: documented about
	krb5-k5tls plugin This plugin is required in Debian and Ubuntu based distributions for
	kinit to be able to use KKDCP servers. Suggested by Jochen Hein.

2016-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: open_tun() ignore EINVAL error in TUNSETGROUP ioctl() This allows ocserv to work with kernels prior to 2.6.23.  Relates #60

2016-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: tun: enable multicast mode for FreeBSD systems

2016-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: tun: move bsd-system-specific tun code to
	bsd_open_tun()

2016-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: document how a certificate
	may hold multiple groups

2016-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: tun: corrected tun device group assignment

2016-06-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/common.sh, tests/data/test-pam-noauth.config: tests: made
	pam check independent of builddir

2016-06-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: README.md: mention NSS wrapper

2016-06-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: enable pam tests only when liboath is
	present and PAM compiled in

2016-06-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: tun: use the same prefix (from the lease) in Linux and
	*BSD

2016-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, README.md, configure.ac, tests/Makefile.am,
	tests/common.sh, tests/data/pam-single/ocserv.in,
	tests/data/pam-single/passdb.templ, tests/data/pam/nss-group.in,
	tests/data/pam/nss-passwd.in, tests/data/pam/ocserv.in,
	tests/data/pam/passdb.templ, tests/data/pam/users.oath.templ,
	tests/data/test-pam-noauth.config, tests/data/test-pam.config,
	tests/data/test-pam.passwd,
	tests/docker-ocserv/Dockerfile-fedora-pam,
	tests/docker-ocserv/Dockerfile-fedora-pam-noauth,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/ocserv-pam-noauth.conf,
	tests/docker-ocserv/ocserv-pam.conf,
	tests/docker-ocserv/pam-acct-ocserv,
	tests/docker-ocserv/pam-ocserv, tests/pam-noauth-test,
	tests/pam-test, tests/test-pam, tests/test-pam-noauth: tests: pam
	tests were converted to use pam-wrapper This allows running the PAM tests without requiring root access

2016-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/acct/radius.c: radius: corrected the accounting of gigawords
	for outgoing data Previously the incoming bytes were accounted instead of the outgoing
	bytes.  Resolves #57

2016-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: When sending auth_id reply to pre-3.x clients
	use a different auth_id for username and password That is because some modified v2.x clients require that any response
	that asks for information does not have an XML form with auth_id set
	to "main".  Resolves #55

2016-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-http.c: worker: always honour the DTLS ciphersuite that
	matches the TLS ciphersuite That is, do not consider the ciphersuite priorities at all, but
	rather prefer the DTLS ciphersuite that matches the TLS one (if
	any).

2016-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/valid-hostname.c: tests: added unit test
	for valid_hostname() function

2016-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-user-config, tests/user-config/testuser: tests: check
	whether the hostname is overriden by per-user conf

2016-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/valid-hostname.c, src/worker-http.c,
	src/worker.h: ocserv: check the hostname value received by the
	client for validity

2016-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: ocserv: notify back the client about the
	hostname accepted (if any) That is, the server will populate X-CSTP-Hostname and send it back
	the the client.

2016-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ipc.proto, src/main-worker-cmd.c,
	src/ocserv-args.def, src/sup-config/file.c, src/worker-vpn.c: 
	ocserv: allow overriding hostname on the per-user configuration This allows for the administrator to set specific hostnames, or even
	empty hostname for specific users.

2016-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: worker: when advertising the IPv6 address/prefix
	use the subnet prefix That is, instead of advertising the address with the server's prefix
	advertise the IPv6 address with the prefix that is assigned to the
	client itself.

2016-06-17  Kevin Cernekee <cernekee@gmail.com>

	* src/ip-lease.c: Zero out the whole sockaddr_in6 struct when
	parsing explicit-ipv6 This initializes sin6_scope_id to 0, so that $IPV6_REMOTE doesn't
	get strings that look like: "2001:db8::1234%932152953" Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

2016-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/certs/ca-key.pem, tests/certs/ca.pem,
	tests/certs/server-cert-ca.pem, tests/certs/server-cert.pem,
	tests/certs/server-key-ossl.pem, tests/certs/server-key-p8.pem,
	tests/certs/server-key.pem, tests/certs/user-cert-invalid.pem,
	tests/certs/user-cert-testipnet.pem,
	tests/certs/user-cert-testuser.pem,
	tests/certs/user-cert-wrong.pem, tests/certs/user-cert.pem,
	tests/certs/user-cn.pem, tests/certs/user-group-cert.pem,
	tests/certs/user-group-key.pem, tests/certs/user-key.pem: tests:
	added missing certs

2016-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/firewall-neg-test, tests/firewall-test, tests/full-test,
	tests/proxyproto-test, tests/proxyproto-unix-test,
	tests/radius-test, tests/reload-info-test,
	tests/test-cookie-invalidation, tests/test-cookie-timeout,
	tests/test-multi-cookie: tests: use the .tmp suffix to pid files

2016-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: sample.config: use new paths

2016-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/data/test-ban.config,
	tests/data/test-cookie-invalidation.config,
	tests/data/test-cookie-timeout-2.config,
	tests/data/test-cookie-timeout.config,
	tests/data/test-enc-key.config, tests/data/test-enc-key2.config,
	tests/data/test-explicit-ip.config,
	tests/data/test-group-cert.config,
	tests/data/test-group-pass.config, tests/{ =>
	data}/test-group.passwd, tests/data/test-gssapi-local-map.config,
	tests/data/test-gssapi.config, tests/data/test-iroute.config,
	tests/data/test-multi-cookie.config,
	tests/data/test-pass-opt-cert.config,
	tests/data/test-pass-script.config,
	tests/data/test-sighup-key-change.config,
	tests/data/test-sighup.config, tests/data/test-stress.config,
	tests/data/test-user-cert.config,
	tests/data/test-user-config.config,
	tests/data/test-user-group-cert-no-pass.config,
	tests/data/test-user-group-cert.config, tests/data/test1.config,
	tests/{ => data}/test1.passwd, tests/data/test3.config,
	tests/test-sighup: tests: moved passwd files to data/

2016-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/common.sh, tests/{ =>
	data}/test-ban.config, tests/{ =>
	data}/test-cookie-invalidation.config, tests/{ =>
	data}/test-cookie-timeout-2.config, tests/{ =>
	data}/test-cookie-timeout.config, tests/{ =>
	data}/test-enc-key.config, tests/{ => data}/test-enc-key2.config,
	tests/{ => data}/test-explicit-ip.config, tests/{ =>
	data}/test-group-cert.config, tests/{ =>
	data}/test-group-pass.config, tests/{ =>
	data}/test-gssapi-local-map.config, tests/{ =>
	data}/test-gssapi.config, tests/{ => data}/test-iroute.config,
	tests/{ => data}/test-multi-cookie.config, tests/{ =>
	data}/test-pass-opt-cert.config, tests/{ =>
	data}/test-pass-script.config, tests/{ =>
	data}/test-sighup-key-change.config, tests/{ =>
	data}/test-sighup.config, tests/{ => data}/test-stress.config,
	tests/{ => data}/test-user-cert.config, tests/{ =>
	data}/test-user-config.config, tests/{ =>
	data}/test-user-group-cert-no-pass.config, tests/{ =>
	data}/test-user-group-cert.config, tests/{ => data}/test1.config,
	tests/{ => data}/test3.config, tests/test-append-routes,
	tests/test-ban, tests/test-cookie-invalidation,
	tests/test-cookie-timeout, tests/test-cookie-timeout-2,
	tests/test-explicit-ip, tests/test-group-cert, tests/test-gssapi,
	tests/test-iroute, tests/test-multi-cookie,
	tests/test-pass-opt-cert, tests/test-pass-script,
	tests/test-stress, tests/test-user-config: tests: moved config files
	to data/

2016-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/ca-key.pem, tests/ca.pem,
	tests/common.sh, tests/pam-noauth-test, tests/proxyproto-unix-test,
	tests/radius-test, tests/server-cert-ca.pem, tests/server-cert.pem,
	tests/server-key-ossl.pem, tests/server-key-p8.pem,
	tests/server-key.pem, tests/test-append-routes,
	tests/test-ban.config, tests/test-cert,
	tests/test-cookie-invalidation.config,
	tests/test-cookie-timeout-2.config,
	tests/test-cookie-timeout.config, tests/test-enc-key.config,
	tests/test-enc-key2.config, tests/test-explicit-ip.config,
	tests/test-get-cert, tests/test-group-cert.config,
	tests/test-group-pass.config, tests/test-gssapi,
	tests/test-gssapi-local-map.config, tests/test-gssapi.config,
	tests/test-iroute, tests/test-iroute.config,
	tests/test-multi-cookie.config, tests/test-pass-cert,
	tests/test-pass-group-cert, tests/test-pass-group-cert-no-pass,
	tests/test-pass-opt-cert, tests/test-pass-opt-cert.config,
	tests/test-pass-script.config, tests/test-sighup,
	tests/test-sighup-key-change, tests/test-sighup-key-change.config,
	tests/test-sighup.config, tests/test-stress.config,
	tests/test-user-cert.config, tests/test-user-config,
	tests/test-user-config.config,
	tests/test-user-group-cert-no-pass.config,
	tests/test-user-group-cert.config, tests/test1.config,
	tests/test3.config, tests/user-cert-invalid.pem,
	tests/user-cert-testipnet.pem, tests/user-cert-testuser.pem,
	tests/user-cert-wrong.pem, tests/user-cert.pem, tests/user-cn.pem,
	tests/user-group-cert.pem, tests/user-group-key.pem,
	tests/user-key.pem: tests: moved all certificates and keys in certs/

2016-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-fw: ocserv-fw: updated with Lance LeFlore's version

2016-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-worker-cmd.c: ocserv: better log message on terminating
	worker processes

2016-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-common.sh: tests: remove the explicit docker pull
	commands from docker-common.sh

2016-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: worker: wait for confirmation on messages sent
	during disconnect when disconnecting and sending stats and info to main and sec-mod
	ensure that messages have been processed prior to exiting. That
	makes sure that these messages are accounted and are not lost. This
	addresses issue where the stats on disconnect were not properly
	reported to sec-mod.

2016-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: sec-mod: process_packet -> process_worker_packet

2016-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-proc.c, src/script-list.h: ocserv: eliminated race
	condition with up/down scripts If a user is disconnected while the connect script is running, kill
	the script and wait for its termination. If it successfully
	terminated (exit code = 0) then run the user disconnect (down)
	script.

2016-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c, src/ocserv-args.def: doc update

2016-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/connect-script, tests/test-pass-script,
	tests/test-pass-script.config: tests: added check for
	host-update-script being run

2016-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-user.c, src/main-worker-cmd.c, src/main.c,
	src/main.h, src/ocserv-args.def, src/script-list.h, src/vpn.h: 
	ocserv: added a host-update-script config option This option will set a script to be called once the user is
	connected and provides a hostname to be used with his IP. That
	script can be used to update a DNS server or so.  Relates #39

2016-06-01  Andrew Karpow <andy@ndyk.de>

	* src/tun.c: ocserv: fix ipv6 tun control on OpenBSD This fixes ipv6 tunnel support on OpenBSD. OpenBSD network stack
	doesn't enable the multicast flag on tun devices like FreeBSD - but
	this is obligatory for ipv6.  Error message without this patch: main: tun.c:260: tun0: Error
	setting IPv6: Invalid argument Signed-off-by: Andrew Karpow <andy@ndyk.de>

2016-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-http.c: ocserv: improved old openconnect version
	detection That is enhance detection to detect openconnect version 3 and
	_earlier_.  Resolves #51

2016-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2016-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .travis.yml, README.md: Added travis automatic builds

2016-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure.ac: reduced libtasn1 dependency to 3.4 This allows building in travis systems.

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: documented the available URL handlers

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/server-cert-ca.pem, tests/test-get-cert,
	tests/test-user-cert.config: tests: added check for the CA
	certificate handler

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-http-handlers.c, src/worker-http.c, src/worker.h: 
	ocserv: added '/ca.pem' and '/ca.cer' HTTP handler This handler will return the server's CA certificate to the
	requester in PEM and DER formats.

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/m4/strcasestr.m4: strcasestr.m4: explicitly unblock SIGALRM This works around an issue in the freebsd CI which fails on this
	test.  For some reason that signal is blocked while running the
	test.

2016-05-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: ocserv: avoid calling exit() on signal handlers

2016-05-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/vpn.h: ocserv: enforce a default auth timeout
	value That is to prevent processes hanging on inactive sessions.

2016-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-worker-cmd.c: main-worker-cmd: more precise messages

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/common/Makefile.am, src/{ =>
	common}/base64-helper.c, src/{ => common}/base64-helper.h,
	src/ctl.proto, src/ipc.proto, src/main-ctl-unix.c,
	src/occtl/Makefile.am, src/occtl/unix.c, src/ocpasswd/Makefile.am,
	src/sec-mod-cookies.c: occtl: print the cookie associated with a
	user on user info This allows to map existing cookies to connected users.

2016-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/m4/memmem.m4, gl/m4/strcasestr.m4: memmem/strcasestr.m4: don't
	call exit() from signal handler

2016-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Increased the minimum acceptable MTU size under
	IPv4 This is because lower MTUs than 576 are unreasonable today, and
	RFC791 (from 1981) requires that all hosts must be prepared to
	receive 576-byte datagrams.

2016-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c, src/worker-vpn.c, src/worker.h: ocserv: on DTLS
	rehandshake or new fd reset the MTU This allows to avoid an indefinite drop of MTU without any
	possibility to reset.

2016-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc: mention that restrict-user-* are
	experimental options

2016-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: ocserv: corrected setting of UDP socket options

2016-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: doc update

2016-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-http-handlers.c: gnutls_pem_base64_encode2 was replaced
	with gnutls_pem_base64_encode_alloc The latter version is available in older GnuTLS versions than 3.4.0.

2016-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-get-cert: tests: added check for
	cert handler validity

2016-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: sec-mod: when receiving invalid headers from main,
	bail out

2016-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-http-handlers.c, src/worker-http.c, src/worker.h: 
	ocserv: added '/cert.pem' and '/cert.cer' HTTP handler This handler will return the server's certificate to the requester
	in PEM and DER formats.

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: doc update

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml, Makefile.am: .gitlab-ci.yml: enhanced separate
	build dir check with code coverage output

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/ax_code_coverage.m4: ax_code_coverage.m4: updated to latest
	version

2016-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: updated build badge

2016-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/args.def, src/ocpasswd/args.def, src/ocserv-args.def: 
	doc: updated copyright dates

2016-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-04-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocpasswd-test: ocpasswd-test: updated grep check for more
	portability across systems

2016-04-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added build rule on freebsd

2016-04-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: main: reduce UDP_FD_RESEND_TIME to 3 seconds This allows a client to reconnect the DTLS session as soon as even 3
	seconds. This addresses issue with clients turning the wifi off and
	on again, not being able to reconnect with DTLS.

2016-04-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: Moved libev initialization after daemon() and sec-mod
	process init This is because libev uses a file descriptor in FreeBSD systems (kqueue) which is closed by the kernel on fork(). That means that on
	libev deinitialization after daemon(), libev will close another
	unrelated descriptor.

2016-04-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: Revert "FreeBSD: restrict to poll or select the main
	event loop" This reverts commit 659c903369d418abf5f413b9a5275680994309b3.

2016-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: set_socket_timeout: be more verbose in error
	conditions

2016-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: ocserv: initialize ctl_fd to an invalid value This prevents issue with clear_lists() closing the 0-fd even when
	ctl_handler is not initialized.

2016-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-sec-mod-cmd.c: sec-mod: simplify the name of the security
	module to ocserv-sm

2016-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-debian-radius-config,
	tests/docker-ocserv/radiusclient-debian.conf: tests: use 127.0.0.1
	for debian radiusclient conf That is because freeradius listens to IPv4 by default.  Also
	adjusted the default log directory to match the Fedora's one and
	simplify the test.

2016-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-proxyproto,
	tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-debian-radius-config,
	tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-debian-unix: tests: updated debian
	tests to use libgnutls30

2016-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc update

2016-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, Makefile.am, README.md, configure.ac,
	m4/ax_code_coverage.m4, src/Makefile.am, src/common/Makefile.am,
	src/occtl/Makefile.am, src/ocpasswd/Makefile.am: configure: Add a
	code coverage option Configure with:   ./configure --enable-code-coverage Show coverage output with:   make && make check && make code-coverage-capture It does not take into account tests run under docker.

2016-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/common.mk, src/common/Makefile.am,
	src/occtl/Makefile.am, src/ocpasswd/Makefile.am, tests/Makefile.am: 
	Makefiles: combined the rules for local libraries

2016-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2016-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: main: close stdin and stdout as early after daemon() The reason is that in some systems daemon() may close stdin
	completely. If we delay this close and another descriptor takes the
	stdin fileno, we may end up closing a legitimate descriptor.

2016-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: FreeBSD: restrict to poll or select the main event
	loop This addresses an issue with FreeBSD and the kqueue interface.  When
	used it causes the sec-mod spawn to fail. Enabling it, it possibly
	affects the pipes generated for communication.

2016-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/setproctitle.c: setproctitle: fixed compilation issue in Linux
	systems without prctl

2016-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: updated comment

2016-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml, configure.ac, src/common/system.c,
	tests/common.sh, tests/test-enc-key.config,
	tests/test-enc-key2.config, tests/test-group-pass.config,
	tests/test-sighup-key-change.config, tests/test-sighup.config,
	tests/test-user-cert.config,
	tests/test-user-group-cert-no-pass.config,
	tests/test-user-group-cert.config, tests/test1.config,
	tests/test3.config: tests: update tests to include the running
	username/group That removes the requirement to keep a uid_wrapper specific hack in
	check_upeer_id().

2016-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-cert, tests/user-cert-invalid.pem: 
	tests: added check for connection using invalid certificate

2016-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod: corrected comment

2016-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: TODO: mention hostname override

2016-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am,
	tests/docker-ocserv/Dockerfile-fedora-radius-group,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/freeradius-users,
	tests/docker-ocserv/ocserv-radius-group.conf,
	tests/radius-group-test: tests: Added test for radius group
	receiving This tests the receiving of groups using "Class" radius attribute in
	the format "OU=group1;group2".

2016-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/sec-mod-auth.h, src/sec-mod.h: sec-mod:
	perform group checks at auth completion stage This allows to retrieve allowed groups from radius response.

2016-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/str-test2.c: tests: added check for
	trim_trailing_whitespace()

2016-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README-radius.md, src/auth/radius.c, src/auth/radius.h,
	src/str.c, src/str.h: radius: replace experimental Group-Name with
	Class attribute The current format allows to handle multiple groups and is used by
	several radius servers.  Suggested by Yick Xie.

2016-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/ocserv-args.def,
	src/sec-mod-sup-config.h: ocserv: warn when conflicting supplemental
	config options are specified That is, do not allow radius' groupconfig=true option to be combined
	with config-per-user/group. This reduces frustration since these
	options are incompatible.

2016-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-user-config, tests/user-config/testuser: tests: check
	for DNS information propagation in user config

2016-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-misc.c: worker: always free the previous msg in an fd
	update

2016-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: occtl: use '?' for unknown time

2016-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: occtl: add newline into print iroutes

2016-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c, src/sec-mod-cookies.c: sec-mod: don't set
	negative time into last_modified field

2016-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: main: don't require a full handshake packet when
	forwarding UDP session That is, to allow any small DPD packets to be sent to the correct
	worker process.

2016-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2016-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common/common.c, src/main-sec-mod-cmd.c,
	src/main-worker-cmd.c, src/worker-auth.c: reduced logging verbosity
	in certain common failures

2016-03-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc: mention the ip_address option

2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl/unix.c: occtl: correctly print last modified field

2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c, src/worker-vpn.c, src/worker.h: worker:
	improved exit reason reporting for server disconnects

2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common/common.c, src/main-ctl-unix.c, src/main-worker-cmd.c,
	src/occtl/unix.c, src/sec-mod.c, src/worker-misc.c: Improved error
	message propagation due to new combined APIs This amends 8892eb19343be110cb38ff783620b252a6f0a409

2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/sec-mod-cookies.c, src/sec-mod-db.c,
	src/sec-mod.h: sec-mod: do not export expired entries to cookies
	list op Also combined macro to determine expired entries.

2016-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2016-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/occtl.c, src/occtl/occtl.h, src/occtl/unix.c: occtl:
	split show cookies to all and valid

2016-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/ipc.proto, src/main-ctl-unix.c,
	src/occtl/unix.c, src/sec-mod-cookies.c: ipc: pass the connection
	status as integer Conversion to textual form now happens at the client (occtl) instead
	of the main server.

2016-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common/common.c, src/common/common.h, src/main-ctl-unix.c,
	src/main-sec-mod-cmd.c, src/main-worker-cmd.c, src/main.h,
	src/occtl/unix.c, src/sec-mod-auth.c, src/sec-mod-cookies.c,
	src/sec-mod.c, src/tlslib.c, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c, src/worker-resume.c, src/worker-vpn.c,
	src/worker.h: use a single format for all messages simplifying
	server That patch also combines all the message generation or receiving
	functions for to allow easier modifications to the format.

2016-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/common/common.c, src/common/common.h,
	src/ipc.proto, src/main-ctl-unix.c, src/main-sec-mod-cmd.c,
	src/main.h, src/occtl/Makefile.am, src/occtl/ctl.h,
	src/occtl/hex.c, src/occtl/hex.h, src/occtl/occtl.c,
	src/occtl/occtl.h, src/occtl/unix.c, src/sec-mod-auth.c,
	src/sec-mod-cookies.c, src/sec-mod.c, src/sec-mod.h, src/vpn.h: 
	Added occtl command to display cookies This allows to display and examine valid cookies from occtl.

2016-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/haproxy-proxyproto.cfg: tests: fixed
	proxyproto test on debian

2016-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc: eliminated references
	to HOSTNAME It was never available in the up/down scripts.

2016-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-tcp: tests: updated debian
	docker file

2016-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/design.md, src/common/common.c, src/ipc.proto,
	src/main-auth.c, src/main-sec-mod-cmd.c, src/sec-mod-auth.c,
	src/sec-mod-sup-config.h, src/sec-mod.c, src/sec-mod.h,
	src/sup-config/file.c, src/sup-config/radius.c, src/tlslib.c,
	src/vpn.h, src/worker-auth.c, src/worker-vpn.c: use more consistent
	naming in internal messages

2016-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/vpn.h, src/worker-auth.c, src/worker-http.c: 
	worker: don't log the SID in normal debugging levels

2016-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-http.c: worker: censor the DTLS master secret header as
	well

2016-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-worker-cmd.c, src/worker-vpn.c: worker:
	pass received hostname to user via SESSION_INFO msg

2016-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-sec-mod-cmd.c, src/sec-mod-auth.c,
	src/sec-mod.h, src/worker-auth.c: Eliminated hostname handling in
	sec-mod This value never reached sec-mod as it is only get known after
	session is initiated by the client (i.e., after auth_rep message is
	received).

2016-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-proc.c, src/main-sec-mod-cmd.c: main: overwrite the SID
	after removing a proc struct and on received packets That's because it is a sensitive value that can be used to resume
	existing sessions. I should have used the fork+exec model in main.

2016-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-sec-mod-cmd.c: run_sec_mod: close unused sync fd

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: worker-privs: added getpid to the list of
	allowed syscalls

2016-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main.c, src/main.h, src/worker-misc.c,
	src/worker.h: worker: replaced the timeout-based session forwarding
	with a validity checking That checks whether the first packet received in the new session is
	valid and if true, accept the new fd. This avoids the mess with
	validity detection based on timeouts.

2016-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h: Increased the SID (cookie) size to 256-bits

2016-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-cookie-rotation,
	tests/test-cookie-rotation.config: tests: removed cookie key
	rotation check It is no longer applicable.

2016-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/design.md, doc/sample.config, src/Makefile.am,
	src/common/common.c, src/config.c, src/cookies.c, src/cookies.h,
	src/ipc.proto, src/main-auth.c, src/main-proc.c,
	src/main-sec-mod-cmd.c, src/main-user.c, src/main-worker-cmd.c,
	src/main.c, src/main.h, src/ocserv-args.def, src/sec-mod-auth.c,
	src/sec-mod-sup-config.c, src/sec-mod.c, src/sec-mod.h, src/vpn.h,
	src/worker-auth.c, src/worker-http-handlers.c, src/worker-http.c,
	src/worker-misc.c, src/worker-resume.c, src/worker-vpn.c,
	src/worker.h: Simplified cookie handling This change set eliminates the need for cryptographically
	authenticated cookies and relies on sec-module providing accurate
	information on the SID provided by the client.

2016-02-21  Bjrn Ketelaars <bjorn.ketelaars@hydroxide.nl>

	* src/common/system.c: strerror was declared implicit. Pull in
	header

2016-02-21  Bjrn Ketelaars <bjorn.ketelaars@hydroxide.nl>

	* src/tun.c: remove unused variables

2016-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-user-config,
	tests/user-cert-testipnet.pem, tests/user-config/testipnet: tests:
	check the ipv4-network directive from user config

2016-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sup-config/file.c: sup-config/file: Addressed issue with
	ipv4-network not reading prefix That is the syntax now accepts options such as: "ipv4-network =
	x.x.x.x/y". Reported by Frank Rosquin.

2016-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: allow compilation with included protobuf

2016-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.mk, src/ocpasswd/Makefile.am: Allow compilation with
	local libopts

2016-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/common/Makefile.am,
	src/occtl/Makefile.am: allow compilation with included protobuf

2016-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-proc.c: main: fixed issue with disconnection reason
	logging It was logged before it was made known.

2016-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/proc-search.c, src/proc-search.h: Renamed
	proc_search_ip() to proc_search_single_ip() This better reflects the purpose of the function and will prevent
	misuse.

2016-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common/common.c: overwrite the memory of every packed message

2016-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/cookies.h, src/ocserv-args.def: increased
	the default cookie rekey time to 3 days

2016-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: occtl: fixed compilation issue in OpenBSD Reported by Björn Ketelaars.

2016-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: tun: fixed compilation issue in OpenBSD Reported by Björn Ketelaars.

2016-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: released 0.11.0

2016-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2016-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: depend on radcli 1.2.5 Previous versions have a bug which caused crashes under certain
	circumstances.

2016-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: allow compilation without http-parser
	lib

2016-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/human_addr.c: tests: added check for
	human_addr() output

2016-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-util.c, src/ip-util.h, src/log.c, src/vpn.h: moved
	human_addr2() to ip-util.c

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: tlslib: don't use GNUTLS_X509_CRT_LIST_SORT; it is
	buggy

2016-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-proxyproto,
	tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-debian-radius-config,
	tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-debian-unix: tests: reference debian
	testing by name

2016-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: config: increased the
	default auth-timeout value to 4mins This provides slow users more time to enter their username,
	password.

2016-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common/Makefile.am, src/occtl/Makefile.am: Allow compilation
	without http-parser library

2016-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: config: put kkdcp options
	into brackets That is not necessary for the existing examples, but may be in
	future ones, as they may contain characters that libopts doesn't
	like.

2016-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.11.0rc1

2016-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test-config: tests: increase timeout for radius
	accounting report

2016-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version to rc1

2016-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common/common.c, src/common/common.h, src/main-ctl-unix.c,
	src/main-sec-mod-cmd.c, src/main.h, src/occtl/unix.c,
	src/sec-mod-auth.c, src/sec-mod.c, src/tlslib.c, src/worker-auth.c,
	src/worker-resume.c, src/worker-vpn.c, src/worker.h: Use 32-bit
	length variable for transferring between occtl and ocserv This allows to handle the transfer of long data between ocserv and
	occtl.  Reported by Liviu.  Resolves #29

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/common/common.c, src/icmp-ping.c,
	src/main-ctl-unix.c, src/worker-privs.c, src/worker-vpn.c: replaced
	select() calls will poll() calls This allows to handle descriptors more than the maximum limit
	allowed by select(), and thus handle more clients than 1024.

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: human_addr2: Avoid the usage of getnameinfo and use the
	simpler inet_ntop This simplifies the function.

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common/common.c, src/worker-misc.c: Added sanity checks to
	CMSG_DATA() access

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ban.c: main: fixed IP unbanning

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl/unix.c: occtl: corrected the printing of IPv4 IP ban
	points

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: main: don't exit on setrlimit() failures Exiting would prevent operation under valgrind.

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-unix.c: main: don't attempt to access client
	configuration if not already set This prevents crash introduced by
	cefd77b6336fd358f1d3c4c8731a28ac6b91d5b0

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: ip-lease: do not attempt to calculate more than
	FIXED_IPS predictable IPs per user That allows to have an unlimited number of connections per user.

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-proc.c: Immediately terminate on session_close() error This is not a recoverable error.

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: main: terminate sec-mod after every worker process has
	been sent a signal That is to reduce any possible timeouts caused by a defunc sec-mod
	on termination.

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod.c: sec-mod: ensure keys are always initialized to NULL Addresses crash due to b6df22c8c300b4aa7f2c678bce2b4dd7b55e1779

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-sighup-key-change,
	tests/test-sighup-key-change.config: tests: fixed
	test-sighup-key-change to be able to cope with diffent build dir

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: main: destroy the event loop on fork This reduces memory used by worker processes.

2016-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/main.h, src/script-list.h: main: ensure we call
	ev_child_stop() on child cleanup handlers

2016-01-26  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-http-handlers.c, src/worker-vpn.c, src/worker.h: Return
	HTML error message on 404 Currently ocserv's 404 errors show up as a blank page in most web
	browsers.  Add a simple HTML error page.

2016-01-26  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-http-handlers.c: Use helper functions to send common
	HTTP headers/responses Factor out duplicated code in the AnyConnect compatibility handlers.

2016-01-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-01-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-sighup-key-change: tests: added
	check for certificate update on reload

2016-01-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/main.c, src/ocserv-args.def,
	src/sec-mod.c, src/tlslib.c, src/tlslib.h: Reload the certificates
	and private keys on SIGHUP Until now this part of the configuration was static, but there is
	the need to reload certificates and keys, e.g., on renewal.

2016-01-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.h: main.h: corrected typo in comment

2016-01-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc: document that
	ocserv-fw requiring options are available in Linux systems only

2016-01-24  Kevin Cernekee <cernekee@gmail.com>

	* src/main-user.c: Add default case for 'restrict-user-to-ports'
	switch This fixes a compiler warning:       CC       main-user.o     main-user.c: In function ‘call_script’:     main-user.c:215:7: warning: ‘ret’ may be used uninitialized
	        in this function [-Wmaybe-uninitialized] if (ret < 0) {            ^     main-user.c:66:6: note: ‘ret’ was declared here       int ret;           ^ It's not really necessary because proto gets checked when the option
	is parsed, but gcc doesn't know that.

2016-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: moved radius to main dependencies

2016-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl/occtl.c: occtl: updated copyright text

2016-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc: added more info on
	isolate-workers

2016-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: TODO: removed already handled issue

2016-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: tlslib: abstracted
	the recv_packet functions

2016-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: tls_recv ->
	cstp_recv

2016-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker: use DEFAULT_SOCKET_TIMEOUT and remove
	SOCKET_TIMEO_SECS

2016-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-proxyproto.c: proxyproto: use force_read_timeout() to
	ensure reconstruction of packets

2016-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: cleaned up the fatal
	error checking in TLS/DTLS sessions

2016-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test-config: tests: fixed issues in
	radius-test-config

2016-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius-config,
	tests/radius-test: tests: enhanced the radius checks to test for
	Connect-Info presence

2016-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main.c, src/ocserv-args.def: ocserv: added the
	--test-config command line option This allows to test a configuration file for being valid without
	starting the server.

2016-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: worker: handle EOF during HTTP header parsing

2016-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: tls_recv() will retry on EINTR

2016-01-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/acct/radius.c, src/sec-mod-auth.c, src/sec-mod-db.c,
	src/sec-mod.h, src/sup-config/file.c: radius: send user agent
	information as Connect-Info on accounting start Relates #26

2016-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-debian-radius-config,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/radiusclient-debian.conf: tests: updated radius
	tests for Debian

2016-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c, src/worker-auth.c: radius: more careful checks
	around the user_agent access

2016-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README-radius.md: README.radius: added Connect-Info attribute

2016-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: doc update [ci skip]

2016-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/acct/pam.c, src/acct/radius.c, src/auth/gssapi.c,
	src/auth/pam.c, src/auth/plain.c, src/auth/radius.c,
	src/auth/radius.h, src/ipc.proto, src/sec-mod-acct.h,
	src/sec-mod-auth.c, src/sec-mod-auth.h, src/sec-mod.h,
	src/worker-auth.c, src/worker.h: radius: send user agent information
	as Connect-Info That allows the radius server to store information on particular
	client. Resolves #26

2016-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: send_stats_to_secmod() is called as soon as
	possible This allows us to send the client assigned IP to radius server as
	soon as it is available, rather than waiting a full interim_update
	cycle.

2016-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-http.c, src/worker-vpn.c, src/worker.h: Updated support
	for chacha20-poly1305 It was modified to support the PSK variant of the algorithm because
	draft-ietf-tls-chacha20-poly1305-03 doesn't define an RSA variant.
	It was tested to interoperate with openconnect/gnutls.

2016-01-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker: Prevent any frozen worker processes by
	killing them on inactivity That is, introduced an alarm() call at the worker periodic check,
	which will only get triggered if a very long timeout has occurred
	without the loop being completed.

2016-01-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/main-auth.c, src/{main-misc.c =>
	main-worker-cmd.c}: main: introduced main-worker-cmd.c

2016-01-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/main-sec-mod-cmd.c: moved run_sec_mod() to
	main-sec-mod-cmd.c

2016-01-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/main-misc.c, src/main-proc.c: moved proc
	creation and deinitialization at main-proc.c

2016-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: released 0.11.0rc0

2016-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker: use the state buffer for HTTP requests

2016-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: worker: enforce a default socket timeout for TCP
	and UDP sockets That is because, although we  use select() to see whether a call to
	recv() would block, there are certain cases in Linux where recv()
	blocks even though select() notified of available data. Reported by
	Yick Xie.

2016-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: don't attempt to open per_user_dir if it is NULL Nor attempt to close a NULL handle. This addresses a crash in
	certain libc's.

2016-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: When receiving from
	unix socket attempt to reconstruct the CSTP packets That is because it may happen that the sender sends a complete
	packet into multiple chunks. Resolves #22

2016-01-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: set_tun_mtu: print the mtu size on failed
	assignment

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README-radius.md: README-radius: added more text for
	Framed-Route format

2015-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ban.c, src/main-ban.h: correctly print the IP of
	addresses added to ban list

2015-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: added radcli dependency

2015-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-proxyproto,
	tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-debian-radius-config,
	tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-debian-unix: tests: use libradcli4 in
	debian builds

2015-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-http-handlers.c, src/worker-http.c,
	src/worker-vpn.c, src/worker.h: Prior to sending profile files,
	perform cookie authentication That allows to read the per-user config file, and prevent a null
	pointer dereference. Reported by Yick Xie.

2015-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: improved logged messages for certificate auth

2015-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c, src/vpn.h, src/worker-http.c: Don't print any cookie
	data unless debug level is set to be over 8 That prevents adding into debugging logs sensitive data which can be
	used to resume sessions.

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: When max-clients is set adjust the file descriptor
	limits accordingly This also increases the default number of descriptors to 4k.

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl/occtl.h,
	src/occtl/print.c, src/occtl/unix.c, src/vpn.h: occtl: print the
	restricted ports for the client

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/common/Makefile.am, src/{common =>
	}/ctl.proto, src/occtl/Makefile.am: protocol buffers generated
	sources for ctl were moved to libipc

2015-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/ipc.proto, src/main-ctl-unix.c,
	src/main-misc.c, src/main-sec-mod-cmd.c, src/main.c, src/main.h,
	src/sec-mod-auth.c, src/{main-resume.c => sec-mod-resume.c},
	src/sec-mod-resume.h, src/sec-mod.c, src/sec-mod.h,
	src/worker-resume.c: TLS session resumption database was moved to
	sec-mod This reduces the number of sensitive data available to main process.
	Resolves #21

2015-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: doc update

2015-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/otp-test, tests/pam-noauth-test, tests/pam-test,
	tests/proxyproto-unix-test, tests/radius-test, tests/unix-test: 
	tests: kill politely openconnect in all docker tests

2015-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/proxyproto-test: tests: proxyproto-test: kill openconnect
	more politely and give it few seconds before checking output

2015-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/firewall-neg-test, tests/firewall-test, tests/full-test,
	tests/proxyproto-test, tests/proxyproto-unix-test,
	tests/reload-info-test: tests: use consistent name for PID file

2015-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-fw: ocserv-fw: removed unneeded variable

2015-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/ocserv-fw-neg.conf,
	tests/docker-ocserv/ocserv-reload.conf, tests/firewall-neg-test: 
	tests: corrected routes in ocserv-fw-neg and ocserv-reload tests Also simplified the ocserv-fw-neg test by not checking whether the
	follow up script was run. This is part of the -fw test.

2015-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl/occtl.c, src/occtl/occtl.h, src/occtl/unix.c: occtl:
	added command 'show iroutes' This command will list all iroutes currently available.  Resolves
	#20

2015-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-fw: ocserv-fw: added license

2015-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/docker-ocserv/Dockerfile-fedora-fw,
	tests/docker-ocserv/Dockerfile-fedora-fw-neg,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/ocserv-fw-neg.conf, tests/firewall-neg-test: 
	tests: added check for restrict-user-to-ports negation options

2015-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config-ports.c, src/ipc.proto,
	src/main-user.c, src/ocserv-args.def, src/ocserv-fw,
	tests/port-parsing.c: Enhanced configuration option
	'restrict-user-to-ports' This enhancement allows to negate the rules and allow the user
	connecting to all ports except the specified.

2015-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/docker-ocserv/Dockerfile-fedora-reload,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/ocserv-reload.conf, tests/reload-info-test: 
	tests: added check for proper operation after SIGHUP This test checks whether we can retrieve user information even after
	a SIGHUP (the time where the old config is invalidated).

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-http.c: Added /VPN to the list of known URLs for auth This URL is used by certain versions of the anyconnect client.
	Reported by sskaje.

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/unix.c: occtl: use dash for no-dtls message to make it
	more consistent with other output

2015-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: don't issue warnings that make
	compilation with libev impossible

2015-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common/common.c, src/common/common.h, src/common/ctl.proto,
	src/main-ctl-unix.c, src/main-ctl.h, src/main-misc.c,
	src/main-sec-mod-cmd.c, src/main-user.c, src/main.c, src/main.h,
	src/occtl/ctl.h, src/occtl/occtl.c, src/occtl/occtl.h,
	src/occtl/unix.c, src/sec-mod-auth.c: Added occtl command 'show
	events', as well as the corresponding command in main This allows the main process to handle a single listener which will
	get all information about new and disconnecting users.

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-unix.c, src/main-misc.c, src/main.c, src/main.h,
	src/worker-misc.c, src/worker-vpn.c, src/worker.h: main: allow
	multiple clients in control channel (occtl)

2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, README.md, configure.ac, src/Makefile.am,
	src/main-ctl-unix.c, src/main-ctl.h, src/main-misc.c,
	src/main-resume.c, src/main.c, src/main.h, src/script-list.h,
	tests/docker-kerberos/Dockerfile-fedora-client,
	tests/docker-kerberos/Dockerfile-fedora-kerberos,
	tests/docker-ocserv/Dockerfile-debian-proxyproto,
	tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-debian-radius-config,
	tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-debian-unix,
	tests/docker-ocserv/Dockerfile-fedora-otp,
	tests/docker-ocserv/Dockerfile-fedora-pam,
	tests/docker-ocserv/Dockerfile-fedora-pam-noauth,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto-unix,
	tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius-config,
	tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix: Master process was
	converted to use libev

2015-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/log.c, src/main-ctl-unix.c, src/main-misc.c,
	src/main-sec-mod-cmd.c, src/main.c, src/main.h, src/sec-mod.c,
	src/sec-mod.h, src/tlslib.c, src/vpn.h, src/worker-vpn.c: Added
	reference counting to configuration values.  That is, to allow referencing to these values from proc_st without
	fearing of them being invalidated on a config reload. We perform a
	cleanup of these values on the server periodic check.

2015-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config-ports.c: config-ports: added error checking on talloc

2015-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: README.md: added liboath dependency

2015-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc: list 'route=default'
	as an example

2015-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test, tests/kerberos-test, tests/otp-test,
	tests/pam-noauth-test, tests/pam-test, tests/proxyproto-test,
	tests/proxyproto-unix-test, tests/radius-test, tests/unix-test: 
	tests: use a common macro to obtain docker image IP address

2015-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-common.sh, tests/docker-ocserv/Dockerfile-fedora-fw,
	tests/docker-ocserv/ocserv-fw.conf, tests/firewall-test: tests:
	check restrict-user-to-ports in firewall-test

2015-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/port-parsing.c: tests: Added check for
	port parser

2015-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/Makefile.am, src/common-config.h,
	src/config-ports.c, src/config.c, src/ipc.proto,
	src/main-sec-mod-cmd.c, src/main-user.c, src/ocserv-args.def,
	src/ocserv-fw, src/sup-config/file.c, src/vpn.h: Added configuration
	option 'restrict-user-to-ports' This option is intended to allow restricting users to accessing
	specific ports once they enter the VPN. The rules set using this
	option will be enforced by the ocserv-fw script.

2015-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/vpn.h: removed unused structure

2015-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/subconfig.c: eliminated double null check

2015-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: README.md: added gssntlmssp as a dependency

2015-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc: document the behavior
	of restrict-user-to-routes in case of defaultroute

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: include ocserv-fw

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-iroute, tests/test-iroute.config: tests: check for
	%{RI} validity in test-iroute

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/common.sh, tests/test-cert: tests: check for sever exit in
	test-cert

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/COPYING.gplv3, libopts/COPYING.lgplv3,
	libopts/COPYING.mbsd, libopts/Makefile.am, libopts/README,
	libopts/ag-char-map.h, libopts/alias.c, libopts/ao-strs.c,
	libopts/ao-strs.h, libopts/autoopts.c, libopts/autoopts.h,
	libopts/autoopts/options.h, libopts/autoopts/project.h,
	libopts/autoopts/usage-txt.h, libopts/boolean.c, libopts/check.c,
	libopts/compat/compat.h, libopts/compat/pathfind.c,
	libopts/compat/windows-config.h, libopts/configfile.c,
	libopts/cook.c, libopts/enum.c, libopts/env.c, libopts/file.c,
	libopts/find.c, libopts/genshell.c, libopts/genshell.h,
	libopts/gettext.h, libopts/init.c, libopts/intprops.h,
	libopts/libopts.c, libopts/load.c, libopts/m4/libopts.m4,
	libopts/m4/liboptschk.m4, libopts/m4/stdnoreturn.m4,
	libopts/makeshell.c, libopts/nested.c, libopts/numeric.c,
	libopts/option-value-type.c, libopts/option-xat-attribute.c,
	libopts/parse-duration.c, libopts/parse-duration.h,
	libopts/pgusage.c, libopts/proto.h, libopts/putshell.c,
	libopts/reset.c, libopts/restore.c, libopts/save.c, libopts/sort.c,
	libopts/stack.c, libopts/stdnoreturn.in.h, libopts/streqvcmp.c,
	libopts/text_mmap.c, libopts/time.c, libopts/tokenize.c,
	libopts/usage.c, libopts/version.c: libopts: updated to 5.18.6

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: .gitignore: ignore more auto-generated files

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-append-routes,
	tests/test-user-config.config: tests: check whether append-routes
	directive works

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/main-sec-mod-cmd.c, src/main.h,
	src/ocserv-args.def, src/vpn.h: Added config option 'append-routes' If set to true it will restore the old configuration semantics of
	appending the global routes to per user/group config.

2015-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/Dockerfile-fedora-client: tests: removed
	ipv6 functionality check from kerberos test

2015-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-cookie-invalidation: tests: test-cookie-invalidation
	add a time wait after client termination That ensures that the client is already terminated when the final
	check starts.

2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/freeradius-users,
	tests/docker-ocserv/radius-clients.conf: tests: updated radius
	config files for f23

2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Allow matching passwords of format
	<xxx_password> in client's login message

2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, src/ipc.proto, src/main-auth.c,
	src/main-ctl-unix.c, src/main-sec-mod-cmd.c, src/main-user.c,
	src/main.h, src/ocserv-args.def, src/route-add.c,
	src/sec-mod-auth.c, src/sup-config/file.c, src/sup-config/radius.c,
	src/worker-auth.c, src/worker-http-handlers.c, src/worker-misc.c,
	src/worker-vpn.c, src/worker.h: Simplified per-user/group
	configuration handling We now use a common structure in SESSION_REPLY and AUTH_REP
	messages. That structure is generated by sec-mod and forwarded by
	main to worker, thus eliminating the need to create passing code for
	each new user-config variable being added.

2015-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: doc update

2015-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-fw: ocserv-fw: when called with --removeall exit
	immediately after action

2015-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/docker-common.sh,
	tests/docker-ocserv/Dockerfile-fedora-fw,
	tests/docker-ocserv/fw-script, tests/docker-ocserv/ocserv-fw.conf,
	tests/firewall-test, tests/full-test: tests: check whether the
	firewall rules have been applied with restrict-user-to-routes

2015-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-user.c: prior to execl() scripts set stdout to be our
	stderr to avoid confusing scripts

2015-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common/ctl.proto, src/config.c, src/ipc.proto,
	src/main-ctl-unix.c, src/main-sec-mod-cmd.c, src/main-user.c,
	src/occtl/unix.c, src/ocserv-args.def, src/ocserv-fw,
	src/sup-config/file.c, src/vpn.h: Added configuration option
	restrict-user-to-routes This option, if set, will call /usr/bin/ocserv-fw for each user
	connecting, i.e., adding firewall restrictions based on its allowed
	routes.

2015-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/ocserv-fw: ocserv-fw: Added script to
	restrict clients to their allowed routes That is when called as a connect/disconnect script it restricts the
	client to the routes it is allowed to see, and prevents it from
	accessing anything else.

2015-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/connect-script, tests/test-pass-script.config: tests: check
	whether the routes and DNS servers are set in scripts

2015-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: If running the local script fails due to signal handle
	that as non-zero exit status

2015-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/main-user.c, src/ocserv-args.def: scripts:
	export the routes,no-routes and dns servers

2015-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/ban-ips.c, tests/ipv4-prefix.c,
	tests/ipv6-prefix.c, tests/json-escape.c, tests/kkdcp-parsing.c,
	tests/str-test.c: tests: avoid source dependencies from other dirs
	in Makefile That causes compilation errors under certain cirquimstances.

2015-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: added cwrap libs as dependencies

2015-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/common.sh, tests/test-cert, tests/test-enc-key,
	tests/test-enc-key.config, tests/test-enc-key2.config,
	tests/test-group-pass, tests/test-group-pass.config,
	tests/test-pass, tests/test-pass-cert, tests/test-pass-group-cert,
	tests/test-pass-group-cert-no-pass, tests/test-sighup,
	tests/test-sighup.config, tests/test-user-cert.config,
	tests/test-user-group-cert-no-pass.config,
	tests/test-user-group-cert.config, tests/test1.config,
	tests/test3.config: tests: modified cwrap tests to run from
	different builddir

2015-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common/ctl.proto, src/main-ctl-unix.c, src/occtl/unix.c: pass
	DPD and keepalive values to occtl

2015-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: run all checks on build systems

2015-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/common/system.c, tests/Makefile.am,
	tests/common.sh, tests/test-cert, tests/test-enc-key,
	tests/test-enc-key.config, tests/test-enc-key2.config,
	tests/test-group-cert, tests/test-group-cert.config,
	tests/test-group-pass, tests/test-group-pass.config,
	tests/test-pass, tests/test-pass-cert, tests/test-pass-group-cert,
	tests/test-pass-group-cert-no-pass, tests/test-sighup,
	tests/test-sighup.config, tests/test-user-cert.config,
	tests/test-user-group-cert-no-pass.config,
	tests/test-user-group-cert.config, tests/test1.config,
	tests/test3.config: tests: converted part of the test suite to run
	with cwrap That allows several tests to run as non-root.

2015-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: relocated confusing message on user logged in

2015-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cookie-invalidation, tests/test-cookie-timeout,
	tests/test-multi-cookie: tests: use more sensible names for pid
	files

2015-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-cookie-rotation,
	tests/test-cookie-rotation.config: tests: added check to verify the
	proper operation of cookie key rotation

2015-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/common/common.c, src/config.c,
	src/cookies.h, src/ipc.proto, src/main-auth.c,
	src/main-sec-mod-cmd.c, src/main.c, src/main.h,
	src/ocserv-args.def, src/sec-mod.c, src/sec-mod.h, src/vpn.h: Added
	cookie key rotation

2015-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/route-add.c: route-add: added more sensible version of
	system()

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/route-add.c: prior to calling system set the default signal
	mask

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/Dockerfile-fedora-client,
	tests/docker-kerberos/Dockerfile-fedora-kerberos,
	tests/docker-ocserv/Dockerfile-fedora-otp,
	tests/docker-ocserv/Dockerfile-fedora-pam,
	tests/docker-ocserv/Dockerfile-fedora-pam-noauth,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto-unix,
	tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius-config,
	tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix: tests: use fedora 23 for
	docker images

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: document testing dependencies

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/route-add.c, src/route-add.h: A failure to
	apply iroutes is propagated and login is denied

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/design.md: design.md: document a possible optimization in IPC
	protocol

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/{worker-extras.c => worker-http-handlers.c}: 
	worker-extras -> worker-http-handers

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl/Makefile.am: occtl: include files from generated common
	dir

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: remove CCAN sources - we already link to
	libccan.a

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am: don't export LIBTALLOC_CFLAGS when
	using the included

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: use proper cflags after code refactor

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common/Makefile.am: common: include upper dir for
	auto-generated headers

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/common/Makefile.am: finish move of ctl.proto
	to common/

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common/Makefile.am: common: Added missing file

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/worker-privs.c: cstp_send_file: use system calls
	instead of libc for open/read That simplifies the handling of seccomp rules.

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/common/cloexec.c,
	src/common/cloexec.h, src/{ => common}/common.c, src/{ =>
	common}/common.h, src/{ => common}/ctl.proto, src/{ =>
	common}/system.c, src/{ => common}/system.h, src/occtl/Makefile.am: 
	move common sources to common/

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/c-ctype.c, gl/c-ctype.h, gl/cloexec.c,
	gl/cloexec.h, gl/close.c, gl/dup2.c, gl/fcntl.c, gl/fcntl.in.h,
	gl/fd-hook.c, gl/fd-hook.h, gl/getdtablesize.c, gl/m4/close.m4,
	gl/m4/dup2.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl.m4, gl/m4/fcntl_h.m4,
	gl/m4/getdtablesize.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/unistd.c: gnulib:
	remove all fcntl/open/etc compatibility functions

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: cannot build with
	--with-local-talloc - it conflicts with system header

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: don't use --enable-local-libopts
	on minimal build It cannot be used everywhere.

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, configure.ac, src/Makefile.am, src/ccan/Makefile.am,
	src/occtl/Makefile.am: ccan: build as an included library

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, configure.ac, src/Makefile.am, src/occtl/Makefile.am,
	src/protobuf/Makefile.am: use an intermediate protobuf library for
	the included protobuf sources

2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added build check with minimal
	setup

2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/ipc.proto, src/main-auth.c,
	src/main-sec-mod-cmd.c, src/ocserv-args.def, src/sup-config/file.c,
	src/vpn.h, src/worker-vpn.c: Added configuration option
	tunnel-all-dns

2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: use 'secondary_password' as name for any
	additional XML password fields

2015-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/design.md, src/ipc.proto: Added a draft design document

2015-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: compile and run make check with
	libasan

2015-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ban-ips.c: tests: ensure there are no leaks in ban-ips

2015-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocpasswd/ocpasswd.c: ocpasswd: ensure there are no leaks

2015-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.h, tests/Makefile.am, tests/ban-ips.c: tests: added unit
	test for IPv4 and IPv6 address banning

2015-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-user-config, tests/user-config/testuser: tests: check
	whether max-same-clients is considered in per-user-config

2015-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/ocserv-radius.conf: tests: provide a correct
	route in radius test/fixes ipv6 ping issue

2015-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2015-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-user-config,
	tests/test-user-config.config, tests/user-config/testuser: tests:
	added check for setting user-specific configuration options (DPD,
	Keepalive) That also checks whether the 'expose-iroutes' option is working as
	expected.

2015-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ipc.proto, src/main-auth.c,
	src/main-sec-mod-cmd.c, src/ocserv-args.def, src/sup-config/file.c,
	src/vpn.h, src/worker-auth.c: Added user-specific configuration
	options dpd, mobile-dpd, keepalive, max-same-clients

2015-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ban.c: corrected usage of human_addr2()

2015-11-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2015-11-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ban.c: treat a /64 block of IPv6 addresses as a single
	address That is, for banning purposes. Note that this is absurd but that's
	the current best practice for IPv6.

2015-11-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ipv6-prefix.c: tests: corrected header in ipv6-prefix

2015-11-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, tests/full-test, tests/radius-test: for the
	default IPv6 address, ensure we don't use the network address The former seems to confuse the linux kernel.

2015-11-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ctl.proto, src/main-ban.c, src/main-ban.h,
	src/main-ctl-unix.c, src/main-misc.c, src/main-sec-mod-cmd.c,
	src/occtl/unix.c: ip banning: entries hold in raw IP format rather
	than textual

2015-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-proxyproto,
	tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-debian-radius-config,
	tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-debian-unix: tests: use
	debian:testing for tests

2015-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: Use /128 as default IPv6 prefix to be backwards
	compatible

2015-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: removed text on sending profiling info

2015-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/route-add.c: route-add: corrected CIDR route macro to conform
	to documentation

2015-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/Makefile.am: occtl: restrict common sources to minimum
	necessary

2015-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/Makefile.am, src/{common-json.c => occtl/json.c},
	src/{common-json.h => occtl/json.h}, src/occtl/print.c,
	tests/Makefile.am, tests/json-escape.c: moved JSON functionality to
	occtl/ as it was the only user

2015-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac: updated Makefile and configure for new
	.def paths

2015-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/main-ctl.h, src/main.h,
	src/occtl/args.def, src/{ => occtl}/ctl.h: occtl: move ctl.h in
	occtl/ and fixed args.def to include version.inc

2015-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/base64-helper.c: Added check for nettle < 3.0

2015-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd/Makefile.am, src/ocpasswd/ocpasswd.c: ocpasswd:
	include builddir and include proper header

2015-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-common.sh: tests: copy ocpasswd and occtl from new
	paths

2015-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl/Makefile.am: occtl: include builddir/.. into CPPFLAGS

2015-09-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/auth/gssapi.c,
	src/auth/radius.h, src/base64-helper.c, src/base64-helper.h,
	src/log.c, src/sec-mod-auth.c, src/sec-mod-db.c, src/sec-mod.h,
	src/worker-auth.c, src/worker-http.c: use nettle's base64
	implementation

2015-09-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* build-aux/config.rpath, build-aux/snippet/arg-nonnull.h,
	build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
	gl/Makefile.am, gl/base64.c, gl/base64.h, gl/c-ctype.c,
	gl/c-ctype.h, gl/c-strcase.h, gl/c-strcasecmp.c,
	gl/c-strncasecmp.c, gl/cloexec.c, gl/cloexec.h, gl/close.c,
	gl/dup2.c, gl/errno.in.h, gl/fcntl.c, gl/fcntl.in.h, gl/fd-hook.c,
	gl/fd-hook.h, gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/getdelim.c,
	gl/getdtablesize.c, gl/getline.c, gl/getpass.c, gl/getpass.h,
	gl/gettimeofday.c, gl/lseek.c, gl/m4/00gnulib.m4,
	gl/m4/absolute-header.m4, gl/m4/base64.m4, gl/m4/close.m4,
	gl/m4/dup2.m4, gl/m4/errno_h.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl.m4,
	gl/m4/fcntl_h.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fstat.m4,
	gl/m4/getdelim.m4, gl/m4/getdtablesize.m4, gl/m4/getline.m4,
	gl/m4/getpass.m4, gl/m4/gettimeofday.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
	gl/m4/include_next.m4, gl/m4/largefile.m4, gl/m4/lib-ld.m4,
	gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/longlong.m4,
	gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/memchr.m4, gl/m4/memmem.m4,
	gl/m4/minmax.m4, gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4,
	gl/m4/msvc-nothrow.m4, gl/m4/multiarch.m4, gl/m4/off_t.m4,
	gl/m4/realloc.m4, gl/m4/ssize_t.m4, gl/m4/stdbool.m4,
	gl/m4/stddef_h.m4, gl/m4/stdint.m4, gl/m4/stdio_h.m4,
	gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/strcasestr.m4,
	gl/m4/strdup.m4, gl/m4/string_h.m4, gl/m4/strings_h.m4,
	gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4,
	gl/m4/sys_types_h.m4, gl/m4/time_h.m4, gl/m4/unistd_h.m4,
	gl/m4/warn-on-use.m4, gl/m4/wchar_t.m4, gl/malloc.c, gl/memchr.c,
	gl/memmem.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h,
	gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/realloc.c,
	gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
	gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h, gl/strcasecmp.c,
	gl/strcasestr.c, gl/strdup.c, gl/string.in.h, gl/strings.in.h,
	gl/strncasecmp.c, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/sys_types.in.h, gl/time.in.h, gl/unistd.in.h: gnulib: updated and
	removed base64

2015-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/str.c: str: explicitly deinitialize temporary value, instead
	of relying on talloc

2015-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: doc update

2015-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ipv4-prefix.c: tests: ipv4-prefix: added checks for
	ipv4_route_to_cidr

2015-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/str-test.c: tests: added check for function-based str
	replacements

2015-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/str.c: str: str_append_str was made more safe and tolerate
	null

2015-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/ocpasswd-test: tests: ip and ocpasswd
	were updated for reorg in src/

2015-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-util.c, src/ip-util.h, src/ocserv-args.def,
	src/route-add.c, src/str.c, src/str.h: Introduced %{RI} macro for
	route-add/del-cmd to get route in CIDR format

2015-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/common.c, src/common.h, src/config.c,
	src/ip-lease.c, src/ip-util.c, src/ip-util.h, src/main-resume.c,
	src/sup-config/file.c, src/sup-config/radius.c, src/vpn.h: moved
	ip-related macros to ip-util

2015-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/Makefile.am, src/Makefile.am, src/common.mk,
	src/occtl/Makefile.am, src/{occtl-args.def => occtl/args.def},
	src/{occtl-cache.c => occtl/cache.c}, src/{occtl-ip-cache.c =>
	occtl/ip-cache.c}, src/{occtl-nl.c => occtl/nl.c}, src/{ =>
	occtl}/occtl.c, src/{ => occtl}/occtl.h, src/{occtl-pager.c =>
	occtl/pager.c}, src/{occtl-print.c => occtl/print.c},
	src/{occtl-time.c => occtl/time.c}, src/{occtl-unix.c =>
	occtl/unix.c}, src/ocpasswd/Makefile.am, src/{ocpasswd-args.def =>
	ocpasswd/args.def}, src/{ => ocpasswd}/ocpasswd.c: occtl and
	ocpasswd were moved into separate directories

2015-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/str-test.c: tests: enhance str-test with a negative test on
	str_replace_str

2015-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ipv4-prefix.c: tests: ipv4-prefix updated for new function
	name

2015-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/str-test.c: tests: added small unit for
	str functionality

2015-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/route-add.c, src/str.c, src/str.h, src/worker-vpn.c: optimized
	str_replace_str

2015-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/config.c: renamed
	ipv4_prefix_to_mask to distinguish from the ipv6 function

2015-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: removed debug message

2015-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/config.c, src/sup-config/file.c,
	src/sup-config/radius.c: when reading IPv4 routes ensure they are
	read/converted to proper format

2015-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2015-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: use correct types when printing u64s

2015-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/occtl-pager.c: occtl: allow empty pager to be
	specified on compile time

2015-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/main-sec-mod-cmd.c,
	src/ocserv-args.def, src/vpn.h: Added the config option
	expose-iroutes This allows the server to advertise routes offered by few clients to
	all clients except the ones offering them.

2015-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ipv6-prefix.c: tests: updated ipv6-prefix check for new
	internal functions

2015-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test, tests/radius-test: tests: updated test addresses
	for IPv6

2015-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/auth/radius.c, src/auth/radius.h,
	src/common.c, src/common.h, src/config.c, src/ip-lease.c,
	src/ip-lease.h, src/ipc.proto, src/main-auth.c,
	src/main-sec-mod-cmd.c, src/ocserv-args.def, src/sup-config/file.c,
	src/sup-config/radius.c, src/tun.c, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c: ipv6: introduced ipv6-subnet-prefix config option That option allows to specify the IPv6 subnet prefix to be given to
	client. That is, allow providing the clients networks larger than
	/128. Set the option to 128 to simulate the previous behavior of
	ocserv.

2015-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: increased the priority of messages that may be
	of interest to administrators

2015-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/worker-vpn.c: added more detailed session
	information messages

2015-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2015-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2015-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-proxyproto,
	tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-debian-radius-config,
	tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-debian-unix: tests: install liboath0
	in debian tests

2015-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: When checking for the existence of IPv6 addresses,
	check on the final address form This resolves an issue where randomly generated IPv6 addresses which
	were odd, could not be detected on the duplicate checks.  Resolves #5

2015-09-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/plain.c: plain auth: increased hotp trial window

2015-09-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-09-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am,
	tests/docker-kerberos/Dockerfile-fedora-client,
	tests/docker-kerberos/Dockerfile-fedora-kerberos,
	tests/docker-ocserv/Dockerfile-fedora-otp,
	tests/docker-ocserv/Dockerfile-fedora-pam,
	tests/docker-ocserv/Dockerfile-fedora-pam-noauth,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto-unix,
	tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius-config,
	tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/ocserv-otp.conf,
	tests/docker-ocserv/users2.oath, tests/otp-test: tests: Added checks
	for OTP support using plain passwd

2015-09-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, doc/Makefile.am, doc/sample.config, doc/sample.otp,
	src/Makefile.am, src/auth/common.c, src/auth/common.h,
	src/auth/plain.c, src/common-config.h, src/config.c,
	src/ocserv-args.def, src/subconfig.c: plain auth: support OTP
	authentication using usersfile That adds a dependency on liboath.

2015-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: mention the possibility of
	proxy arp

2015-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: doc update

2015-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README-radius.md: README-radius: use /etc/radcli for paths

2015-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml, Makefile.am: .gitlab-ci.yml: don't check libopts
	match in make dist

2015-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am: Makefile: use srcdir to reach libopts

2015-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-09-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pam-noauth-test: tests: added missing pam-noauth-test

2015-09-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: corrected build flags for out-of-tree builds

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: include make dist into test suite

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README.md, doc/Makefile.am, doc/{README.radius =>
	README-radius.md}: doc: converted README.radius to markdown and link
	it from README.md

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, Makefile.am: Makefile: use the foreign automake rules That allows to compile without following the strict GNU standards.

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: added build status

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: Added .gitlab-ci.yml

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README => README.md: converted README to markdown

2015-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test-config: tests: radius-test-config: kill
	openconnect process on failure

2015-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-cookie-invalidation: tests: fixes in
	test-cookie-invalidation

2015-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-unix.c: forward all routes sent to client to occtl

2015-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/acct/pam.c, src/acct/radius.c, src/sec-mod-acct.h,
	src/sec-mod-auth.c: don't pass the authentication context to
	accounting methods

2015-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Force sending stats message to sec-mod from
	worker on disconnect

2015-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/ocserv-args.def: doc update

2015-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test-config: tests: use background option in
	openconnect for radius-test-config

2015-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test-config: tests: fix route check in
	radius-test-config

2015-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pam-test: tests: removed IPv6 checks from pam-test

2015-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: move test-stress outside the set of test
	scripts

2015-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am,
	tests/docker-ocserv/Dockerfile-fedora-pam-noauth,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/ocserv-pam-noauth.conf,
	tests/docker-ocserv/pam-acct-ocserv, tests/user-cert-testuser.pem: 
	tests: added check for pam acct config option

2015-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/Makefile.am, src/acct/pam.c,
	src/acct/pam.h, src/config.c, src/ocserv-args.def: Reinstated the
	PAM accounting method It can be used to check for a valid PAM account, even when
	certificates or another authentication method is in use.

2015-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: optimize CRL reloads by avoid auto-detection of the
	type on every reload

2015-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cert: tests: check whether DER CRLs are being read

2015-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: Allow loading DER-encoded CRLs

2015-09-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: tlslib: correctly determine the presence of
	GNUTLS_X509_CRT_LIST_SORT

2015-09-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/ocserv-args.def: updated
	documentation for CRL reload

2015-09-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/tlslib.c, src/tlslib.h: check the CRL periodically
	and reload it when modified

2015-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: When importing server certificate(s) sort them when
	supported by gnutls That avoids the "unsorted chain" error.

2015-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: removed pam accounting
	method from config file Reported by Stuart Henderson.

2015-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.10.8

2015-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2015-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-kkdcp.c: added informational message on KKDCP request
	processing

2015-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/Dockerfile-fedora-client: tests: kerberos:
	updated to account the change in IPv6 address assignment

2015-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: Store the configuration file internally to avoid
	dependency on cmdline arguments That allows reloading the configuration even after our
	setproctitle() has overwritten the argv arguments.

2015-09-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/ocserv-radius.conf, tests/full-test,
	tests/pam-test, tests/radius-test: tests: updated for change in IPv6
	address assignment

2015-09-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-09-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: use the complete mask when assigning IPv6
	addresses

2015-09-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: .gitignore: ignore binaries in tests/

2015-08-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: Keep PAM in the accounting types but simply ignore
	it.  That requires no configuration changes for system where this was
	accidentally enabled.

2015-08-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/main.c, src/main.h, src/setproctitle.c: 
	setproctitle: overwrite argv and argc

2015-08-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-08-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/Makefile.am, src/acct/pam.c,
	src/acct/pam.h, src/config.c, src/ocserv-args.def,
	tests/docker-ocserv/ocserv-pam.conf: pam: removed accounting; it
	served no purpose In fact it could even cause issues in the security-module depending
	on what was configured in PAM.

2015-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl-unix.c: occtl: print
	the configured split-dns domains

2015-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/subconfig.c: config: avoid crash when parsing empty subconfig
	strings Reported by Niels Peen.

2015-08-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/proxy-connectscript: tests: connect script
	fixes The connect script used for proxyproto no longer needs /tmp/connect,
	it will create it.

2015-08-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: human_addr2(): only attempt to parse INET addresses

2015-08-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/main.c: Enforce banned list even when proxy
	protocol is in use That would be later in the authentication process by the time main
	is notified of the peer's IP. That is a compromise between
	terminating a malicious client early (before fork), and handling the
	proxy protocol in the privileged main process, which may reduce the
	overall security.

2015-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: prior to release check that the version of libopts
	matches the included

2015-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: include proxyproto-unix-test to the test
	suite

2015-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-proxyproto,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/ocserv-proxyproto.conf,
	tests/docker-ocserv/proxy-connectscript, tests/proxyproto-test: 
	tests: check whether IPs are being passed correctly to script when
	in proxyproto That is check whether the remote IP passed is other than localhost,
	and there is a non-empty IP_REAL_LOCAL.

2015-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl-unix.c: occtl: print
	the Local Device IP (the IP the user connected to)

2015-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-proxyproto.c: proxyproto: corrected address type
	setting in our address

2015-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-misc.c, src/main-user.c, src/main.c,
	src/main.h, src/ocserv-args.def, src/worker-vpn.c: worker: notify
	early main on session info That allows to pass TLS information early, but more importantly to
	pass information on the IP of the client (and our listen IP), to
	main, which will be provided in turn to the up and down scripts, as
	well as occtl.

2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: Be more verbose when CRLs are being loaded

2015-08-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc: mention the facility log messages are
	sent to

2015-08-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-unix.c: Log info message when the control socket is
	disabled

2015-08-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: On BSD systems only set IP_RECVDSTADDR when using IPv4

2015-08-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, doc/Makefile.am: configure: discover suitable sed
	program

2015-08-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: config: remove whitespace from the end of strings

2015-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: use ':' instead of /bin/true for non-existing
	programs

2015-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2015-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/Dockerfile-fedora-client,
	tests/docker-kerberos/Dockerfile-fedora-kerberos,
	tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-debian-radius-config,
	tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-debian-unix,
	tests/docker-ocserv/Dockerfile-fedora-pam,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto-unix,
	tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius-config,
	tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix: tests: don't expose any
	ports in docker tests

2015-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker-proxyproto.c, src/worker-vpn.c,
	src/worker.h: proxyproto: use it to figure our IP Also made more precise the length checks in proxyproto values.

2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-proxyproto.c: proxyproto: allow for headers which have
	precisely 520-bytes of data

2015-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: allow compilation without libopts

2015-07-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-07-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test-config: tests: increased waiting time for
	radius-test-config That avoids random failures of script.

2015-07-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-proxyproto.c: doc update

2015-07-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-07-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/worker-proxyproto.c, src/worker-vpn.c,
	src/worker.h: Separated the proxy protocol code

2015-07-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto-unix,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/haproxy-proxyproto-unix.cfg,
	tests/docker-ocserv/ocserv-proxyproto-unix.conf,
	tests/proxyproto-unix-test, tests/user-cn.pem: tests: Added check
	for proxy protocol with certificates

2015-07-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: make explicit the rejection of certificate
	messages

2015-07-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/worker-auth.c, src/worker-vpn.c: Added support
	for reading the client cert verification status and CN from proxy
	protocol

2015-07-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-07-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am,
	tests/docker-ocserv/Dockerfile-fedora-proxyproto,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/haproxy-proxyproto.cfg,
	tests/docker-ocserv/ocserv-proxyproto.conf, tests/proxyproto-test: 
	tests: added check for proxy protocol

2015-07-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-vpn.c: Added support for proxy protocol (v2)

2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pam-test: tests: fixed unreliable password entry in PAM test

2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/acct/radius.c, src/auth/radius.c: radius: set the NAS_PORT via
	the rc_aaa() API This avoids a duplicate NAS-Port entry with the freeradius-client
	library.

2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test, tests/radius-test-config: tests: increased
	waiting time in radius tests to account for time fuzz

2015-07-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test, tests/radius-test-config: tests: fixed
	unreliable password entry in radius tests

2015-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Apply a fuzzying factor rekey_time and
	stats_report_time That factor would prevent the case of all worker processes
	contacting main or sec-mod at exactly the same time.

2015-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: removed duplicate header entry

2015-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: avoid including linux/in6.h, it causes issues in
	several systems

2015-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-unix.c: occtl: fix json output in show status

2015-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-args.def, src/occtl-pager.c, src/occtl-unix.c,
	src/occtl.c, src/occtl.h: occtl: added option --no-pager

2015-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-args.def: occtl: document -j in manpage

2015-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-print.c: corrected JSON array output

2015-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth-unix.c, src/auth-unix.h: Only include grouplist functions
	when they are needed

2015-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.10.6

2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-nl.c, src/occtl-print.c, src/occtl-unix.c, src/occtl.h: 
	occtl: corrected bug in json checks

2015-06-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: don't set the wr_set in select (previously it was only
	ignored in pselect)

2015-06-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2015-06-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: use quotes in all examples
	to avoid issues in modifications

2015-06-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/myscript,
	tests/docker-kerberos/ocserv.conf, tests/kerberos-test: tests:
	verify that groupname is read correctly when in kerberos auth

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/server-key-ossl.pem,
	tests/server-key-p8.pem, tests/test-enc-key,
	tests/test-enc-key.config, tests/test-enc-key2.config: tests: check
	the ability to load encrypted key files

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/ocserv-args.def,
	src/sec-mod.c, src/vpn.h: Allow specifying a PIN and SRK PIN in the
	config file That pin will be used to decrypt encrypted key files as well.

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/kkdcp-parsing.c: tests: kkdcp-parsing: fixed header include

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/sec-mod.c, src/tlslib.c,
	src/vpn.h, src/worker-auth.c: certificates and keys were moved to
	permanent configuration

2015-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: worker: provide log messages in more failure
	paths

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: require radcli 1.2.1

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/acct/radius.c, src/auth/gssapi.c,
	src/auth/pam.c, src/auth/plain.c, src/auth/radius.c, src/cfg.h,
	src/common-config.h, src/config.c, src/subconfig.c: combined cfg.h
	and common-config.h

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sup-config/file.c: improved variable name

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/common-config.h, src/config.c,
	src/sup-config/file.c, src/vpn.h: Lifted the limit by
	MAX_CONFIG_ENTRIES Now entries in the configuration file are limited by available
	memory.

2015-06-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth-unix.c, src/auth-unix.h, src/auth/gssapi.c,
	src/auth/pam.c, src/cfg.h, src/ocserv-args.def, src/subconfig.c: 
	gssapi: allow auto-select-group option to work

2015-06-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/auth-unix.c, src/auth-unix.h,
	src/auth/gssapi.c, src/auth/pam.c: gssapi: allow group setting using
	getpwnam

2015-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/radius.c: radius: add PW_ACCT_INTERIM_INTERVAL when
	compiling against old implementations

2015-06-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-fedora-radius: tests: radius:
	expose the radius ports

2015-06-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/acct/radius.c, src/auth/radius.c: radius: updated radcli
	header

2015-06-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cfg.h: define perm_cfg_st as struct in cfg.h to reduce
	warnings

2015-06-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: when using a UNIX socket get our IP from the
	UDP socket That is only for DTLS clients, and for the IP the worker advertizes
	to the security module.

2015-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c: improved error messages when radius packet
	forming fails

2015-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/README.radius: updated radcli URLs

2015-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/README.radius, src/Makefile.am,
	src/acct/radius.c, src/auth/radius.c: use radcli as the radius
	library if found

2015-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: When we receive a data packet in the CSTP
	channel switch communication to it That will reduce delay time if the DTLS channel is unresponsive and
	our peer switched to CSTP already. That switch will be undone if our
	peer switches back and starts sending DTLS.

2015-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.radius: added NAS-Identifier into dictionary

2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/ocserv.conf, tests/full-test: tests: use
	non-common IPs in full-test

2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/json-escape.c: tests: added unit test for
	JSON escaping

2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/common-json.c, src/common-json.h,
	src/occtl-print.c: occtl: properly escape JSON strings

2015-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/Dockerfile-fedora-client,
	tests/docker-kerberos/Dockerfile-fedora-kerberos,
	tests/docker-ocserv/Dockerfile-fedora-pam,
	tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius-config,
	tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix: tests: use f22 for
	docker images

2015-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/kkdcp-parsing.c: tests: added unit test
	with KKDCP server parsing

2015-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/cfg.h, src/config-kkdcp.c, src/config.c: 
	split KKDCP config line parsing from config.c

2015-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def: Allow IPv6 addresses in KKDCP

2015-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: ping: check for ICMPv6 unreachable packets when
	in IPv6

2015-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: ping: cleanup code

2015-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, doc/Makefile.am,
	doc/dbus/org.infradead.ocserv.conf, src/Makefile.am,
	src/main-ctl-dbus.c, src/occtl-dbus.c: removed dbus option

2015-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/common.h, src/main-ctl-unix.c,
	src/occtl-dbus.c, src/occtl-nl.c, src/occtl-print.c,
	src/occtl-time.c, src/occtl-unix.c, src/occtl.c, src/occtl.h: occtl:
	added --json option This allows to parse the output data using automated tools.

2015-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/auth/plain.c: plain auth: use strsep() to allow
	an empty group string

2015-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pcl/pcl.c: pcl: include headers for getpid and memcpy

2015-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-time.c: use casts for systems where time_t is longer
	than 32-bits Suggested by Stuart Henderson.

2015-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-05-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: better text for group prompt

2015-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use IPV6_PATHMTU socket option instead of
	IPV6_MTU The former is portable and available on BSD systems.

2015-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: removed redundant line

2015-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: don't exit if isolated-workers isset

2015-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.10.5

2015-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: sample.config: bring in par with
	ocserv-args.def

2015-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: document the fact that
	some clients fail if rekey is disabled

2015-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/freeradius-users,
	tests/docker-ocserv/ocserv-pam.conf,
	tests/docker-ocserv/ocserv-radius-config.conf,
	tests/docker-ocserv/ocserv-radius.conf,
	tests/docker-ocserv/ocserv-unix.conf,
	tests/docker-ocserv/ocserv.conf, tests/radius-test-config: tests:
	separate the provided routes from the client's IP to avoid
	collisions

2015-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test: tests: use openconnect -b in full-test

2015-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-common.sh, tests/full-test, tests/radius-test,
	tests/unix-test: tests: use /bin/echo to provide '-e' and
	elimination of some bashisms

2015-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: added dots to prompt messages

2015-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-radius-config,
	tests/docker-ocserv/Makefile.am: tests: added
	Dockerfile-debian-radius-config

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-common.sh, tests/kerberos-test: tests: avoid docker
	cp in kerberos test

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/unix-test: tests: use common functions in unix-test

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod.c: corrected memset usage

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: avoid null pointer dereference in config parsing

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/acct/radius.c: check the return value of inet_pton

2015-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pam-test: tests: corrected username in pam-test

2015-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test, tests/radius-test-config: tests: cleanups

2015-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-common.sh: tests: remove the interactive flags from
	docker exec cmd

2015-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: added radius-test-config to tests

2015-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-common.sh, tests/full-test, tests/pam-test,
	tests/radius-test, tests/radius-test-config, tests/unix-test: tests:
	use common function to check for file existence This addresses issue with "docker cp" in some systems.

2015-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: move the password counter to the label That addresses issue with anyconnect clients which require the name
	to be called password.

2015-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-fedora-pam,
	tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius-config,
	tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix, tests/full-test,
	tests/kerberos-test, tests/pam-test, tests/radius-test,
	tests/radius-test-config, tests/unix-test: tests: don't use ssh to
	obtain user information

2015-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: when the password label matches the message,
	set no message

2015-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c: PAM: improved log message in conv to include
	prompt

2015-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/ipc.proto, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/sec-mod.h, src/worker-auth.c: Combined
	password prompt and message That is because there are clients (anyconnect) which only print the
	message but not the prompt.

2015-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: do not print error message when a new password
	is requested

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: TODO: removed session timeout

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/ocserv.conf, tests/full-test,
	tests/radius-test, tests/radius-test-config, tests/unix-test: tests:
	avoid using double newlines and other updates in full-test

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/common.c, src/auth/common.h, src/auth/plain.c: don't use
	default messages for first prompt - allow worker to set it

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/radius.c: updated for new format of msgs

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius-config,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/freeradius-users,
	tests/docker-ocserv/ocserv-radius-config.conf,
	tests/docker-ocserv/ocserv-radius.conf,
	tests/docker-ocserv/radius-dictionary, tests/radius-test-config: 
	tests: added check for the application of radius configuration

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: do not send interim-updates on init

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-sup-config.c: print information on the config backend
	used

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/subconfig.c: corrected bug in string expansion

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test, tests/pam-test, tests/radius-test,
	tests/unix-test: tests: properly escape output

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-db.c: session-timeout immediately invalidates the
	session

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def, src/sup-config/file.c: stats-report-time and
	session-timeout can be set per user/group as well

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/radius.c, src/cfg.h, src/ocserv-args.def,
	src/subconfig.c: simplify application of radius config

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/radius.c, src/auth/radius.h, src/cfg.h, src/ipc.proto,
	src/main-auth.c, src/main-sec-mod-cmd.c, src/main.h,
	src/ocserv-args.def, src/sec-mod-auth.c, src/sec-mod-auth.h,
	src/subconfig.c, src/sup-config/radius.c, src/vpn.h,
	src/worker-auth.c: Allow overriding session-timeout from radius

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/acct/radius.c, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-vpn.c: Introduced session-timeout option That allows to set the maximum number of seconds a session can be
	active.

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/README.radius: updated radius documentation

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: cleanup in match_password_in_reply()

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/gssapi.c, src/auth/pam.c, src/auth/pam.h,
	src/auth/plain.c, src/ipc.proto, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/sec-mod.h, src/worker-auth.c: when multiple
	password prompts are sent, utilize a counter to differentiate them

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto: removed deprecated field from auth_reply_msg

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-fedora-pam,
	tests/docker-ocserv/ocserv-pam.conf,
	tests/docker-ocserv/pam-ocserv, tests/docker-ocserv/users.oath,
	tests/pam-test: tests: enhanced PAM test with a second (OTP)
	password

2015-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/gssapi.c, src/auth/pam.c, src/auth/pam.h,
	src/auth/plain.c, src/auth/radius.c, src/ipc.proto,
	src/sec-mod-auth.c, src/sec-mod-auth.h, src/sec-mod.h,
	src/worker-auth.c: pam: allow passing brief prompt in addition to
	messages

2015-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/vpn.h: increased timeout in main-secmod  communication

2015-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod.c, src/vpn.h: simplified request handling in sec-mod

2015-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: close the sec-mod fds on worker

2015-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2015-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl.h, src/main-misc.c, src/main.c, src/main.h: 
	remove_proc: use flags instead of multiple variables

2015-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2015-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl.h, src/main-misc.c, src/main.c, src/main.h: when the
	server exits don't wait for stats from sec-mod

2015-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.h: updated main_mod_fd_sync doc

2015-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/main-sec-mod-cmd.c, src/main.c, src/main.h,
	src/sec-mod-auth.c, src/sec-mod.c, src/sec-mod.h: main: use two
	sockets to communicate with sec-mod That allows to have a reliable synchronous socket, and a socket
	where messages are sent and received asynchronously.

2015-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c, src/sec-mod.c: Added more debugging messages

2015-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod.c: set cloexec on sec-mod's socket file

2015-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/freeradius-users: tests: added more users into
	radius' server user file

2015-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/Dockerfile-fedora-client, tests/pam-test: 
	tests: updated ipv6 addresses in kerberos and pam tests

2015-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: export IPV6_PREFIX to scripts

2015-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: set ipv6 prefix only if it is set

2015-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/Dockerfile-fedora-client, tests/full-test,
	tests/radius-test: tests: updated IPv6 addresses

2015-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, src/ip-lease.h, src/main-auth.c, src/tun.c: use an
	127-bit prefix for IPv6 leases

2015-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test: tests: updated radius-test to detect disconnect
	in certificate auth

2015-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/acct/radius.c, src/sec-mod-auth.c, src/sec-mod-db.c,
	src/sec-mod.h: radius: set NAS_PORT on accounting requests

2015-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/acct/radius.c, src/auth/radius.c: radius: corrected the byte
	ordering of NAS_IP_ADDRESS

2015-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test: tests: check whether the value set in radius'
	NAS-IP-Address is not invalid

2015-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/acct/radius.c, src/auth/radius.c, src/sec-mod-auth.c,
	src/sec-mod.h: radius: advertise the correct NAS IP in accounting
	messages

2015-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/sec-mod.c: set close-on-exec flag in sec-mod
	fds

2015-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/main-user.c, src/ocserv-args.def: corrected
	typos in IPV6 env variable

2015-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c, src/vpn.h: increased MAX_MSG_SIZE

2015-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-sec-mod-cmd.c, src/vpn.h: enforce more timeouts in
	sec-mod main communication

2015-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/sec-mod.c, src/sec-mod.h: sec-mod:
	eliminated redundant parameters

2015-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-sec-mod-cmd.c, src/sec-mod.c, src/vpn.h: added sanity
	checks in commands exchanged from main with sec-mod

2015-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/acct/radius.c, src/vpn.h, src/worker-vpn.c: radius:
	distinguish more disconnect codes

2015-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: worker: introduce a minimum interval below which
	no stats will be sent

2015-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/acct/radius.c, src/vpn.h, src/worker-vpn.c: radius: notify of
	disconnect timeout reason

2015-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: oc_recvfrom_at: use correct packet type for IPv6
	data

2015-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2015-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c: radius: use explicit sizes when setting NAS
	address

2015-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: updated ipv6 MTU discovery

2015-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: oc_recvfrom_at: fixed discovery of our IPv6 address

2015-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-vpn.c, src/worker.h: added MTU discovery
	and adjustment in IPv6

2015-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/gssapi.c, src/auth/pam.c, src/auth/plain.c,
	src/auth/radius.c, src/auth/radius.h, src/ipc.proto,
	src/sec-mod-auth.c, src/sec-mod-auth.h, src/worker-auth.c: radius:
	set our IP in the request explicitly

2015-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/README.radius: radius: removed documentation for
	Framed-IPv6-Route It was superseded by Route-IPv6-Information

2015-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/README.radius, src/auth/radius.c: radius: added support for
	Delegated-IPv6-Prefix

2015-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/gssapi.c, src/auth/pam.c, src/auth/plain.c,
	src/auth/radius.c, src/auth/radius.h, src/main-ctl-unix.c,
	src/sec-mod-auth.c, src/sec-mod-auth.h, src/sec-mod.c,
	src/sec-mod.h, src/system.c, src/system.h: radius: put the process
	ID into NAS-Port

2015-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/acct/radius.c: radius: removed NAS-PORT-TYPE from accounting
	requests

2015-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/README.radius: README.radius: added new attributes

2015-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h: Revert "allow
	specifying a subnet id" This reverts commit 689c5ad56338b4a9ed81ac9a58d13689a24ba955.

2015-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/ipv6-prefix.c: tests: added ipv6-prefix
	unit test

2015-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c, src/common.h, src/ip-lease.c: enhanced
	ipv6_prefix_to_mask

2015-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h: allow specifying a
	subnet id

2015-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c, src/common.h: ipv4_prefix_to_mask: enhanced to
	handle all possible prefixes

2015-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/ipv4-prefix.c: tests: added unit test for
	ipv4_prefix_to_mask()

2015-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-sec-mod-cmd.c, src/worker-misc.c: restore recvmsg

2015-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def,
	src/sec-mod-auth.c, src/sec-mod-db.c, src/sec-mod.h, src/vpn.h: 
	added config option 'persistent-cookies' When it is set, it doesn't invalidate cookies after user
	disconnection.

2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: sec-mod: terminate a client session
	immediately only if there is a single user

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/README.radius, doc/sample.config, src/auth/radius.c,
	src/auth/radius.h, src/cfg.h, src/ipc.proto, src/main-auth.c,
	src/main-sec-mod-cmd.c, src/main.h, src/ocserv-args.def,
	src/sec-mod-auth.c, src/sec-mod-auth.h, src/subconfig.c,
	src/worker-auth.c: radius: consider Acct-Interim-Interval by default That can also be overriden by specifying
	'override-interim-updates=true' in the radius subconfig.

2015-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-sec-mod-cmd.c, src/sec-mod-auth.c: radius:
	send IP address on session start

2015-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated TODO

2015-05-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc: use the "proper" URL
	for kdcproxy

2015-05-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-05-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Makefile.am, tests/docker-ocserv/ca.pem,
	tests/docker-ocserv/ocserv-radius.conf, tests/radius-test: tests:
	added check for radius accounting with certificates

2015-05-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: force_read: handle EOF from fd

2015-05-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: radius: properly close accounting for
	certificate sessions

2015-05-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: common: corrected select loops

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/main-misc.c: allow the _timeout functions to
	operate without a timeout

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main-sec-mod-cmd.c, src/tlslib.c,
	src/worker-auth.c, src/worker-resume.c, src/worker-vpn.c: 
	selectively specify timeout in recv when needed

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/acct/radius.c: radius acct: corrected type of value in data
	setting

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c: radisu: always send NAS_PORT_TYPE

2015-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: updated message

2015-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-sec-mod-cmd.c: main: do not impose timeout when reading
	from sec-mod

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: increased the
	tgt-freshness-time in examples

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/gssapi.c: gssapi: avoid comparison with null mechanism

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-http.c: updated comment

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: corrected termination of sessions which had no
	associated module (i.e., certificate)

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/acct/radius.c, src/ipc.proto, src/main.h,
	src/sec-mod-acct.h, src/sec-mod-auth.c, src/sec-mod.h, src/vpn.h,
	src/worker-vpn.c: radius: distinguish between user disconnect and
	admin reset of worker process

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/Dockerfile-fedora-client,
	tests/docker-kerberos/ocserv.conf, tests/kerberos-test: tests:
	verify tgt-freshness-time in Kerberos setup

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/auth/gssapi.c, src/cfg.h,
	src/ocserv-args.def, src/subconfig.c: Added config option
	'tgt-freshness-time' for GSSAPI This allows to set the maximum number of seconds a TGT ticket will
	be valid for logging in the VPN. That can be used to prevent a valid
	for a day TGT ticket from being used to login to VPN, and addresses
	the use-case of where a laptop with a valid TGT ticket is stolen.

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test: tests: updated radius test

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: on explicit user termination notify radious as
	soon

2015-04-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2015-04-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: corrected typo in ban-points-connection option

2015-04-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: return more meaningful error code in
	parse_data()

2015-04-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/acct/pam.c, src/acct/radius.c, src/sec-mod-acct.h,
	src/sec-mod-auth.c: radius: differentiate between user termination
	and session timeout

2015-04-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test: tests: added check for proper disconnection
	message in radius

2015-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/ipc.proto, src/main-ctl-dbus.c,
	src/main-ctl-unix.c, src/main-sec-mod-cmd.c, src/main.h,
	src/occtl-unix.c, src/sec-mod-auth.c: keep track of client entries
	in sec-mod and report them in status msg

2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod: expire sessions which are in
	terminated state Reported by riteki@gmail.com.

2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-http.c: Added support for chacha20-poly1305 if compiled
	with gnutls 3.4.0

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: made header consistent

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.10.3

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c, src/main-auth.c, src/main-misc.c, src/tun.c: 
	improved log messages and levels

2015-04-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README: README: updated command for test server

2015-04-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: removed unimplemented option

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-extras.c, src/worker-privs.c: if user-profile or binary
	files are setup allow opening files on isolation That fixes the user-profile configuration setting when
	isolate-workers is set to true.

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-cookie-timeout, tests/test-cookie-timeout-2,
	tests/test-multi-cookie: tests: improved tests with cookies They use the --background openconnect option instead of the shell
	background command.

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-cookie-invalidation,
	tests/test-cookie-invalidation.config: tests: added test for cookie
	invalidation

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main.h, src/sec-mod-auth.c, src/worker-vpn.c: 
	when the user has voluntarily terminated the session invalidate the
	cookie

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: mention about clamping MSS

2015-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/ocserv-args.def: doc update

2015-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: set the the don't fragment bit only when mtu discovery
	is set

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c: fixed debugging message

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: reflect the received DPD packets

2015-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: fixed typo

2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: doc update

2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: document tun assignment

2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: reset the IPv4 address of tun device in linux

2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: delete routes and ipv6 interface address in linux as
	well

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: tun: restrict SIOCDIFADDR on non-linux

2015-04-13  Brian Chu <cynix@cynix.org>

	* src/ip-lease.c, src/main.h, src/tun.c: Remove addresses from old
	tun device when stealing leases

2015-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: when multiple auth methods are set, do not 'require'
	a certificate

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod.c: reject bad commands from main

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-dbus.c: dbus: require desc to be non-null

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-04-04  Brian Chu <cynix@cynix.org>

	* src/tun.c: Set TUNSIFHEAD on the tun device if supported

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: Revert "tun: only use the TUN_AF_PREFIX in OpenBSD" This reverts commit 2df8e244abf3dc94ff5b6881b02da74d08999c84.

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: tun: only use the TUN_AF_PREFIX in OpenBSD

2015-04-04  Brian Chu <cynix@cynix.org>

	* src/tun.c: Fix indentation

2015-04-04  Brian Chu <cynix@cynix.org>

	* src/tun.c: Fix invalid return value

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-dbus.c: dbus: reduced verbosity of module

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-dbus.c: dbus: share the common part of signature in
	user listing

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-unix.c, src/main-ctl.h: terminate_proc is shared
	between dbus and unix

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: doc update: remove dbus from the non-recommended
	options

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: install dbus config file if DBUS is enabled

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-dbus.c: dbus: use terminate_proc

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-dbus.c, src/occtl-dbus.c: dbus: include no-route
	information in the user info

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-dbus.c, src/occtl-dbus.c: dbus: include DTLS/CSTP
	compression and MTU in the user info

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-dbus.c, src/occtl-dbus.c: dbus status command is in
	par with unix sockets one

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-dbus.c, src/occtl-dbus.c: dbus: fixed new commands
	for ban/list

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: removed old todo items

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: enable dbus

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-dbus.c: dbus: more debugging messages

2015-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-dbus.c, src/occtl-dbus.c: dbus: added new commands
	for ban/list

2015-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: server header moved to X-CSTP-Server That would allow viewing the server from openconnect verbose output.

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/tlslib.h: tlslib: define DTLS1_2 when needed

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: no need to require libtasn1 3.9

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/worker-http.c, src/worker.h: ciphersuite check
	is made dynamic That would allow ocserv to be compiled with GnuTLS earlier than
	3.2.7 but still use GCM if linked with a proper version.

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-common.sh: tests: docker-common includes common.sh

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod.c: sec-mod: do not impose timeouts on reads from main

2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/common.sh, tests/full-test, tests/pam-test,
	tests/radius-test, tests/test-ban, tests/test-cert,
	tests/test-cookie-timeout, tests/test-cookie-timeout-2,
	tests/test-explicit-ip, tests/test-group-cert,
	tests/test-group-pass, tests/test-iroute, tests/test-multi-cookie,
	tests/test-pass, tests/test-pass-cert, tests/test-pass-group-cert,
	tests/test-pass-group-cert-no-pass, tests/test-pass-opt-cert,
	tests/test-pass-script, tests/test-sighup, tests/test-stress,
	tests/unix-test: tests: openconnect binary is now set in variable

2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.10.2

2015-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-sec-mod-cmd.c, src/sec-mod-auth.c: reduce messages sent
	by main to sec-mod

2015-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/Dockerfile-fedora-client: tests: rely on
	fedora's openconnect for kerberos-test

2015-03-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-sec-mod-cmd.c, src/sec-mod-auth.c,
	src/sec-mod.c, src/sec-mod.h: receive SM_CMD_AUTH_BAN_IP_REPLY
	asynchronously to prevent race conditions

2015-03-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker: don't use getsockopt(TCP_MAXSEG) on unix
	sockets That avoids unhelpful warnings on the log. Reported by Claudio Luck.

2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test: tests: corrected full-test checks

2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-auth.c, src/worker-auth.c: worker: when
	receiving auth_cookie_reply from main update the SID That fixes an issue where the worker didn't know its correct SID,
	because (1) we didn't always send the SID as cookie - corrected in
	the previous patch, and (2) openconnect client doesn't honour all
	cookies, only the webvpnc one. In all cases it is more trustworthy
	to check our view of the SID rather than rely on the cookie.  Resolves issue with stats not being transmitted to sec-module when
	using certificate authentication.

2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: worker: always set the webvpncontext cookie

2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test: full-test: set PORT_OCSERV

2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: print unknown SIDs

2015-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.10.1

2015-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: ensure that sendmsg and recvmsg don't get
	interrupted

2015-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: sec-mod: handle unknown messages as bad commands

2015-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2015-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: call session_close only when session_open has
	succeeded

2015-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cookie-timeout: tests: enhance test-cookie-timeout to
	detect issues with main-sec-mod not in sync

2015-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: tolerate session close in unusual cases, and
	avoid desync

2015-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/sec-mod.c: sec-mod: only exit on
	ERR_BAD_COMMAND errors from main msg handler

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/ocserv-radius.conf, tests/radius-test: 
	radius-test: include radius accounting test

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: config: simplified comparison

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: icmp-ping: explicitly specify type

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: removed stray ','

2015-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.10.0

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-args.def, src/ocserv-args.def: doc update

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: document GSSAPI authentication

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: updated sample.config

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: disable DTLS if there is no ciphersuite in
	common

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update: mention that
	banning cannot be combined with listen-clear-file

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main-ctl-unix.c, src/main-misc.c, src/main.c,
	src/vpn.h: chroot_dir, occtl_socket_file and socket_file_prefix were
	moved to permanent config options

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/ocserv-args.def: updated
	documentation with options that will be read in reload

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/vpn.h: increased the maximum configuration options to 96 That allows for up to 96 routes to be sent by the server.

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-gssapi,
	tests/test-gssapi-local-map.config: tests: check whether local-map
	in gssapi is required by default

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: don't call exit from main process; use the termination
	path

2015-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c: always check tmsg for null prior to freeing it

2015-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: corrected default value of DPD

2015-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cfg.h, src/subconfig.c: avoid warnings on type of the
	parameter used for the allocation pool

2015-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/acct/radius.c: do not send IPv6 accounting with radius; there
	is a bug in freeradius-client

2015-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main.c, src/main.h: clear_cfg_file() ->
	clear_cfg()

2015-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: cast CMSG_DATA to avoid warnings

2015-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cfg.h, src/config.c, src/main-auth.c, src/main-ctl-unix.c,
	src/main-misc.c, src/main-sec-mod-cmd.c, src/main.c, src/main.h,
	src/sec-mod-auth.c, src/sec-mod-sup-config.c,
	src/sec-mod-sup-config.h, src/sec-mod.c, src/sec-mod.h,
	src/subconfig.c, src/tun.c, src/vpn.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: separated permanent configuration
	options from the reloaded ones

2015-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-sighup, tests/test-sighup.config: 
	tests: added check of behavior when SIGHUP is given

2015-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod.c: sec-mod: will exit if it fails to process commands
	from main

2015-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/worker-http.c: added option to
	completely disable compression support

2015-03-01  David Woodhouse <David.Woodhouse@intel.com>

	* src/lzs.c: Stop using 1ULL as the base value to be shifted in LZS
	GET_BITS() Keeping this as an int is fine; it'll never be shifted by more than
	9. And the promotion of (src[0] << (bits - bits_left)) from int to
	unsigned long long makes Coverity unhappy because of the
	sign-extension.  (patch copied from openconnect) Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

2015-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-unix.c: main-ctl-unix: avoid using remove_proc()
	unless necessary

2015-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: close stdin and stdout descriptors by default

2015-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ban.c: updated log message

2015-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-ban.config: tests: added missing file

2015-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/ipc.proto, src/main-misc.c,
	src/main-sec-mod-cmd.c, src/sec-mod-auth.c, src/vpn.h: client stats
	are conveyed to master through sec-mod That way both can keep a more accurate picture of user statistics.

2015-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: worker only sends stats to sec-mod

2015-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod: simplified session open and close
	handling

2015-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c: connects and disconnects to main
	are logged with LOG_INFO

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-kerberos/krb5.conf,
	tests/docker-kerberos/ocserv.conf: tests: kerberos-test includes
	check on KKDCP functionality

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/kkdcp.asn, src/kkdcp_asn1_tab.c: kkdcp.asn: use GeneralString
	for KerberosString to follow RFC1510

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker: send correct ipv4 address when an IPv6
	is present

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-kkdcp.c: kkdcp: fixes in post handler

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: removed pointless checks

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: tun: combined code used in SIOCIFDESTROY case

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: tlslib: eliminated pointless check

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: tlslib: call va_end earlier to avoid memory leak

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/subconfig.c: config: expand_brackets_string tolerates null
	values

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-unix.c: occtl-unix: removed dead code

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c: worker: fixed caching of message received from
	main

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: config: print the primary authentication method only
	once

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/radius.c: radius: eliminate dead variable

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-ban, tests/test-cookie-timeout,
	tests/test-cookie-timeout-2: tests: corrected copyright dates

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-ban: tests: added check for IP
	banning subsystem

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ban.c, src/sec-mod-auth.c, src/worker-vpn.c: don't
	attempt keeping scores for banning if banning is disabled

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: occtl: unban -> unban ip

2015-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod: do not reply on session close cmd

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ban.c: don't print message on adding a banned entry if
	already banned

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ban.c: print the accurate time on banned IP expiration

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-unix.c: occtl: banned IPs -> IPs in ban list

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/main-ctl-unix.c, src/main.h, src/occtl-unix.c: 
	removed unused variables and structures

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-unix.c: occtl: pretty print uptime

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-time.c, src/occtl-unix.c, src/occtl.h: occtl: pretty
	print expiration time in bans

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: occtl: avoid crash on empty cmdline argument

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: removed duplicate entries in makefile

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: occtl: rename show ip points to show ip ban points

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: PAM accounting is only included when PAM is enabled

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am: include kkdcp_asn1_tab.c only when
	GSSAPI is included

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: removed unused parameter of select()

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.h: include security/pam_appl.h only when PAM is
	enabled

2015-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: removed obsolete file

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/occtl-ip-cache.c, src/occtl-unix.c,
	src/occtl.c, src/occtl.h: occtl: added cache and completion for IP
	addresses

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.h, src/main-ban.c, src/main-ban.h,
	src/main-ctl-unix.c, src/occtl-unix.c, src/vpn.h: sanitize IP
	addresses provided by occtl

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-unix.c, src/occtl.c, src/occtl.h: occtl: allow listing
	only bans, or points

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ban.c: do not continuously extend the expiration time of
	banned IP entry

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ctl.h, src/ctl.proto, src/main-ban.c, src/main-ban.h,
	src/main-ctl-unix.c, src/occtl-unix.c, src/occtl.c, src/occtl.h: 
	occtl: added ability to list banned, and unban IPs

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod.c: sec-mod: don't use a timeout value in select() There is no need for that.

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/main.c, src/system.c, src/system.h: removed
	support for linux namespaces; they don't provide any advantage over
	seccomp

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-gssapi: tests: only run test-gssapi if gssntlmssp is
	found

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/main-ban.c,
	src/ocserv-args.def, src/sec-mod-auth.c, src/vpn.h,
	src/worker-kkdcp.c, src/worker-vpn.c: made the ban points
	configurable

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/acct/radius.c, src/auth/gssapi.c,
	src/auth/plain.c, src/auth/radius.c, src/config.c,
	src/ocserv-args.def, src/sec-mod-acct.h, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/vpn.h: removed server-name config option

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/ipc.proto, src/log.c, src/main-ban.c,
	src/main-ban.h, src/main-misc.c, src/main-sec-mod-cmd.c,
	src/sec-mod-auth.c, src/vpn.h, src/worker-auth.c,
	src/worker-kkdcp.c, src/worker-vpn.c, src/worker.h: When sending BAN
	IP messages to main receive a reply on whether further actions
	should continue That allows to BAN a user even during an open connection.

2015-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod: always send a reply to main

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: sec-mod: reply to main on failure to verify a
	session open cmd

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker-kkdcp.c, src/worker-misc.c,
	src/worker-vpn.c, src/worker.h: worker: collect any ban points and
	communicate them to main on exit

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test: tests: radius-test: cleanup

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ipc.proto, src/main-misc.c,
	src/main-sec-mod-cmd.c, src/ocserv-args.def, src/sec-mod-auth.c,
	src/vpn.h, src/worker-kkdcp.c: Added points in KKDCP connections to
	prevent DoS attacks.

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ban.c, src/main.c: log message for rejected banned IP
	connection was moved to main-ban.c

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl-unix.c: report the
	number of banned IPs via occtl

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ban.c, src/vpn.h: HTTP debug messages moved to level 4

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/main-ban.c, src/ocserv-args.def, src/vpn.h: 
	Add a cost in number of connections per IP to prevent DoS attacks

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/Makefile.am, src/config.c, src/ipc.proto,
	src/{sec-mod-ban.c => main-ban.c}, src/main-ban.h,
	src/main-sec-mod-cmd.c, src/main.c, src/main.h,
	src/ocserv-args.def, src/sec-mod-auth.c, src/sec-mod.c,
	src/sec-mod.h, src/vpn.h: enforce of IP banning was moved to main

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/main-misc.c, src/main-sec-mod-cmd.c,
	src/main.c, src/main.h, src/sec-mod.c, src/sec-mod.h: simplify the
	communication between main and sec-mod

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-debian-radius: tests: radius-test:
	require freeradius-client 1.1.7

2015-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: prevent accounting methods from switching on reload

2015-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/acct/radius.c: radius: use the NAS identifier in accounting
	too

2015-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/acct/radius.c, src/auth/pam.c, src/auth/plain.c,
	src/auth/radius.c: added sanity checks in auth methods

2015-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/auth/radius.c, src/cfg.h,
	src/ocserv-args.def, src/subconfig.c: allow explicitly specifying
	the NAS identifier in radius

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test, tests/radius-test, tests/unix-test: tests: use
	unique temp files

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker-http.c, src/worker.h: worker: if a
	client retries a POST/GET request without the X-Support-HTTP header
	switch method That allows openconnect to retry using password authentication if it
	has no ticket or so. To advertize that behavior we set the header
	X-HTTP-Auth-Support: fallback in our 401 response.

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: check all methods when using
	ws_switch_auth_to()

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-fedora-unix: unix-test: added lz4
	in fedora

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/subconfig.c: when stealing values do not reallocate them

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/auth/plain.c, src/cfg.h, src/config.c,
	src/ocserv-args.def, src/subconfig.c: plain authentication uses the
	new parsing method

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/cfg.h, src/config.c, src/subconfig.c: pam uses
	the new sub-config format

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/acct/radius.c, src/auth/radius.c,
	src/cfg.h, src/config.c, src/ocserv-args.def, src/subconfig.c: 
	radius will use the new sub-config format

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-gssapi.config: tests: test-gssapi: use
	require-local-user-map=false

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/Makefile.am, src/auth/gssapi.c, src/cfg.h,
	src/config.c, src/ocserv-args.def, src/subconfig.c, src/vpn.h: Added
	more advanced suboption parser That adds the ability to parse options in the form: auth =
	"gssapi[option1=value1,option2=value2,...] It also introduces the
	keytab, and require-local-user-map suboptions for gssapi.

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: when printing session information in log
	restrict to 5 chars

2015-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/ocserv-unix.conf, tests/unix-test: tests: fix
	IPs in unix-test

2015-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/kerberos-test: tests: set the proper hostname to KDC in
	kerberos-test

2015-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/kerberos-test, tests/test-gssapi: tests: updated checks for
	gssapi

2015-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README: README: added krb5 dependency

2015-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/ocserv-pam.conf,
	tests/docker-ocserv/ocserv-radius.conf, tests/pam-test,
	tests/radius-test: tests: changed IP addresses of radius and PAM
	tests to not collide with full-test

2015-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/Makefile.am, src/acct/pam.c,
	src/acct/pam.h, src/acct/radius.c, src/acct/radius.h,
	src/auth/pam.c, src/auth/pam.h, src/auth/radius.c,
	src/auth/radius.h, src/config.c, src/ipc.proto,
	src/ocserv-args.def, src/sec-mod-acct.h, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/sec-mod-db.c, src/sec-mod.h,
	src/sup-config/file.c, src/vpn.h, src/worker-vpn.c,
	tests/docker-ocserv/ocserv-pam.conf,
	tests/docker-ocserv/ocserv-radius.conf: Separated accounting from
	authentication.

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/kerberos-test: tests: updated kerberos-test

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/radius.c, src/ipc.proto, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/worker-vpn.c: radius: when sending
	accounting information include any updated IP

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-unix: tests: added liblz4
	into unix test and fixed IP addresses

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/sec-mod.h: keep statistics over the
	lifetime of a session rather than closing and opening the session
	multiple times

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-db.c: when generating a unique SID check if it already
	exists

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-debian-unix: tests: added more
	dependencies for debian docker image

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/kerberos-test, tests/test-gssapi: test gssapi/kerberos only
	when compiled with gssapi support

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: check state on session cmd

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/sec-mod-auth.c, src/vpn.h: when combining
	multiple auth methods as primary, combine the name as well

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/system.c: corrected command issue check

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: removed pointless check

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: main print username in new cookie session

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/sec-mod-db.c, src/sec-mod.h: add part of
	the session ID in logs to differentiate them

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: fixed sample.config

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-db.c: sec-mod: check for expiration time of -1

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod: prevent an auth init message when not
	in inactive mode

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: sec-mod: maintainance time was increased to be over
	the default cookie expiration time

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod: more verbose logging

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod: corrected usage counting issue in
	client entries kept

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c: radius: improved log messages consistency

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/auth/gssapi.c, src/auth/plain.c,
	src/auth/radius.c, src/config.c, src/main.c, src/ocserv-args.def,
	src/sec-mod-auth.c, src/sec-mod-auth.h, src/vpn.h: Added the
	configure option server-name If set it will be used to set the NAS_IDENTIFIER in radius.

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test, tests/kerberos-test, tests/pam-test,
	tests/radius-test, tests/unix-test: tests: use env variable to leave
	the docker image open

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: log http status replies

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/http-heads.gperf: renamed X-Support-SPNEGO to
	X-Support-HTTP-Auth

2015-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/sec-mod.h: eliminated unneeded variable

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/radius-test: radius-test: fixed wrong password test

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-fedora-pam,
	tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix: tests: added the
	kerberos libs as dependencies

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: radius: fixed config string parsing

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-explicit-ip, tests/user-config-explicit/test3: tests:
	fixed explicit-ip check

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: sec-mod-auth: use auth_user module function
	only when a module is available

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/docker-ocserv/Dockerfile-fedora-pam,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/ocserv-pam.conf,
	tests/docker-ocserv/pam-ocserv, tests/pam-test, tests/test-pam,
	tests/test-pam.config: tests: added PAM test suite

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test, tests/radius-test: tests: added negative
	authentication checks

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/docker-common.sh: tests: added
	kerberos-test

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac: bumped version and updated NEWS

2015-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, configure.ac, tests/Makefile.am,
	tests/docker-common.sh,
	tests/docker-kerberos/Dockerfile-fedora-client,
	tests/docker-kerberos/Dockerfile-fedora-kerberos,
	tests/docker-kerberos/Makefile.am, tests/docker-kerberos/ca.pem,
	tests/docker-kerberos/cert.pem, tests/docker-kerberos/dbus.service,
	tests/docker-kerberos/k5.KERBEROS.TEST,
	tests/docker-kerberos/kadm5.acl, tests/docker-kerberos/kdc.conf,
	tests/docker-kerberos/key.pem, tests/docker-kerberos/krb5.conf,
	tests/docker-kerberos/myscript, tests/docker-kerberos/ocserv.conf,
	tests/docker-kerberos/pam-ocserv, tests/docker-kerberos/passwd,
	tests/kerberos-test: tests: added kerberos test suite

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/kkdcp.asn,
	src/kkdcp_asn1_tab.c, src/ocserv-args.def, src/vpn.h,
	src/worker-kkdcp.c: kkdcp: allow the handling of multiple realms per
	URL

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/main.c: reduced level of command socket
	closed error

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/gssapi.c: gssapi: better log messages

2015-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c: pam: return empty message when not in the
	appropriate state

2015-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/gssapi.c: gssapi: require the localname to login

2015-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-kkdcp.c: kkdcp: attempt to read the whole message

2015-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-kkdcp.c: corrected DER message construction

2015-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/sup-config/file.c: sanitized strcmp check

2015-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Use content-length: 0 when closing connection

2015-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: when cookie is present avoid basic
	authentication

2015-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/worker-auth.c, src/worker-http.c: doc update

2015-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/gssapi.c, src/sec-mod-auth.c: update username in GSSAPI

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, doc/sample.config, src/Makefile.am, src/config.c,
	src/kkdcp.asn, src/kkdcp_asn1_tab.c, src/main.c,
	src/ocserv-args.def, src/worker-kkdcp.c, src/worker.h: kkdcp:
	perform the proper encoding and decoding on exchanged data

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/config.c, src/vpn.h, src/worker-http.c,
	src/{worker-urlfw.c => worker-kkdcp.c}, src/worker.h: renamed urlfw
	to kkdcp

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: more specific log message

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def,
	src/sec-mod-ban.c, src/vpn.h: Added max-password-retries config
	option That makes the number of retries prior to banning the IP
	configurable.

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/common.h, src/auth/plain.c, src/auth/radius.c,
	src/main.h, src/sec-mod-auth.c, src/sec-mod-auth.h,
	src/sec-mod-ban.c, src/sec-mod.h, src/worker-auth.c: Ban an IP only
	when the MAX_PASSWORD_TRIES attempts have been exceeded

2015-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/gssapi.c: gssapi: better error printing and restrict to
	SPNEGO

2015-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/http-heads.gperf, src/worker-http.c, src/worker.h: 
	X-Need-SPNEGO renamed to X-Support-SPNEGO

2015-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker.h: if gssapi authentication fails,
	switch to password auth if possible

2015-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: prohibit worker from sending an auth_type of
	zero

2015-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: Fail if authentication modules are changed on reload

2015-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/gssapi.c, src/auth/pam.c, src/auth/plain.c,
	src/auth/radius.c, src/auth/radius.h, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/sec-mod.h: Additional data are passed only
	to auth module's global_init

2015-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/vpn.h, src/worker-urlfw.c: 
	Allow setting content-type urlfw, and allow tcp

2015-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: updated documentation

2015-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/Makefile.am, src/config.c, src/vpn.h,
	src/worker-http.c, src/worker-urlfw.c, src/worker-vpn.c,
	src/worker.h: Added url-fw config option That allows to specify a class of URLs where, if a client POSTS to
	it, the data will be forwarded to the configured server, and the
	client will receive its reply.

2015-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: use vasprintf() in cstp_printf()

2015-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/gssapi.c, src/auth/pam.c, src/auth/plain.c,
	src/auth/radius.c, src/sec-mod-auth.c, src/sec-mod-auth.h,
	src/sec-mod-db.c, src/sec-mod.h, src/vpn.h, src/worker-auth.c: 
	eliminated auth message upper limit

2015-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-gssapi, tests/test-gssapi.config: 
	test-gssapi: added check for gssapi authentication

2015-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/gssapi.c, src/vpn.h: increased maximum message size to
	2048

2015-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/worker-auth.c: Ensure that any messages
	are being forwarded even on success packet

2015-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: only print WWW-Authenticate when there are data
	to print

2015-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Allow GSSAPI authentication even from GET
	commands

2015-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: In certificate verification separate between no
	certificate and verification failure

2015-02-11  Kevin Cernekee <cernekee@gmail.com>

	* src/auth/gssapi.c: gssapi: Don't include gssapi header files if
	!HAVE_GSSAPI This fixes:       CC       auth/gssapi.o     auth/gssapi.c:30:27: fatal error: gssapi/gssapi.h: No such file
	     or directory #include <gssapi/gssapi.h>                                ^

2015-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-pass-opt-cert, tests/test-pass-opt-cert.config,
	tests/user-config-opt/test: test-pass-opt-cert: updated for
	enable-auth config option

2015-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ipc.proto, src/main-auth.c,
	src/main-misc.c, src/ocserv-args.def, src/sec-mod-auth.c,
	src/sup-config/file.c, src/vpn.h, src/worker-auth.c: removed the
	certificate[optional] auth type

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/auth/gssapi.c,
	src/auth/gssapi.h, src/auth/pam.c, src/auth/plain.c,
	src/auth/radius.c, src/config.c, src/http-heads.gperf,
	src/ipc.proto, src/main.h, src/ocserv-args.def, src/sec-mod-auth.c,
	src/sec-mod.c, src/sec-mod.h, src/tlslib.c, src/vpn.h,
	src/worker-auth.c, src/worker-http.c, src/worker-vpn.c,
	src/worker.h: Added GSSAPI as an additional password auth mechanism That also adds the ability to support an OR composition of multiple
	authentication methods. That is using the 'enable-auth' config
	option.

2015-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2015-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: ip-lease: use 128 as prefix in local IP

2015-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-common.sh,
	tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-debian-unix, tests/full-test,
	tests/radius-test, tests/unix-test: tests: updated for new IPv4
	assignment

2015-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: manpage: generate a DER PKCS #12 file

2015-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/ip-lease.c, src/main-resume.c: 
	avoid using the IPv4 network address as tun address, and simplify
	valid address checking

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: ip-lease: fixed hash value for IPv6 leases This corrects the unique check for assigned IPv6 addresses.

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test, tests/radius-test: tests: fix pings to IPv6
	addresses for the new tun address

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: In IPv6 use the network address + 1 as the tun
	address

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/ocserv-radius.conf,
	tests/docker-ocserv/radius-clients.conf, tests/radius-test: 
	radius-test: completed test

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix,
	tests/docker-ocserv/ocserv.conf, tests/full-test, tests/unix-test: 
	full/unix-test: updated for new IP assignments

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, src/tun.c: Linux ipv6: assign route to the remote
	IP

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: force relative names on the socket file to allow it
	being accessible from main and workers

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: use seccomp where it is available

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use IPV6_V6ONLY flag only when defined

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/system.c: use headers for clone() only when ENABLE_LINUX_NS is
	defined

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: added missing file

2015-02-14  Stuart Henderson <stu@spacehopper.org>

	* src/main.h: header/macro fix for OpenBSD Signed-off-by: Stuart Henderson <stu@spacehopper.org>

2015-02-14  Stuart Henderson <stu@spacehopper.org>

	* src/tun.c: correct byte-order for tun header Signed-off-by: Stuart Henderson <stu@spacehopper.org>

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: use writev() and readv() for tun_read/write in OpenBSD

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c, src/tun.h, src/worker-vpn.c: Handle OpenBSD's
	additional tun header

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: oc_recvfrom_at: correctly set *addrlen

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main.c: Set blocking mode to fd
	returned by accept That addresses issues in OpenBSD where the fd is set to non blocking
	when the accept's fd is non blocking.

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: added missing colon

2015-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: Attempted to simplify the BSD tun handling code

2015-02-13  Stuart Henderson <stu@spacehopper.org>

	* src/tun.c: BSD patches for ocserv Iterate over tunXX devices, for BSDs that can't just open /dev/tun
	to retrieve the "next available tun".  This is just copied with minor changes from openconnect/src/tun.c, Signed-off-by: Stuart Henderson <stu@spacehopper.org>

2015-02-13  Stuart Henderson <stu@spacehopper.org>

	* src/common.c, src/system.c, src/tun.c: BSD patches for ocserv Hi Nikos, here are patches for a couple of issues which are stopping
	ocserv from building on OpenBSD (and might be causing problems on
	other OS too).  There's a bit more to do for OpenBSD, it does need
	the iteration as done in openconnect's tun.c:405-410, I might have
	another diff for that later.  Signed-off-by: Stuart Henderson <stu@spacehopper.org>

2015-02-13  Joerg Mayer <jmayer@loplof.de>

	* tests/ocpasswd-test: Fix one of the places where "make distcheck"
	fails: In case of success ocpasswd-test should not leave the last
	test output lying around Signed-off-by: Joerg Mayer <jmayer@loplof.de>

2015-02-13  Joerg Mayer <jmayer@loplof.de>

	* src/Makefile.am: Fix out of tree build.  Signed-off-by: Joerg Mayer <jmayer@loplof.de>

2015-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-fedora-radius: tests: updated
	radius-test for fedora

2015-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/ipc.proto, src/main-auth.c, src/main-misc.c,
	src/main.h, src/sec-mod-auth.c: when opening a session forward the
	received cookie to sec-module That allows to verify that the cookie hasn't been tampered without
	relying only on the MAC.

2015-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/sec-mod.h: added seclog_hex

2015-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def: no longer
	document the auth option certificate[optional]

2015-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/ocserv-args.def: doc update

2015-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c, src/common.h, src/icmp-ping.c, src/icmp-ping.h,
	src/ip-lease.c: always assign the first network address as PtP
	address

2015-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: check the explicit IP addresses for existence in
	our leases

2015-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/user-config-explicit/test2,
	tests/user-config-explicit/test4: test-explicit-ip: Modified illegal
	checks for the new illegal addresses

2015-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: reserve the first address of the network to be set
	as the local part in our tun devices That is used only when explicit IP addresses are set. That way we
	don't need to separate addresses into odd and even.

2015-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/proc-search.c, src/proc-search.h: Added
	failure codes for proc_table_add()

2015-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main.h, src/proc-search.c, src/proc-search.h: 
	added hash table to search via 'real' SID

2015-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/main.h, src/proc-search.c, src/proc-search.h: 
	correctly renamed DTLS ID search functions

2015-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, src/ocserv-args.def, tests/Makefile.am,
	tests/test-explicit-ip, tests/test-explicit-ip.config,
	tests/user-config-explicit/test, tests/user-config-explicit/test2,
	tests/user-config-explicit/test3, tests/user-config-explicit/test4: 
	Added implicit accounting when explicit addresses are specified Only odd IP addresses can now explicitly be set, so that the next
	even address can be used as the local one.

2015-02-08  Kevin Cernekee <cernekee@gmail.com>

	* src/ip-lease.c: Use distinct remote and local IPs when
	explicit_ipv[46] is specified Currently the code sets the local interface IP to the same value as
	the P-t-P IP: tun0      Link encap:UNSPEC  HWaddr
	          00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet
	          addr:192.168.63.1  P-t-P:192.168.63.1  Mask:255.255.255.0 UP
	          POINTOPOINT RUNNING NOARP MULTICAST  MTU:1341  Metric:1 RX packets:0
	          errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0
	          dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B) This doesn't seem to get things routed correctly.  e.g. pinging
	192.168.63.1 from the ocserv gateway just loops traffic back to the
	local machine instead of pinging the client.  So instead we'll set LIP = RIP + 1.  This isn't terribly intuitive
	(an administrator might try to number consecutive users 192.168.1.1,
	192.168.1.2, 192.168.1.3, ...) but it's better than the current
	situation.  Maybe at some point, fixed IPs should also make use of
	the hash table.

2015-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-db.c: set cookie to expire when the last user
	disconnects

2015-02-08  Kevin Cernekee <cernekee@gmail.com>

	* src/config.c: config: Use talloc_free() to free "route" strings Adding redundant routes triggers a glibc assertion on startup.  The
	offending config file contained:     route = 192.168.1.0/255.255.255.0     route = default The assertion:     # ./src/ocserv -c ocserv.conf -f     *** Error in `./src/ocserv': munmap_chunk(): invalid pointer:
	    0x0000000001703470 *** Aborted (core dumped) Fix this by calling the correct free() function.

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: document explicit-ipv?

2015-02-08  Kevin Cernekee <cernekee@gmail.com>

	* src/sup-config/file.c: Allow explicit-ipv4 / explicit-ipv6
	addresses in per-user config files If a machine is running remotely accessible services, it can be
	helpful to assign a fixed IP address upon connection.

2015-02-08  Kevin Cernekee <cernekee@gmail.com>

	* src/main.c: main: Check chdir() return value This fixes:     main.c: In function ‘main’:     main.c:1025:8: warning: ignoring return value of ‘chdir’,
	       declared with attribute warn_unused_result [-Wunused-result]
	chdir(s->config->chroot_dir);             ^

2015-02-08  Kevin Cernekee <cernekee@gmail.com>

	* src/main.c: main: Fix unused variable warning on !HAVE_LIBSYSTEMD
	builds This fixes:       CC       main.o     main.c: In function ‘listen_ports’:     main.c:276:11: warning: unused variable ‘fds’
	      [-Wunused-variable] int ret, fds;                ^

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/main-auth.c, src/main-misc.c,
	src/main.c, src/main.h, src/sec-mod-auth.c: eliminate double books
	for session expiration Session expiration is now handled only by security module. That
	simplifies the logic significantly.

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: delete client entry after message is sent

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c: Before allowing the steal of leases, check that
	usernames match

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.h: corrected typo

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/main-auth.c, src/main-misc.c: 
	when we detect user disconnection, set the proper expiration time on
	their cookies

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-cookie-timeout: test-cookie-timeout: verify that a
	forced kill will not alter the cookie's validity

2015-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2015-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: be explicit that dbus support is incomplete

2015-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ctl.proto, src/ipc.proto,
	src/main-auth.c, src/main-ctl-unix.c, src/main-misc.c,
	src/occtl-unix.c, src/ocserv-args.def, src/sup-config/file.c,
	src/vpn.h, src/worker-auth.c, src/worker-misc.c, src/worker-vpn.c,
	src/worker.h: Added support for no-routes (X-Split-Exclude)

2015-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: only use libseccomp in x86 (64) and ARM

2015-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated package dependencies

2015-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-broken-seccomp.c: Revert "tests:
	added test for broken seccomp" This reverts commit 889d6ba0b7ffdc7b38086e80654e21ca7e515944.

2015-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-broken-seccomp.c: Revert "tests: only run the seccomp
	check if it was enabled" This reverts commit 00a2caee368cacc59be963288f705070b2c54a80.

2015-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: seccomp: allow _newselect since it is called
	in x86 instead of select

2015-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: specify that experimental are not
	recommended

2015-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2015-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: rearrange supported options

2015-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-broken-seccomp.c: tests: only run the seccomp check if
	it was enabled

2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-broken-seccomp.c: tests: added test
	for broken seccomp

2015-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cookie-timeout.config: tests: added missing file

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: ask for libfreeradius-client 1.1.7

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-pass, tests/test1.passwd: tests: check for empty
	password support

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-ban.c: sec-mod: use ctime() to print the ban list
	expiration time

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: sec-mod: pass all failures through
	handle_sec_auth_res() That will set the proper state to the user entry.

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: worker: allow empty passwords

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c, src/sec-mod.h, src/system.c: moved LOG_DEBUG messages
	to debug level 3 or higher

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: moved some debugging messages into http level

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/docker-common.sh,
	tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/freeradius-users,
	tests/docker-ocserv/ocserv-radius.conf,
	tests/docker-ocserv/radius-clients.conf,
	tests/docker-ocserv/radiusclient-servers,
	tests/docker-ocserv/radiusclient.conf, tests/full-test,
	tests/radius-test, tests/unix-test: tests: added radius test

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cookie-timeout, tests/test-cookie-timeout-2,
	tests/test-multi-cookie: tests: made pid file names unique

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/sec-mod-db.c, src/sec-mod.h, src/vpn.h,
	src/worker-auth.c: harmonize the time cookies are stored in security
	module and main server

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-cookie-timeout-2,
	tests/test-cookie-timeout-2.config: tests: added check to ensure
	that cookies remain valid during all session time

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-cookie-timeout: tests: check whether
	the expiration time in cookies in checked

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-multi-cookie: test-multi-cookie: corrected test

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : updated design documents

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.radius: account freeradius-client version 1.1.7 in
	README.radius.

2015-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2015-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: enable min-reauth-time in
	default configuration

2015-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/plain.c, src/auth/radius.c: enforce the actual number of
	MAX_TRIES in authentication

2015-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: added gperf a development dependency

2015-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-dbus.c: occtl: corrected sending of dbus msgs

2015-01-24  Aron Xu <aron@debian.org>

	* doc/systemd/socket-activated/ocserv.service,
	doc/systemd/standalone/ocserv.service: Run after
	network-online.target, instead of network.target Signed-off-by: Aron Xu <aron@debian.org>

2015-01-24  Aron Xu <aron@debian.org>

	* doc/systemd/socket-activated/ocserv.service,
	doc/systemd/standalone/ocserv.service: Remove syslog.target from
	systemd service files syslog is now socket-activated on all major distributions, hence the
	target is deprecated.  Signed-off-by: Aron Xu <aron@debian.org>

2015-01-24  Aron Xu <aron@debian.org>

	* doc/systemd/socket-activated/ocserv.service,
	doc/systemd/standalone/ocserv.service: Run in foreground when using
	systemd Signed-off-by: Aron Xu <aron@debian.org>

2015-01-24  Aron Xu <aron@debian.org>

	* configure.ac, src/Makefile.am, src/main.c: Replace
	LIBSYSTEMD_DAEMON with LIBSYSTEMD Signed-off-by: Aron Xu <aron@debian.org>

2015-01-24  Aron Xu <aron@debian.org>

	* doc/systemd/socket-activated/ocserv.socket: Listen to Port 443 as
	in sample.config Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-01-24  Aron Xu <aron@debian.org>

	* src/main-ctl-dbus.c: Update call parameters of str_init() for
	--with-dbus Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2015-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker: calculate MTU prior to sending IPv6
	addresses That way we can disable IPv6 if the calculated MTU size is less than
	the allowed by IPv6.

2015-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: include http-heads.h into ocserv's sources

2015-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.9.0

2015-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/system.c: properly disable safe_fork

2015-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: corrected isolate-workers typo

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/ocpasswd.c: ocpasswd: attempt to use sha2crypt
	only in glibc uclibc's crypt(3) is so dumb it will not error if $5$ is specified
	as salt, but not supported.

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocpasswd.c: ocpasswd: corrected fallback to MD5 crypt

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/ocserv-unix.conf: tests: enable compression in
	the unix test

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: disable linux namespaces by default

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/system.c, src/system.h: only define safe_fork() in systems
	with linux namespaces

2015-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-unix.c, src/sec-mod.c, src/system.c, src/system.h: 
	silence debugging messages from sec-mod when not in debug

2015-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-http.c, src/worker-vpn.c, src/worker.h: move more
	http-related functions to worker-http

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/lzs.c, src/lzs.h: updated copyright information in LZS code

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-http.c: combined parsing of CSTP and DTLS encoding

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/http-heads.gperf, src/worker-http.c,
	src/worker.h: Replace header_check() mess with a gperf table

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/worker-extras.c, src/worker-http.c,
	src/worker-vpn.c, src/worker.h: Moved HTTP parts of worker to
	worker-http.c

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.def,
	src/vpn.h, src/worker-extras.c: Compression is disabled by default

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/lzs.h: lzs.h: added license

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/lzs.c, src/lzs.h, src/worker-extras.c: Added
	support for LZS

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def, src/vpn.h: increased
	MIN_NO_COMPRESS_LIMIT

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-fedora-tcp: tests: install lz4 on
	docker images

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: fixed compression to use the correct start of
	buffer

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: only enforce undumpable if we are not debugging

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/ipc.proto, src/main-ctl-unix.c,
	src/main-misc.c, src/main.h, src/occtl-unix.c, src/worker-vpn.c: 
	report the compression algorithms to occtl

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-vpn.c: Made the no-compress-limit configurable

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-extras.c, src/worker-vpn.c: Allow compression to fail,
	and in that case send uncompressed packets That allows to cancel compression early, if it seems to expand the
	packet. Suggested by David Woodhouse.

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: only transmit a compressed packet, if it reduces
	the size

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-extras.c: 
	added option to disable compression

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-extras.c, src/worker-vpn.c, src/worker.h: Moved
	negotiation/parsing of parameters using HTTP headers to
	worker-extras.c

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/vpn.h, src/worker-vpn.c,
	src/worker.h: Added support for LZ4 compression

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: corrected typo

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/main.c, src/ocserv-args.def,
	src/vpn.h, src/worker-vpn.c: replaced use-seccomp by isolate-workers That, if enabled, includes the Linux namespaces restrictions into
	workers.

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: reorganized to avoid compiler warnings

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/system.c: include linux/sched.h to compile on
	systems with older libc

2015-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/system.c: remove the CLONE_NEWNET isolation option as it's
	performance cost is too high

2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: typo fix

2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/haproxy.cfg: tests: remove all error file
	references from haproxy.cfg These files don't exist in Fedora.

2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/config.c, src/main.c, src/system.c,
	src/system.h: In linux run the server in it's own container with
	separate IPC and PID namespace

2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-common.sh: tests: attempt to use lockfile-create if
	it exists

2015-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/system.c, src/system.h, src/worker-vpn.c: do not allow the
	processes to be traced in linux That would prevent a worker process tracing one from another user.

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c, src/worker-vpn.c: removed unneeded variable

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: corrected check for non-empty pull buffer

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c: prevent a memory leak when multiple fds are
	received in short time

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-unix.c: occtl: re-arranged user-agent and MTU printing

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-dbus.c, src/occtl-unix.c: added more precise match of
	version

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c, src/main-auth.c, src/main-misc.c: avoid repeating
	username in logs

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: do not enforce PFS on
	default strings That allows legacy clients connect.

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-misc.c, src/worker-vpn.c, src/worker.h: 
	simplified DTLS fd handling and dtls_pull()

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-misc.c: always forward the first message
	when forwarding fd

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/main.c: cleanups

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: only set IPV6_RECVPKTINFO on IPv6 sockets

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main.c: simplified
	forward_udp_to_owner() by introducing oc_recvfrom_at()

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/main-ctl-unix.c, src/main-misc.c, src/main.h,
	src/occtl-unix.c: save MTU in main, and report it to occtl

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main.c, src/worker-misc.c, src/worker-vpn.c,
	src/worker.h: bind to the address we received UDP on That in addition allocates a new UDP socket per client, and forwards
	the initial client hello to the worker process as auxillary data.
	That, eliminates the need to re-open the main server's UDP socket
	per client connection.

2015-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: when compiling with gnutls 3.3.5 or later use
	the zero copy recv API

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/radius.c: radius: added safety checks in the parsing of
	Framed-IPv6-Prefix

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/radius.c: radius: use separate types for ipv4 and ipv6

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: set seccomp as enabled by default

2015-01-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c: radius: handle Framed-IPv6-Prefix as routes to
	add

2014-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/config.c, src/ocserv-args.def: 
	Allow prefixes in specifying the IPv4 network

2014-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Disable route and DNS assignment in IPv6 for
	non-openconnect clients That is because anyconnect clients can handle the assignment of an
	IPv6 address, but cannot handle routes or DNS in IPv6.  So we
	disable IPv6 after an IP is assigned.

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-fedora-unix: dockerfile: added
	missing haproxy

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def,
	src/sup-config/file.c, src/vpn.h: simplify the input of IPv6
	networks The prefix is specified as part of the network.

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.radius, src/auth/radius.c, src/auth/radius.h,
	src/ocserv-args.def, src/sup-config/radius.c: radius: added support
	for Framed-IPv6-Prefix

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: print IPv6 netmask only when in non-full mode Also use the network address if available to print netmask.

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: bail out if use-seccomp is set to true but there is
	no seccomp capability

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: tests: enabled nuttcp when running in Fedora

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/docker-common.sh,
	tests/docker-ocserv/{Dockerfile-tcp => Dockerfile-debian-tcp},
	tests/docker-ocserv/{Dockerfile-unix => Dockerfile-debian-unix},
	tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix,
	tests/docker-ocserv/Makefile.am, tests/full-test, tests/unix-test: 
	full-test, unix-test: modified to operate in Fedora as well That also enables a check for ping in the IPv6 address.

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: Added protobuf-c dependency

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/ocserv-unix.conf,
	tests/docker-ocserv/ocserv.conf, tests/unix-test: tests: separated
	the address ranges on full and unix tests and added IPv6 addresses

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: send the Netmask when an IPv6 Address is
	assigned

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: IPv6 fixes in ip-lease Issue discovered and fixed by sskaje.

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: use libsystemd instead of systemd-daemon

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: enable IPv6 in Anyconnect clients, and send the
	prefix

2014-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c: Do print error when pam_authenticate or
	pam_acct_mgmt fail

2014-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.radius: doc update

2014-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: override the default ipv6_prefix only if
	ipv6_prefix is set

2014-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: the default strings will
	enforce PFS

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c: radius: optimize "parse" of route

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.radius, src/auth/radius.c, src/auth/radius.h,
	src/sup-config/radius.c: radius: use Framed-Route and
	Framed-IPv6-Route That is read and if format is the expected, they are forwarded to
	client.

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c, src/auth/plain.c, src/auth/radius.c: more
	strlcpy() related changes

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-misc.c, src/sec-mod-auth.c: ensure that
	stats are only updated if they increase That is, transferred bytes will not decrease in an update due to
	miscommunication between main and workers.

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/common.c, src/common.h, src/config.c,
	src/main-auth.c, src/main-ctl-unix.c, src/main-misc.c,
	src/main-user.c, src/main.c, src/sec-mod-auth.c, src/sec-mod-ban.c,
	src/sec-mod-db.c, src/sec-mod.c, src/tlslib.c, src/tun.c,
	src/worker-auth.c: use strlcpy() instead of snprintf() where it make
	sense That should reduce wasted cycles.

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c, src/auth/radius.c, src/auth/radius.h,
	src/ipc.proto, src/main-misc.c, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/sec-mod.h, src/worker-vpn.c, src/worker.h: 
	radius: increase the info sent during accounting requests Based on suggestions by Niels Peen. That adds: Calling-Station-Id in
	auth message, and Service-Type, Framed-Protocol, Framed-IP-Address,
	Acct-Authentic, NAS-Port-Type, Acct-Session-Time in acct messages.

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: removed unused option

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c: removed redundant checks

2014-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: check for a suitable freeradius-client

2014-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c, src/auth/radius.h: simplify radius usage

2014-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, doc/README.radius: updated radius documentation

2014-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README, doc/Makefile.am, doc/README.radius: Added README.radius

2014-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: first set amod and then use it That fixes a crash with PAM module on startup.  Reported by Ismail
	Donmez.

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-sup-config.c: do not utilize radius symbols if radius
	is disabled Reported by Ismail Donmez

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 3307793e3474678516c85279521bc74f5095171e Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Wed Dec 10 19:55:12 2014
	+0100

2014-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/sec-mod-auth.c, src/sec-mod.c, src/sec-mod.h: 
	undid ed5b177691d52c1c5417ef802854e26c9dd5d4f4 It is not currently possible to reload only a part of the
	configuration. If the back-end module changes, the server will bail
	out instead.

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: sec-mod: always reply on open-session cmd

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: avoid crash when no auth module is in use

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/sec-mod.c, src/sec-mod.h: sec-mod:
	preparations for thread safety

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/sec-mod.c: sec-mod: separated request
	serving from main loop

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README, doc/sample.config, src/ocserv-args.def: updated
	documentation on radius

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: updated todo list

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/auth/pam.c, src/auth/radius.c,
	src/auth/radius.h, src/common.c, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/sec-mod.c, src/sec-mod.h: Added support for
	radius interim updates

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ipc.proto, src/ocserv-args.def, src/sec-mod.c,
	src/sec-mod.h, src/vpn.h, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: added option to send statistics periodically to
	sec-mod

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: authentication information is only read on load

2014-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/Makefile.am, src/auth/radius.c,
	src/auth/radius.h, src/config.c, src/ocserv-args.def,
	src/sec-mod-sup-config.c, src/sec-mod-sup-config.h,
	src/sup-config/radius.c, src/sup-config/radius.h, src/vpn.h: Added
	support for reading user configuration from radius.

2014-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, doc/sample.config, src/Makefile.am,
	src/auth/common.c, src/auth/common.h, src/auth/plain.c,
	src/auth/radius.c, src/auth/radius.h, src/config.c, src/main.h,
	src/ocserv-args.def, src/sec-mod-auth.c, src/sec-mod-auth.h,
	src/sec-mod.c, src/sec-mod.h, src/vpn.h: Added support for radius
	authentication

2014-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/common.h, src/config.c, src/ip-lease.c,
	src/ipc.proto, src/main-auth.c, src/main-misc.c, src/main.c,
	src/main.h, src/ocserv-args.def, src/sec-mod-auth.c,
	src/{main-sup-config.c => sec-mod-sup-config.c},
	src/{main-sup-config.h => sec-mod-sup-config.h}, src/sec-mod.c,
	src/sec-mod.h, src/sup-config/file.c, src/sup-config/file.h,
	src/vpn.h: Supplementary configuration is now read by the security
	module.  That allows sec-mod to handle both authentication and accounting.
	That deprecates the session-control configuration option.

2014-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.h, src/config.c, src/ip-lease.c, src/main-auth.c,
	src/sup-config/file.c, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c: deprecated ipv6_netmask

2014-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: call disconnect script only if the user was on
	connected state

2014-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: separate log messages between up and down script

2014-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test, tests/unix-test: tests: satisfy latest docker's
	restrictions

2014-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test, tests/unix-test: tests: try to check stats only
	when file is present

2014-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: run the down script even if the client's IP
	address has been re-used

2014-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/sec-mod-ban.c, src/sec-mod-db.c,
	src/sec-mod.c, src/sec-mod.h: sec-mod: made logging consistent with
	the main server

2014-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-vpn.c: Notify the client that the server may have a
	dynamic DNS address That is send "X-CSTP-DynDNS: true", in CSTP headers if the server is
	configured as having a dynamic DNS address.

2014-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/auth/plain.c, src/ocpasswd.c: use define
	_XOPEN_SOURCE to get crypt()

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: sec-mod: print whether a certificate is
	present

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: enhanced sample.config

2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: forward to gnutls manual for priority string
	documentation

2014-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.8

2014-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: use TCP_NOPUSH in systems that support it (FreeBSD)

2014-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: Disable RC4 in the default
	priority strings

2014-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: when generating the DTLS session ID set its size
	as well

2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/worker.h: added oclog_hex()

2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-auth.c, src/sec-mod-auth.c: Generate a new
	DTLS session ID on every cookie connection That allows openconnect to distinguish when the DTLS key has
	switched.

2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c: print the username earlier in log

2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: improved logged messages

2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: advertise a new DTLS session only when it is one

2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-misc.c, src/worker.h: partially reverted
	b924eba1acd0a9159d1a938509475174b10644ef The timeouts were reset to the original values.

2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: disable matching of IPs when the listen-clear-file
	option is set

2014-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/worker-misc.c, src/worker-vpn.c, src/worker.h: 
	reduced the severity of log messages when forwarding packets and
	reduced the timeouts

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: when reporting errors, mention the username of the
	relevant client

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: corrected typo

2014-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h: increased the SID_SIZE (cookie used during
	authentication phase) to 128 bits

2014-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h, src/occtl-dbus.c, src/occtl-unix.c, src/vpn.h,
	src/worker-vpn.c: send session information from worker to parent
	twice That allows to account changes after DTLS is established (e.g., send
	the DTLS ciphersuite name).

2014-10-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: TODO update

2014-10-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/main-auth.c, src/main-misc.c, src/main.c,
	src/main.h, src/proc-search.c, src/proc-search.h: use hash tables to
	locate proc entries That would avoid a walk on all connected clients, when a new UDP
	session starts.

2014-10-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: when selecting a DTLS ciphersuite try to ensure
	it matches the CSTP

2014-10-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: remove the disable safe renegotiation flag from
	DTLS

2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: updated synopsis

2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.7

2014-10-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: use 3des-pkcs12 in the documentation for the
	generation of PKCS #12 structures That format seems to be compatible with more clients (e.g.
	Anyconnect).

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: disable SSL 3.0 on the
	default priorities

2014-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: disabled session control by default in
	sample.config

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: only enable session control when a username/password
	authentication is used

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: Added sanity checks into sec-mod That prevents a crash when certificate authentication is used but
	session control is enabled. Reported by George Panda.

2014-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: enable non-blocking DTLS timers

2014-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: removed no longer relevant todo entries

2014-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: corrected typo

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: changes for non-blocking sockets

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main.c, src/tlslib.c,
	src/worker-misc.c, src/worker-vpn.c: use non-blocking sockets in
	worker process

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main.c: added set_non_block()

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: corrected typo

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: released 0.8.6

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.h: simplified FATAL_ERR_CMD()

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/tlslib.c, src/tlslib.h: added
	recv_timeout() to replace force_read_timeout() in socket reading

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/worker-vpn.c: cleanup of cstp_recv() and
	cstp_recv_nb()

2014-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/Makefile.am, libopts/ag-char-map.h, libopts/ao-strs.c,
	libopts/ao-strs.h, libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/usage-txt.h, libopts/compat/_Noreturn.h,
	libopts/genshell.c, libopts/genshell.h, libopts/intprops.h,
	libopts/m4/libopts.m4, libopts/m4/stdnoreturn.m4,
	libopts/option-value-type.c, libopts/option-value-type.h,
	libopts/option-xat-attribute.c, libopts/option-xat-attribute.h,
	libopts/parse-duration.c, libopts/proto.h,
	libopts/stdnoreturn.in.h, libopts/version.c: updated to libopts
	5.18.4

2014-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.5

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/tun.c: eliminated last uses of force_close()

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.h, src/main-ctl-unix.c, src/main-misc.c, src/main.c: 
	Revert "use force_close() on server to avoid descriptor leaks" This reverts commit f622f6696c3b3a5fc8ffc39c4d5db2322c78c7c2.

2014-09-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.def,
	tests/docker-ocserv/ocserv-unix.conf: listen-file ->
	listen-clear-file

2014-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.def,
	tests/docker-ocserv/ocserv-unix.conf: unix-conn-file -> listen-file

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c, src/main.h, src/sec-mod-auth.c,
	src/sec-mod.c, src/sec-mod.h: use more reasonable names to open and
	close a session

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: override the user's group prior to opening the
	group configuration file That prevented opening group configuration for users that had their
	group in a certificate. Reported by Norbert Paschedag.

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/ocserv-args.def, tests/Makefile.am,
	tests/test-pass-opt-cert.config: optional-certificate was renamed to
	certificate[optional]

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: allow positive values to waitpid

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: increased the verbosity of shutdown messages

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-pass-opt-cert,
	tests/test-pass-opt-cert.config, tests/user-config-opt/test: Added
	self-tests for optional certificate authentication

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ipc.proto, src/main-auth.c,
	src/ocserv-args.def, src/sec-mod-auth.c, src/sec-mod.h,
	src/sup-config/file.c, src/vpn.h, src/worker-auth.c, src/worker.h: 
	added new authentication mode optional-certificate That mode allows having only specific group of users that are
	required to present a certificate.

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vasprintf.c: replaced vasprintf() with correct variant

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* COPYING, src/auth/pam.c, src/auth/plain.c, src/common.c,
	src/config.c, src/cookies.c, src/html.c, src/icmp-ping.c,
	src/ip-lease.c, src/log.c, src/main-auth.c, src/main-ctl-dbus.c,
	src/main-ctl-unix.c, src/main-misc.c, src/main-resume.c,
	src/main-sup-config.c, src/main-user.c, src/main.c,
	src/occtl-args.def, src/occtl-cache.c, src/occtl-dbus.c,
	src/occtl-nl.c, src/occtl-pager.c, src/occtl-unix.c, src/occtl.c,
	src/ocpasswd-args.def, src/ocpasswd.c, src/ocserv-args.def,
	src/route-add.c, src/sec-mod-auth.c, src/sec-mod-ban.c,
	src/sec-mod-db.c, src/sec-mod.c, src/setproctitle.c,
	src/sup-config/file.c, src/system.c, src/tlslib.c, src/tun.c,
	src/worker-auth.c, src/worker-bandwidth.c, src/worker-extras.c,
	src/worker-misc.c, src/worker-privs.c, src/worker-resume.c,
	src/worker-vpn.c: Revert "license upgraded to GPLv3" This reverts commit 213f9a63ee60192c5bb086c3c970c4644e55f459.  Conflicts:         configure.ac

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/docker-ocserv/{Dockerfile =>
	Dockerfile-tcp}, tests/docker-ocserv/Dockerfile-unix,
	tests/docker-ocserv/Makefile.am, tests/docker-ocserv/combo.pem,
	tests/docker-ocserv/haproxy.cfg,
	tests/docker-ocserv/ocserv-unix.conf, tests/full-test,
	tests/unix-test: added test for unix socket operation

2014-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Allow disabling the TCP port completely

2014-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/ocserv-args.def: doc update

2014-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: do not allow the combination of
	AUTH_TYPE_CERTIFICATE and unix-conn-file

2014-09-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: allow the group owner of the connection socket to
	access it

2014-09-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/main.c, src/main.h,
	src/ocserv-args.def, src/tlslib.c, src/tlslib.h, src/vpn.h,
	src/worker-auth.c, src/worker-extras.c, src/worker-vpn.c,
	src/worker.h: Allow the CSTP layer to operate without TLS That also introduces a unix domain socket under which connections to
	the server can occur.

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: corrected tun device closing order for BSD systems

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h, src/main-ctl-unix.c, src/main-misc.c, src/main.c: 
	use force_close() on server to avoid descriptor leaks

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.h, src/tun.c: ensure that in all cases
	the tun fd is closed

2014-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: when a UDP packet error occurs print the IP of the
	packet

2014-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: fail when a tun device has no name

2014-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: updated comment

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c: reduced the severity of debug messages

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c: added more debugging messages in pam module

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c: pam messages made more specific

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-auth.c, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c, src/worker-vpn.c: send the IPv6 netmask in a
	compatible with cisco servers way

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: In IPv6 send the prefix instead of the netmask That allows vpnc-script in windows to apply the correct settings.

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: TODO: updated

2014-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: modified rx test to an occtl test

2014-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl-unix.c,
	src/worker-vpn.c: Revert "print the per-user RX and TX bytes from
	occtl" This reverts commit ecd6e316a9f447a6766af6174d632e43a557e237.

2014-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/docker-ocserv/Dockerfile,
	tests/docker-ocserv/ocserv.conf, tests/full-test: updated full-test

2014-09-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/full-test: added test for RX data

2014-09-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl-unix.c,
	src/worker-vpn.c: print the per-user RX and TX bytes from occtl

2014-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod-auth: don't print misleading message
	on session control

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test: full_test: requires building on debian due to
	gnutls symbol differences

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-pass-group-cert: tests: added check for the DEFAULT
	group in test-pass-group-cert

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: when the default group is selected, don't treat
	it as no selection

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: made the comparison for XML fiels case
	insensitive Suggested by sskaje, based on an issue with the Anyconnect iOS
	client.

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/fcntl.in.h, gl/getdtablesize.c, gl/getpass.c,
	gl/m4/dup2.m4, gl/m4/extern-inline.m4, gl/m4/fcntl.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/strcase.m4, gl/m4/strcasestr.m4,
	gl/m4/strings_h.m4, gl/stdint.in.h, gl/strcasecmp.c,
	gl/strcasestr.c, gl/strings.in.h, gl/strncasecmp.c,
	gl/sys_types.in.h, gl/time.in.h, gl/unistd.in.h: gnulib: added
	strcasestr

2014-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile, tests/full-test: full-test: do not
	require --without-protobuf

2014-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: avoid calling gnutls_record_get_discarded() when
	a DTLS session isn't available

2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test: full-test: require the --without-protobuf option

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/protobuf/protobuf-c/protobuf-c.c,
	src/protobuf/protobuf-c/protobuf-c.h: updated to protobuf 1.0.1

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/autoopts.h: check for stdnoreturn.h presence

2014-08-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/protobuf/{google =>
	}/protobuf-c/protobuf-c.c, src/protobuf/{google =>
	}/protobuf-c/protobuf-c.h: corrected included protobuf's path, to
	align with protobuf 1.0.0

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: corrected typo

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/docker-ocserv/Makefile.am: 
	include the docker test into distribution

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.3

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: added work-around for infinite loop if the UDP
	descriptor becomes invalid

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-user.c, src/main.c, src/main.h: after fork restore the
	default signal mask

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c: worker: when the UDP socket is updated, update
	the DTLS session

2014-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/system.c: updated bsd's getpeereid() check to match the Linux
	behavior

2014-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker: call sigprocmask() prior to entering
	main loop

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/protobuf/google/protobuf-c/protobuf-c.c,
	src/protobuf/google/protobuf-c/protobuf-c.h: protobuf-c: upgraded to
	1.0.0

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: only consider DTLS pending data if the UDP port
	is in active state That may address a possibility for an infinite loop.

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO, src/ipc.proto, src/main-auth.c, src/ocserv-args.def,
	src/sup-config/file.c, src/vpn.h, src/worker-auth.c: user-profile is
	now allowed in per-user configuration

2014-07-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README: removed text on seccomp

2014-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/COPYING.gplv3, libopts/COPYING.lgplv3, libopts/README,
	libopts/ag-char-map.h, libopts/alias.c, libopts/ao-strs.c,
	libopts/ao-strs.h, libopts/autoopts.c, libopts/autoopts.h,
	libopts/autoopts/options.h, libopts/autoopts/project.h,
	libopts/autoopts/usage-txt.h, libopts/boolean.c, libopts/check.c,
	libopts/compat/compat.h, libopts/compat/windows-config.h,
	libopts/configfile.c, libopts/cook.c, libopts/enum.c,
	libopts/env.c, libopts/file.c, libopts/find.c, libopts/genshell.c,
	libopts/genshell.h, libopts/gettext.h, libopts/init.c,
	libopts/load.c, libopts/m4/libopts.m4, libopts/m4/liboptschk.m4,
	libopts/makeshell.c, libopts/nested.c, libopts/numeric.c,
	libopts/option-value-type.c, libopts/option-value-type.h,
	libopts/option-xat-attribute.c, libopts/option-xat-attribute.h,
	libopts/parse-duration.c, libopts/parse-duration.h,
	libopts/pgusage.c, libopts/proto.h, libopts/putshell.c,
	libopts/reset.c, libopts/restore.c, libopts/save.c, libopts/sort.c,
	libopts/stack.c, libopts/streqvcmp.c, libopts/text_mmap.c,
	libopts/time.c, libopts/tokenize.c, libopts/usage.c,
	libopts/version.c: updated libopts to 5.18.3

2014-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: /profiles request allows partial match

2014-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: better error messages when certificate username
	limit is reached

2014-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2014-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/sup-config/file.c: made macro usage safer That solves an issue where the pid_file would be overwritten on a
	configuration file reload.

2014-07-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: updated todo list

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc: do not explicitly set serial number in
	generated certificate That would allow certtool to use a random one.

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c: pam: deinitialize co-routine when session is open
	to save memory

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c: pam: reduced default stack size

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.1

2014-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/str.c: initialize str to null

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: fix typo

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: ocserv: corrected debug message

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: ocserv: print the correct message when only
	selecting a group.

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/str.c, src/str.h,
	src/vasprintf.c, src/vasprintf.h, src/worker-auth.c: introduced
	str_append_printf()

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/common.sh: tests: Increased the server start wait time

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-pass-group-cert-no-pass,
	tests/test-user-group-cert-no-pass.config: tests: Added check for
	certificate-only client with groups

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/worker-auth.c: ocserv: prompt the user for
	group selection even if only certificate authentication is used.

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: document how to convert key to pkcs12 file

2014-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: search for group_list in addition to
	group%5flist That allows to read the group from AnyConnect clients.

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker-misc.c: Set the applicable DNS and
	NBNS servers in complete_vpn_info().

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c, src/vpn.h: Eliminated the MAX_ROUTES requirement.

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker.h: Forward the appropriate DNS and
	NBNS values when using a per-user/group config.

2014-06-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/ocpasswd-test: tests: Added check for the
	basic commands of ocpasswd.

2014-06-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def: Use a more terse, but with more
	dynamic information version string.

2014-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocpasswd.c: Avoid using snprintf() and simply use strcpy().

2014-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Ignore the return code of snprintf(); it is
	useless.

2014-06-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/worker-auth.c, src/worker.h: When renegotiating,
	verify that any certificate received from the client contains the
	same username.

2014-06-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config: doc update

2014-06-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-vpn.c: Seccomp is now compiled in by default, and can be
	enabled at run-time.

2014-06-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-12  Hexchain Tong <i@hexchain.org>

	* src/html.c: Fix array subscription in unescape_url Passwords with url escaped characters were parsed incorrectly. The
	variable used for iterating over `url` should be `i`, not `pos`.
	This patch fixes the problem.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-db.c: removed debugging message

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod.c: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/sec-mod.c: Reload the configuration of the
	security module as well, on main process reload.

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* : Added sequence diagram describing the session control operation.

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/common.c, src/config.c, src/ipc.proto,
	src/main-auth.c, src/main-ctl-unix.c, src/main-misc.c, src/main.c,
	src/main.h, src/ocserv-args.def, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/sec-mod-ban.c, src/sec-mod-db.c,
	src/sec-mod.c, src/sec-mod.h, src/system.c, src/system.h, src/vpn.h: 
	Added support for session control (relevant for PAM for now) That in effect will utilize the pam_open_session() and
	pam_close_session().  It is disabled by default as it requires more
	resources from the security module.

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-auth.c, src/main.h, src/ocserv-args.def,
	src/sec-mod-auth.c, src/vpn.h: Include the SID into the cookie and
	store it in proc_st.

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/vpn.h, src/worker-auth.c, src/worker-vpn.c, src/worker.h: 
	Added work-around for openconnect v3.20 That version of openconnect requires some strict format on the XML
	messages. Thus we send it, what it expects.

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto: removed unused protobuf variable

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-pass, tests/test-pass-script, tests/test1.passwd: 
	tests: check for special characters into username in addition to
	password

2014-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Send the server version string to client.

2014-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: TODO: removed completed item

2014-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: removed dbus from the dependencies

2014-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.def, src/ocpasswd.c: ocpasswd: added parameter
	to delete a user.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac: bumped version

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-args.def: doc update

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: No longer install d-bus or systemd files.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-02  Brian Chu <cynix@cynix.org>

	* src/tun.c: Fix tun IPv6 on platforms that use SIOCAIFADDR_IN6.  Also remove a redundant call to SIOCDIFADDR. A freshly cloned tun
	interface should not have existing aliases.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: removed double header inclusion

2014-06-02  Brian Chu <cynix@cynix.org>

	* src/tun.c: Fix insufficient arguments in an error message.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: Avoid warning due to unused variables.

2014-06-02  Brian Chu <cynix@cynix.org>

	* src/main-misc.c, src/main.h, src/tun.c: Fix tun device usage on
	*BSD.  SIOCSIFADDR is deprecated on *BSD. Instead, use SIOCAIFADDR to add
	an alias. Also destroy the tun device with SIOCIFDESTROY when the
	client disconnects.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: doc update

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: SID is no longer being randomized in main.  This was unecessary as it is now being set (and generated) by
	sec-mod.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker-misc.c, src/worker-vpn.c: reduced
	the severity on several worker log messages.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/plain.c: corrected string comparison

2014-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h, src/worker-misc.c, src/worker-vpn.c: Do a more graceful
	termination of the client if main server closes the CMD fd.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-unix.c, src/occtl-unix.c, src/sec-mod.c: Always use
	the native endianness.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: autogenerate args files if version.inc is update.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed no longer applicable message

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.0

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/kill-parent.sh, tests/test-iroute,
	tests/test-pass-script: use a more portable way to kill the
	openconnect process.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: full-test: be more resilient to docker errors.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: corrected compilation with local protobuf

2014-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: doc update

2014-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Listed previous releases.

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c: main: correct hashing of cookie

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: more debug messages

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/main.h: main: removed the inactive ban_list.

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: main: deactivate the cookie when releasing proc.

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: worker: only check for friendly names, if there
	are any

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: increased the maintainance time to 15 mins

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h: inline revive_cookie()

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c: No need for safe_memset() of the cookie hash.

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/main.h: Limit the number of TLS resumption
	requests to one.

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/main-auth.c, src/main.h: Store a hash of the
	client's cookie instead of the cookie itself.  That ensures that the cookies cannot be leaked from the server.  On
	a hash collision, the IP of the other cookie in use will be
	hijacked.

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: zeroize cookies and TLS session data after read.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/ocserv-args.def: doc update

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-resume.c, src/tlslib.h, src/worker-vpn.c: TLS sessions
	expire the at cookie timeout.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/system.c: better printing of module name.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl-unix.c: Report the
	number of active cookies and TLS resumed sessions to occtl

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/cookies.c, src/cookies.h, src/main-auth.c,
	src/main-misc.c, src/main.c, src/main.h, src/ocserv-args.def,
	src/sec-mod-auth.c, src/vpn.h, src/worker-auth.c: Keep track of
	cookies internally.  That allows to restrict the cookie validity time to the absolutely
	minimum required to establish and reconnect a recently disconnected
	session.  That deprecates the cookie-validity option and introduces
	the cookie-timeout option.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-resume.c: corrected safe_memset() of expired sessions.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.h: Allow memset of zero

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-resume.c, src/main.c, src/main.h, src/tlslib.c,
	src/tlslib.h, src/vpn.h: Simplified the TLS hash table
	initialization.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-resume.c: Overwrite TLS session data prior to release.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: use macros for reason messages

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: require the certificate being present on the
	sec-mod session initialization.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Better HTTP error messages.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-05-26  Joerg Mayer <jmayer@loplof.de>

	* src/Makefile.am: ocserv: Fix out of tree builds Signed-off-by: Joerg Mayer <jmayer@loplof.de>

2014-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test3.config: enable cisco-client-compat in cert test

2014-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: do not deny roaming by default

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Return 401 error on cookie authentication
	failure.

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/main-auth.c,
	src/main-misc.c, src/ocserv-args.def, src/sup-config/file.c,
	src/vpn.h: Added the configuration option deny-roaming.  That required moving the read of the group configuration during the
	cookie authentication phase.

2014-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.0pre0

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/auth/pam.c, src/config.c,
	src/ocserv-args.def, src/sec-mod-auth.c, src/vpn.h: Added auto group
	listing on PAM authentication as well.  In addition a configuration option to print group IDs over a certain
	number was added.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/plain.c: ensure that the group table isn't overflowed.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* COPYING, configure.ac, src/auth/pam.c, src/auth/plain.c,
	src/common.c, src/config.c, src/cookies.c, src/html.c,
	src/icmp-ping.c, src/ip-lease.c, src/log.c, src/main-auth.c,
	src/main-ctl-dbus.c, src/main-ctl-unix.c, src/main-misc.c,
	src/main-resume.c, src/main-sup-config.c, src/main-user.c,
	src/main.c, src/occtl-args.def, src/occtl-cache.c,
	src/occtl-dbus.c, src/occtl-nl.c, src/occtl-pager.c,
	src/occtl-unix.c, src/occtl.c, src/ocpasswd-args.def,
	src/ocpasswd.c, src/ocserv-args.def, src/route-add.c,
	src/sec-mod-auth.c, src/sec-mod-ban.c, src/sec-mod-db.c,
	src/sec-mod.c, src/setproctitle.c, src/sup-config/file.c,
	src/system.c, src/tlslib.c, src/tun.c, src/worker-auth.c,
	src/worker-bandwidth.c, src/worker-extras.c, src/worker-misc.c,
	src/worker-privs.c, src/worker-resume.c, src/worker-vpn.c: license
	upgraded to GPLv3

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-pam: test-pam: better messages

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: remove const from temp variables.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/auth/plain.c, src/sec-mod-auth.c: Better auth
	log messages.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/route-add.c: re-use the string replace API for route add/del
	replacements.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/main.h, src/ocserv-args.def,
	src/route-add.c, src/str.c: re-use the string replace API for route
	add/del replacements.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def, src/worker-vpn.c: The
	replaced keywords were put into brackets.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: check for allocation error in custom header
	replacement.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config: doc update

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def, src/worker-vpn.c: The custom header options
	allows %U and %G.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ipc.proto, src/main-auth.c,
	src/ocserv-args.def, src/str.c, src/str.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c: Added the proxy-url option to
	allow sending a proxy URL.  This corresponds to the X-CSTP-MSIE-Proxy-Pac-URL CSTP header.

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: limit the cookie validity
	time to 3 hours in the configuration examples.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-auth.c, src/sec-mod-auth.c: Restrict
	cookies to a single IP address.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/ipc.proto, src/main-auth.c,
	src/main.h, src/sec-mod-auth.c, src/sec-mod.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: Cookies are packed using protocol
	buffers to reduce their size.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Do not call close() twice. Issue spotted by
	coverity.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Correctly check for network name. Issue spotted
	using coverity.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Corrected check for group list sending to
	client.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Allow an empty friendly_group_list (in
	auto-select-group).

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: Make pid-file an array to avoid issues with memory
	allocation.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: corrected filename

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: When a client has already selected a group,
	re-order our group selection form.  This is required by some Anyconnect clients and the openconnect
	android app.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-auth.c: Allow aliases to group names.

2014-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/worker.h: more precise usage of MAX_*_SIZE
	definitions.

2014-05-20  Kevin Cernekee <cernekee@gmail.com>

	* src/sec-mod.h: Add missing GnuTLS header file sec-mod.h now uses gnutls_privkey_t, so include <gnutls/abstract.h>
	to fix this error:       CC       main-misc.o     In file included from main-misc.c:43:0:     ./sec-mod.h:31:2: error: unknown type name
	      ‘gnutls_privkey_t’ gnutls_privkey_t *key;       ^

2014-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: mention the occtl tool instead of who -u

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: Corrected certificate generation
	instructions.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: fixed unescape code.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-group-cert,
	tests/test-group-cert.config, tests/test-group-pass,
	tests/test-group-pass.config, tests/test-pass-group-cert,
	tests/test-user-group-cert.config, tests/user-group-cert.pem,
	tests/user-group-key.pem: Added test for group selection when having
	a certificate.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-group-pass,
	tests/test-group-pass.config, tests/test-group.passwd,
	tests/test-pam, tests/test-pam.config, tests/test1.passwd: Added
	tests for group authentication using passwords and PAM.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/auth/plain.c, src/ipc.proto,
	src/sec-mod-auth.c, src/worker-auth.c, src/worker.h: Allow multiple
	groups to be present in a client certificate.  In that case the user will be prompted to select a group.

2014-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-auth.c: Added the default-select-group directive.

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Corrected filename in Makefile.

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, doc/sample.passwd, src/auth/pam.c,
	src/auth/plain.c, src/config.c, src/ipc.proto, src/main.c,
	src/main.h, src/ocserv-args.def, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/vpn.h, src/worker-auth.c, src/worker.h: 
	Added the select-group and auto-select-group config options.  These options allow to prompt the user for a group prior to login.
	That in addition enhances the password file format and multiple
	groups can be specified on a comma separated list, as:
	user:group1,group2,group3:$5$encodedpassword

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/config.c, src/ocserv-args.def, src/worker-auth.c,
	src/worker-misc.c, src/worker-vpn.c, src/worker.h: The route
	configuration directive accepts the keyword 'default' In that case it will return a default route irrespective of any
	other route directives. That allows overriding existing routes with
	a default route for specific users and groups.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: sample.config: comment out the
	occtl-socket-file.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/cookies.h, src/main-misc.c, src/main.c,
	src/main.h, src/sec-mod-auth.c, src/sec-mod.c, src/sec-mod.h: memory
	reorganization in sec-mod.  It no longer relies on main pool, it uses it's own pool.  In
	addition the DEBUG_LEAKS definition was added to allow debugging
	leaks.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: define HAVE_LIBTALLOC when libtalloc is being used.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main-misc.c, src/main.c, src/main.h,
	src/sec-mod-ban.c, src/sec-mod-db.c, src/sec-mod.c, src/sec-mod.h,
	src/worker-vpn.c, src/worker.h: Clean-up all memory on
	deinitialization of sec-mod and worker.  That will allow to easier spot any unintentional memory leaks.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: corrected issue in talloc detection.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/worker-privs.c: Add the clock_gettime()
	syscall on the list of allowed in seccomp.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/kill-parent.sh, tests/test-iroute,
	tests/test-pass-script: Force full connection after cookie when a
	script is involved.  That is because in the new design of ocserv, the cookie is being
	provided prior to any script being run or evaluated.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/auth/pam.h, src/auth/plain.h,
	src/main-auth.c, src/main.c, src/sec-mod-auth.c, src/{main-auth.h
	=> sec-mod-auth.h}: Renamed main-auth.h.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/main-misc.c, src/main-sup-config.c,
	src/main-sup-config.h, src/main.c, src/main.h, src/{group-config.c
	=> sup-config/file.c}, src/sup-config/file.h: Supplementary
	group/user configuration is now modular.  That will ease the addition of other backends that can be used to
	read the user/group configuration. The only backend supported now is
	file.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/group-config.c: use safe_memset() when overwritting the group
	configuration

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: cleanup the inclusion of protobuf sources.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: Added sanity checks in state transitions.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* : Updated authentication state and design figures.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/{ => auth}/pam.c, src/{ => auth}/pam.h,
	src/{ => auth}/plain.c, src/{ => auth}/plain.h, src/main-auth.c,
	src/main-misc.c, src/main.c, src/sec-mod-auth.c: Authentication
	modules were moved to subdirectory auth/

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/main-misc.c,
	src/ocserv-args.def, src/vpn.h: Added default-user-config and
	default-group-config configuration options.  These allow setting a configuration file that will be loaded if a
	user-specific or group-specific configuration file isn't found.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/sec-mod-auth.c, src/vpn.h: 
	Allow for random and for predictable IP assignment.

2014-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO, src/Makefile.am, src/common.c, src/cookies.c,
	src/cookies.h, src/ip-lease.c, src/ipc.proto, src/main-auth.c,
	src/main-ctl-dbus.c, src/main-ctl-unix.c, src/main-misc.c,
	src/main.c, src/main.h, src/sec-mod-auth.c, src/sec-mod-ban.c,
	src/sec-mod-db.c, src/sec-mod.c, src/sec-mod.h, src/system.c,
	src/tlslib.c, src/vpn.h, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: Password authentication is now delegated to sec-mod.  That prevents any memory from the authentication modules to be
	leaked to a worker process. As a result, the status zombie and dead
	no longer exists.

2014-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: include malloc.h when needed.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/main.c, src/main.h: Corrected the removal of
	socket files in chrooted environment.  In addition remove the occtl_socket_file.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/main.h: eliminate the need for a worker_pool
	variable in main_server_st.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/group-config.c, src/ipc.proto, src/main-auth.c,
	src/ocserv-args.def, src/vpn.h, src/worker-auth.c: Added no-udp
	group configuration option.  That options allows disabling UDP for specific users or groups.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pam.c: corrected PAM module and its usage of malloc.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/sec-mod.c, src/system.c: Allow the main process to
	connect to sec-module.  That allows gnutls' to verify the key validity during
	initialization.

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated sample.config

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-unix.c, src/occtl.c: occtl: propagate error codes on
	error conditions.

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ctl.h, src/main-ctl-unix.c, src/occtl-args.def,
	src/occtl-dbus.c, src/occtl-unix.c, src/occtl.c, src/occtl.h,
	src/ocserv-args.def, src/vpn.h: Allow modifying the default occtl
	socket file.

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: use safe_memset() when overwriting the TLS cache
	entries.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-dbus.c, src/occtl-unix.c, src/occtl.h: use common
	definition for date-time format.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/main-ctl-unix.c, src/main.c, src/main.h,
	src/occtl-unix.c: status cmd will report the server uptime

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Added missing files.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use safe_memset() where needed.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h, src/plain.c: Use a static buffer to read the
	password file entries from.  That allows easier overwrite of the parameters read.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: do not separately allocate buffer,
	but place it instead into worker structure.

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: corrected function prototype.

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/main.c: use malloc_trim() to return memory to OS
	after fork().

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/occtl-cache.c, src/occtl-unix.c,
	src/occtl.c, src/occtl.h: Fixes in talloc usage in occtl in
	combination with readline.

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: better interplay between use-dbus and use-occtl.

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: When deinitializing the IP-leases table disable
	the lease destructor.

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile, tests/full-test: updated docker
	test.

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/common.c, src/common.h,
	src/config.c, src/group-config.c, src/html.c, src/html.h,
	src/ip-lease.c, src/ip-lease.h, src/main-auth.c, src/main-auth.h,
	src/main-ctl-dbus.c, src/main-ctl-unix.c, src/main-misc.c,
	src/main-resume.c, src/main.c, src/main.h, src/occtl-cache.c,
	src/occtl-dbus.c, src/occtl-unix.c, src/occtl.c, src/occtl.h,
	src/pam.c, src/plain.c, src/script-list.h, src/str.c, src/str.h,
	src/tlslib.c, src/tlslib.h, src/worker-auth.c, src/worker-resume.c,
	src/worker-vpn.c, src/worker.h: Use talloc() for all allocations to
	reduce the possibility of memory leaks.

2014-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2014-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/config.c, src/main-ctl-unix.c, src/ocserv-args.def,
	src/vpn.h: Support for the unix socket is now configurable.

2014-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Added configure option --without-pam

2014-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, configure.ac, src/Makefile.am, src/common.c,
	src/config.c, src/ctl.h, src/ctl.proto, src/{main-ctl-handler.c =>
	main-ctl-dbus.c}, src/main-ctl-unix.c, src/main-ctl.h, src/main.c,
	src/main.h, src/occtl-dbus.c, src/occtl-unix.c, src/occtl.c,
	src/occtl.h, src/sec-mod.c, src/system.c, src/system.h: Added
	support for unix sockets for the occtl communication.  D-BUS support is left, but is not enabled by default.

2014-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/ccan/compiler/compiler.h,
	src/ccan/talloc/talloc.c, src/ccan/talloc/talloc.h,
	src/ccan/typesafe_cb/typesafe_cb.h: Added talloc.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.h, src/worker-vpn.c: Use exit_worker() or gnutls fatal
	errors instead of plain exit().  That solves issue with stats not being reported to the main process.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/scripts/ocserv-script, src/main-user.c,
	src/ocserv-args.def: Added the STATS_DURATION script environment
	variable.  This variable reports the duration of the session in seconds.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: sample config update

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: name the cli stats packet.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Resumed sessions are assigned the correct
	auth_state.

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.3.4

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: initialize values to avoid compiler warnings.

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/worker-misc.c: check for posix_memalign
	presence.

2014-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2014-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/scripts/ocserv-script: updated example script to account for
	STATS_BYTES variables.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile, tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/myscript, tests/docker-ocserv/ocserv.conf,
	tests/full-test: Test whether the statistics are exported to
	disconnect script.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO, src/ipc.proto, src/main-misc.c, src/main-user.c,
	src/main.h, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c,
	src/worker.h: Export TUN device statistics from the worker process.  When a worker process terminates in authenticated state, then export
	statistics from the tun device (currently bytes_in and bytes_out).
	These statistics are sent to main process using an informational
	message just prior to process exit. The statistics are also exported
	to the disconnect script using the STATS_BYTES_IN and
	STATS_BYTES_OUT environment variables.

2014-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-misc.c: Active session timeout was reduced to 30 secs.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-misc.c: corrected sigstack permissions.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: Avoid running test if our conditions are not met.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/system.c, src/worker-misc.c, src/worker-vpn.c,
	src/worker.h: Setup an alternative stack for signals on heap.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: Allow the worker signal handlers to operate
	under seccomp.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: Added sigprocmask to the list of seccomp
	allowed calls.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main.c, src/worker-misc.c: When receiving
	unexpected UDP packets, check if they match a known IP and forward
	them.  This will not work for many clients that come from a single IP but
	will work-around issues, when clients are behind a NAT that keeps
	their UDP port state for shorter time than DPD.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: changed the default DPD
	time to 90 seconds, to prevent UDP port from changing in several
	NATs.

2014-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: When a DTLS hello message is received, print the
	source address.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-cache.c, src/occtl-nl.c, src/occtl-pager.c,
	src/occtl.c, src/ocpasswd.c, src/pam.c, src/plain.c,
	src/route-add.c, src/sec-mod.c, src/setproctitle.c, src/str.c,
	src/system.c, src/tlslib.c, src/tun.c, src/worker-auth.c,
	src/worker-bandwidth.c, src/worker-extras.c, src/worker-misc.c,
	src/worker-privs.c, src/worker-resume.c, src/worker-vpn.c: corrected
	program name in license

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: Added note on enable-local-libopts for full-test

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: Modified full test for debian.

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, tests/Makefile.am, tests/docker-ocserv/Dockerfile,
	tests/docker-ocserv/Makefile.am, tests/docker-ocserv/cert.pem,
	tests/docker-ocserv/key.pem, tests/docker-ocserv/ocserv.conf,
	tests/docker-ocserv/passwd, tests/full-test: Added a full test
	between openconnect and ocserv based on docker.  That allows testing the establishment of a connection plus the
	transferring of packets.

2014-04-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, src/main-misc.c, src/main.h: Revert "Delay the
	cleanup of resources of a worker if a disconnect script is set." This reverts commit 7e0ee385c202807f7fb798564063c7c9a5fcfbb4.

2014-04-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-04-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/tlslib.c, src/tlslib.h: renamed function names for
	clarity.

2014-04-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/connect-script: do not require the device to be present in
	the connect script.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/worker-vpn.c: Do not use renegotiation in old
	clients.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: Revert "When a disconnect script is set, the main
	process will close the tun device on client exit." This reverts commit e50051b435ca54e6d7eac558e37b814d17fcb97e.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/ocpasswd.c, src/sec-mod.c, src/tlslib.c,
	src/worker-vpn.c: Corrected several coverity uncovered bugs.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c: use list_for_each_safe() when
	disconnecting a user.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: check the return value of socket()

2014-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/group-config.c, src/main-misc.c: Simplified group
	configuration file loading.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Correctly close tun lease descriptors prior to running
	worker.  That is, properly initialize them to -1, to avoid deinitializing an
	unrelated descriptor.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: corrected ipv6 netmask assignment.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Revert "close tun lease descriptors prior to running
	worker" This reverts commit 9496819a33d256d5bcf1588cbd1081a016a0ff15.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: correctly print message for no-ip.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: Avoid assigning broadcast address as either lip or
	rip.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/main-misc.c, src/occtl.c: send ID as
	signed integer over dbus.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: close tun lease descriptors prior to running worker

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c, src/main-misc.c, src/main.h: Delay the cleanup of
	resources of a worker if a disconnect script is set.  In that case use the intermediate state PS_AUTH_DEAD to delay the
	release of resources for few seconds. That would allow the
	disconnect script to gather any required statistics from the device,
	IPs etc.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/connect-script, tests/test-pass-script,
	tests/test-pass-script.config: Test whether the connect and
	disconnect scripts have been called.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/main-auth.c, src/main-misc.c, src/main.h,
	src/ocserv-args.def: The tun device will be closed only after the
	disconnect script has been called.  This allows gathering statistics from it. In addition, changed
	behavior of script calling, and now will always contain the IP
	information.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: When a disconnect script is set, the main process
	will close the tun device on client exit.  That allows the disconnect script to gather statistics from the
	client session.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: document new behavior in calling disconnect
	script.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main-user.c, src/ocserv-args.def: Execute
	disconnect script for user that their IP was hijacked by a cookie
	reconnection This will prevent having the script be called to initiate
	connections that are never disconnected. This patch also introduces
	IPV6_LOCAL and IPV6_REMOTE script environment variables that allow
	passing both addresses in case both IPv4 and IPv6 are assigned.

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: released 0.3.3

2014-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h: renamed function for consistency

2014-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: Revert "Try to read
	more than a single packet from the TUN device." This reverts commit 019126abfd5603971cc208b404ef8b2ee1980ccd.

2014-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/worker-vpn.c: Revert "corrected DTLS data
	sending." This reverts commit 374f8d52a90708f8bfe58f11d1313c8af843c794.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/worker-vpn.c: corrected DTLS data sending.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Revert "check sockets for writability and use
	that information to discard packets rather than block." This reverts commit 449302afe2960dcf0f2edd717863c8be00f89b12.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: Try to read more
	than a single packet from the TUN device.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: check sockets for writability and use that
	information to discard packets rather than block.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: refactored worker main loop

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: corrected name of crl template

2014-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: updated comments

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-cert: better message

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/common.sh, tests/test-cert, tests/test3.config: Added test
	for CRL file support.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/ocserv-args.def, src/tlslib.c, src/tlslib.h: 
	Updates in CRL handling.  Ensure reload on SIGHUP, and do print an appropriate error when an
	empty CRL file is encountered.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/setproctitle.c: avoid a totally empty function body.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c: small code improvements

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c: properly copy the username from a certificate

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/common.sh, tests/test-cert, tests/test-iroute,
	tests/test-multi-cookie, tests/test-pam, tests/test-pass,
	tests/test-pass-cert, tests/test-pass-script: simplified and
	corrected test execution

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-pass-cert, tests/{test2.config =>
	test-user-cert.config}, tests/user-cert-wrong.pem: Added check for
	connection with incorrect certificate

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* LICENSE: explicitly specify GPLv2+ (or later) in LICENSE.

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/route-add.c: Added sys/wait.h for WEXITSTATUS

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/route-add.c: Added limits.h for
	POSIX_PATH_MAX

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c, src/main-misc.c, src/worker-misc.c: Added sys/uio.h

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: Added LIBGNUTLS_CFLAGS to ocserv's CFLAGS

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: more verbose log message

2014-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: notify the peer when disabling the DTLS channel
	with a close alert.

2014-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: more cleanups in MTU calculation

2014-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: removed cast as it is not available on every readline
	version.

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: Use the Base-MTU for MTU
	calculations.

2014-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/route-add.c, src/str.c, src/str.h: removed unused functions

2014-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/setproctitle.c: doc update

2014-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* : Added diagram with authentication state machine.

2014-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: Do not set the
	output-buffer in the default configuration.

2014-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pam.c: updated comment

2014-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: The IP don't fragment bit is only set if
	try-mtu-discovery is true.

2014-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: better naming of variables.

2014-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: dropped support for Salsa20 and UMAC.  They are not supported by openconnect and the latest IETF drafts use
	Chacha20 with poly1305.

2014-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-vpn.c, src/worker.h: No longer send IPv6
	information to CISCO clients that may not be able to handle it.  Now IPv6 information is only forwarded if the client is openconnect,
	or if the client is unknown and has advertised full IPv6 support.

2014-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/ocserv-args.def: doc update

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: when printing link-local addresses do not include the
	zone info.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: fixed formatting of news

2014-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/http-parser/http_parser.c, src/http-parser/http_parser.h: 
	Updated the included http-parser

2014-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: Print a compact version of the DTLS ciphersuite.

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: Allow TUN_MTU command only in authenticated state

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: simplified handle_auth_res()

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.h, src/worker-vpn.c: Do not block in TLS and DTLS reads This prevents an issue where a client disconnects but the server is
	blocked on a DTLS read without being able to detect the
	disconnection.

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: check return value of tls_send()

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c, src/occtl.c: move bytes2human in occtl.c to allow
	compilation without libnl

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/occtl-nl.c, src/occtl.c, src/occtl.h: 
	provide the bandwidth limit through d-bus

2014-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2014-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/group-config.c, src/main-ctl-handler.c, src/occtl.c: 
	occtl will print the user's dns, nbns, routes, and iroutes.

2014-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: Warn when setting a default route the wrong way.

2014-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2014-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2014-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* INSTALL, configure.ac: Added options to explicitly disable
	checking for certain libraries

2014-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use remove_proc() instead of user_disconnected() when
	killing children.

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated sample

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Added the rekey-method config option.

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use RND_RANDOM for the generation of SID

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/vpn.h: when mobile-dpd and mobile-idle-timeout
	are not set, they get values from their non-mobile counterpart.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Added the mobile-idle-timeout config option.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pam.c: better messages from pam authentication module

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/plain.c: only print an authentication failure message if the
	maximum tries have been reached

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: send disconnect packet instead of server
	terminate when disconnecting a user.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c,
	src/worker.h: Implemented Idle timeout.  When set, a client that does not have any non-control traffic for
	that period is getting disconnected.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/vpn.h: modified priorities

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: added debug message in remove_proc

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h: Do not allow DPD to
	be disabled.  Doing so would prevent the server from dropping inactive
	connections. If the dpd values are not configured, set some
	reasonable defaults.

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config: doc update

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c,
	src/worker.h: Added the mobile-dpd configuration option.  This option allows setting a different DPD value for mobile clients
	to allow them going to sleep for longer time.

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/log.c, src/main.c, src/ocserv-args.def,
	src/tlslib.c, src/vpn.h, src/worker-vpn.c: Simplified debugging by
	allowing multiple levels.  'ocserv -d' now accepts a numeric option from 0 (no debugging) to 9
	(maximum verbosity).

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: better log names.

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, TODO: doc update

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: Added profile.xml to the distributed files

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-args.def: Added 'See Also' section in occtl.8

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: better wording

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-auth.c, src/main-ctl-handler.c,
	src/main-misc.c, src/main.c, src/main.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: simplified handling of CISCO
	reconnecting clients.  Instead of having a client use the initial SID over and over, re-set
	the SID cookie, during authentication when needed. That way we avoid
	having expensive checks to ensure uniqueness of SID.

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c: eliminated double [m]

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c: Indicate the main process in message logging, to
	distinguish from worker messages.

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c, src/plain.c: Better messages in password asking.

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: Allow a number of retries in plain password
	authentication.

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: set output buffer based on DTLS MTU, and ensure
	a minimum value

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: distribute test-stress

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.3.1

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: check for auth context presence when locating a
	previous session

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: removed the periodic printing of TCP MSS

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: corrected typo

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: added example of IPv6 route

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/group-config.c: print errors when an invalid
	IPv6 prefix is found.

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/group-config.c, src/ipc.proto, src/main-auth.c,
	src/main-misc.c, src/vpn.h, src/worker-auth.c, src/worker-misc.c,
	src/worker-vpn.c, src/worker.h: Added support for the "new" type of
	IP6 support in AnyConnect.  If the client sends "X-CSTP-Full-IPv6-Capability: true", then we use
	     the headers: X-CSTP-Address-IP6: 2001:db8:1000:1000::1/64      X-CSTP-Split-Include-IP6: 2001:db8:1000:1001::/64      X-CSTP-Split-Include-IP6: 2001:db8:1000:1002::/64 (see corresponding openconnect change)

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: corrected typo

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/main.c: eliminate small leak

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/common.sh, tests/test-stress, tests/test-stress.config,
	tests/test1.passwd: Added stress test

2014-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: Do not enforce safe negotiation on the main TLS
	channel.  This is only set when in CISCO compatibility mode, as CISCO clients
	come from the past.

2014-02-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/plain.c: simplified type usage

2014-02-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/plain.c: switch to strtok_r() and other small fixes.

2014-02-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: when a user is rejected due to multiple
	connections set an appropriate status.

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: set a reasonable default rekey time

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: sample.conf update

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: removed exclamation mark

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: DTLS rekey time and method was aligned with
	CSTP.

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: Allow rehandshakes on the DTLS
	channel.

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Rekey time is now configurable and can be disabled.

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: removed unused label

2014-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: when the tcp channel is terminated attempt to
	close the DTLS channel as well.

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-02-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: Use brackets in DEL macro

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-privs.c: seccomp will make the forbidden system
	calls to return an error.

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: reduced the number of allowed ioctl() to the
	ones used.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/ocserv-args.def: doc update

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Added the split-dns config option.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Added configuration option to send custom headers to client.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/group-config.c,
	src/ipc.proto, src/main-auth.c, src/main-misc.c,
	src/ocserv-args.def, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c, src/worker-vpn.c, src/worker.h,
	tests/test-iroute.config, tests/test-multi-cookie.config,
	tests/test-pam.config, tests/test-pass-script.config,
	tests/test1.config, tests/test2.config, tests/test3.config: Added
	support for multiple DNS and NBNS servers.  This patch also combines ipv4-dns and ipv6-dns options that are now
	handled as aliases to dns.  A side-effect of this patch is that the local keyword is no longer
	supported.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: Added untested code to set an IPv6 on FreeBSD.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: separated linux-specific code to allow easier
	portability fixes.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c, src/ip-lease.h, src/tun.c: on systems without IPv6
	support remove the IPv6 lease.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: if the loading of default config in the new location
	fails, try the old default file.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: use linux/types.h for __u32

2014-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/common.c, src/config.c, src/ipc.proto,
	src/log.c, src/main-auth.c, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c, src/worker-tun.c, src/worker-vpn.c, src/worker.h: 
	The worker process receives the client's IPs from the main process.  That eliminates the need to read the IP address from the tun device
	(which can be quite tricky to implement in a clean portable way).

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: remove socket and pid files prior to waiting for kill.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c: Get real-time netlink information rather than
	using the cache.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c: updated netlink handling.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.def, src/ocpasswd.c: better error messages

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd.c: When not reading from a tty use getline().

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: use etc/ocserv as config directory

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocpasswd.c: Set a default password file if one
	is not specified in ocpasswd.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: ensure that our MTU discovery will not try an
	MTU smaller than the minimum.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: Take into account peer's MTU
	values after considering the overhead.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: change default ipv6 to link-local

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: set IFF_RUNNING and fail if tun interfaces cannot be
	brought up.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-tun.c: 'guess' DST address in IPv6 links

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-tun.c: Corrected auto-detection of the address.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: simpler handling of IPv6 assignment

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/icmp-ping.c, src/icmp-ping.h: Revert "ping a single host in
	IPv6" This reverts commit b7a4a098a30390f2549be66deda513b6e2c05875.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: Revert "Lease a single IPv6." This reverts commit a3889c9053607bccde126e34bcef381c64e6e412.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/occtl.c: Revert "The D-BUS protocol
	transfers only a single IPv6." This reverts commit 1f08ebc70ad54ceadd565e03704db2d76c7b9278.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c: The D-BUS protocol transfers
	only a single IPv6.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: Lease a single IPv6.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c, src/icmp-ping.h: ping a single host in IPv6

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: Set both IPv4 and IPv6 addresses in Linux.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/vpn.h, src/worker-tun.c: corrected reading of IP addresses.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-tun.c: Use getifaddrs() to obtain the IPs of the tun
	device.  This is a waste of resources but it seems there is no other easy way
	to obtain to IPv6 address of a tun device.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: use ffff instead of FFFF for IPv6 masks

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, src/tun.c: Cleanups in IPv6 handling.

2014-01-29  Thomas Glanzmann <thomas@glanzmann.de>

	* doc/profile.xml: Allow Remote Desktop Users to establish
	AnyConnect connections Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: reduced log level

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: only install DBUS and systemd files if they don't
	exist.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/systemd/{ =>
	socket-activated}/ocserv.service, doc/systemd/{ =>
	socket-activated}/ocserv.socket,
	doc/systemd/standalone/ocserv.service: Added two versions of systemd
	socket files, a standalone and a socket activate.  From the standalone is installed by default.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, doc/Makefile.am,
	doc/dbus/org.infradead.ocserv.service: No need to install the dbus
	service file.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: safer decoding of cookies.

2014-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: print info when a UDP connection is rejected due to
	time.

2014-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: print message when a SID cannot be decoded.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: IP -> Remote IP

2014-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd.c: only ask to verify password in interactive mode

2014-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-iroute.config, tests/test-multi-cookie.config,
	tests/test-pam.config, tests/test-pass-script.config,
	tests/test1.config, tests/test2.config, tests/test3.config: updated
	config files

2014-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed pre0

2014-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: indented file

2014-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/sec-mod.c: Added support for getpeereid

2014-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, README, src/worker-privs.c: updated seccomp rules.

2014-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: Do not rehandshake on the DTLS
	channel.

2014-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: better detect original readline

2014-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: protect the server from multiple
	rehandshakes.

2014-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/worker-vpn.c: when the client requests a
	rehandshake accept there request.

2014-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/occtl.c: When libreadline isn't
	available try editline.

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: better checking for readline

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/{ =>
	protobuf}/google/protobuf-c/protobuf-c.c, src/{ =>
	protobuf}/google/protobuf-c/protobuf-c.h: Changes to avoid the
	embedded protobuf files being included when not needed.

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c, src/occtl.c: code cleanup

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: do not duplicate technical info

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README, configure.ac, src/Makefile.am,
	src/google/protobuf-c/protobuf-c.c,
	src/google/protobuf-c/protobuf-c.h: protocolbuf-c was made an
	optional dependency.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: more reasonable line wrapping

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: better order of options

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/base64.c, gl/base64.h, gl/gettimeofday.c,
	gl/m4/absolute-header.m4, gl/m4/base64.m4, gl/m4/gettimeofday.m4,
	gl/m4/sys_socket_h.m4, gl/m4/sys_time_h.m4, gl/sys_time.in.h: Added
	gnulib's missing files

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: simplified ciphersuite selection
	method and select ciphers based on server's desire.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h, src/vpn.h, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: better definition names.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: increased minimum maintainance time, and decreased log
	level of maintainance message.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath, build-aux/snippet/arg-nonnull.h,
	build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
	gl/Makefile.am, gl/c-ctype.c, gl/c-ctype.h, gl/c-strcase.h,
	gl/c-strcasecmp.c, gl/c-strncasecmp.c, gl/cloexec.c, gl/cloexec.h,
	gl/close.c, gl/dup2.c, gl/errno.in.h, gl/fcntl.c, gl/fcntl.in.h,
	gl/fd-hook.c, gl/fd-hook.h, gl/fseek.c, gl/fseeko.c, gl/fstat.c,
	gl/getdelim.c, gl/getdtablesize.c, gl/getline.c, gl/getpass.c,
	gl/getpass.h, gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/close.m4,
	gl/m4/dup2.m4, gl/m4/errno_h.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl.m4,
	gl/m4/fcntl_h.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fstat.m4,
	gl/m4/getdelim.m4, gl/m4/getdtablesize.m4, gl/m4/getline.m4,
	gl/m4/getpass.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/include_next.m4,
	gl/m4/largefile.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
	gl/m4/lib-prefix.m4, gl/m4/longlong.m4, gl/m4/lseek.m4,
	gl/m4/malloc.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4,
	gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/multiarch.m4, gl/m4/off_t.m4, gl/m4/realloc.m4,
	gl/m4/ssize_t.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
	gl/m4/strdup.m4, gl/m4/string_h.m4, gl/m4/sys_stat_h.m4,
	gl/m4/sys_types_h.m4, gl/m4/time_h.m4, gl/m4/unistd_h.m4,
	gl/m4/warn-on-use.m4, gl/m4/wchar_t.m4, gl/malloc.c, gl/memchr.c,
	gl/memmem.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h,
	gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/realloc.c,
	gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
	gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h, gl/strdup.c,
	gl/string.in.h, gl/sys_stat.in.h, gl/sys_types.in.h, gl/time.in.h,
	gl/unistd.in.h: updated gnulib

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/worker-misc.c: on unknown messages print the
	number of the message when cmd_request_to_str() is used.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c: evened out the level of some
	debug messages.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main-auth.c, src/main-resume.c, src/main.h: 
	mslog_hex() will allow printing values encoded in base64.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: better debug messge

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main.c, src/main.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: Use base64 to encode Cookies. That
	reduces the size of the cookie.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/main-misc.c, src/main.h: Added proc_st
	status PS_AUTH_FAILED to prevent users that failed authentication to
	leave a zombie proc_st.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use pselect() in worker process as well.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: better message when cannot reach server.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c: main-ctl-handler.c when disconnecting IDs and ID==-1 then continue looping until all
	zombies have been cleaned up.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: list users -> show users

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: remove zombie proc_st when its state has been
	'stolen'

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: reduce maintainance time to remove zombie processes
	sooner.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: when taking the state of a proc_st set its status
	to zombie.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c: do not give information on zombie
	processes

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c, src/occtl-time.c, src/occtl.c: info printing
	updates

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: updated copyright date

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: updated authors

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-auth.c, src/main.c, src/main.h,
	src/vpn.h, src/worker-auth.c, src/worker-vpn.c, src/worker.h: 
	instead of using the TLS session ID as session identifier prior to
	authentication use the webvpncontext cookie.

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c: send auth reply failure when
	needed.

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto: Added sketch of authentication protocol between
	main and worker.

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/common.c, src/cookies.c, src/ipc.proto,
	src/main-auth.c, src/main-ctl-handler.c, src/main-misc.c,
	src/main-resume.c, src/main.c, src/main.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c, src/worker.h: enabling
	cisco-client-compat allows 'stealing' of processes.  This change puts a proc_st that its client has terminated to a
	"zombie" state. That state will allow a client that connects later
	using the same TLS session ID to reclaim it. That way clients that
	try to authenticate by sending their credentials in different
	sessions can still authenticate with ocserv. That however puts more
	trust to worker processes (as the main process has no way of telling
	whether a TLS session is certainly resumed).

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-auth.c, src/ocserv-args.def, src/tlslib.c,
	src/vpn.h, src/worker-auth.c: replace always-require-cert with
	cisco-client-compat.

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: added missing dependency

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: documented all dependencies

2014-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure info update

2014-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c: corrected prototype

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c: send empty array instead of nothing when a
	user or ID aren't found.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: print correct error when a user or ID are not found

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/occtl-nl.c, src/occtl.c,
	src/occtl.h: Added function to print network interface statistics.

2014-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: free the output of gnutls_session_get_desc

2014-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c, src/ocserv-args.def: export ID env variable

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h: print file name instead of function name

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main-misc.c, src/main.h,
	src/worker-auth.c, src/worker-resume.c, src/worker.h: print textual
	name of messages exchanged.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-ctl-handler.c, src/main-misc.c,
	src/main.h, src/occtl.c, src/vpn.h, src/worker-vpn.c, src/worker.h: 
	Store User-Agent information and send to occtl.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: unset needs_compact_auth if client changes its
	mind.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: use a common version message.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: use config-auth header in success message

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: removed vpn-client-pkg-version which didn't
	seem to affect anything.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: combined CSCOT URLs

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: Replaced the
	username cookie with a compact auth option.  That option performs authentication of username, password in a
	single go for clients that request Connection: Close.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: use config-auth XML format.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: corrected size calculation for CONFIG_MSG

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker.h: report the file name plus line instead of function
	name.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-auth.c: Indicate properly
	the status of TLS authentication when a client has reconnected.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-auth.c, src/worker-vpn.c: updated
	copyrights

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/html.c, src/html.h, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: Allow a client to reconnect and continue
	authentication.  That allows clients like CISCO anyconnect to resume authentication
	in a different session by keeping the username in a cookie. That
	works only when a single password is used.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Advertize a very low version of client.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: stricter check of acceptable states.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: more debug messages and be more strict when
	cannot read the password.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/html.c, src/worker-auth.c: Added more debugging messages.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c, src/vpn.h: increased maximum name size of DTLS cipher
	and other occtl cleanups.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main-ctl-handler.c, src/vpn.h: Added human_addr2()
	which will display port number only when requested.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: reduced space for IPs

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: corrected reporting of VPN IP addresses.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: better reporting of ciphersuite and group name.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: corrected default pager behavior

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h, src/vpn.h: increased sizes for ciphersuite name, and
	decreased maximum size for the DTLS ciphersuite (as we use openssl's
	short names)

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: removed dbus_message_iter_has_next() as it behaves
	differently on different versions.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c: more debugging info

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: ignore sigpipe and print (none) when no group is
	available.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/occtl-pager.c: Added configure option to specify
	the default pager for occtl.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main-user.c, src/worker-auth.c: Better error
	checking and cleaned up support for scripts.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: make sure that recvmsg() will continue after signal

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: use TUNSETPERSIST

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: systemd file installation is optional

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: corrected args file generation

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: combined EXTRA_DIST

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, configure.ac, src/main.c: use pselect only when available.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing file

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: Added SEE ALSO man section.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/ocpasswd-args.def,
	src/ocserv-args.def: updated copyright notices

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, src/Makefile.am, src/occtl-args.def,
	src/occtl-cache.c, src/occtl-pager.c, src/occtl-time.c, src/occtl.c: 
	Added occtl.8

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: removed CISCO example policy

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: when used non-interactively return error codes to
	shell on failure.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: display proper error when server sends no reply on
	D-BUS.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in: removed auto-generated file

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: Added more conservative
	priority strings.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/occtl-cache.c, src/occtl.c, src/occtl.h: Add
	usernames and session IDs to readline cache.  This allows auto-completion to show user, and show id, after list
	users is executed.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c: shorter names for states

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c, src/worker-vpn.c: The
	ciphersuite of the client is transferred from the D-BUS interface.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-misc.c, src/main.h, src/vpn.h,
	src/worker-vpn.c: worker will send information on the negotiated
	TLS/DTLS ciphersuites to main.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/occtl-pager.c: do not start pager when not on a
	tty.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: updated commands and descriptions.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: print the license in the interactive client.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/main-ctl-handler.c,
	src/ocserv-args.def, src/vpn.h: Added configuration option use-dbus
	to allow disabling D-BUS usage.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: unblock signals in children.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main-ctl-handler.c, src/main.c, src/main.h,
	src/tlslib.c, src/tlslib.h: Try to release as much memory as
	possible to be able to detect real memory leaks.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main-misc.c: eliminated memory leaks

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: block signals on the proper time.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: use c_strncasecmp() and c_strcasecmp() for matching.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-time.c: doc update

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/occtl-time.c, src/occtl.c, src/occtl.h: print
	the connection time in a compact way

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: print brackets in IPs only when needed (IPv6+port)

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c: Added commands to obtain
	information on a user or an ID.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/occtl-pager.c, src/occtl.c, src/occtl.h: Use
	pager in list users command.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/main.c, src/main.h, src/occtl.c: Added
	reload and 'stop now' D-BUS commands.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: print help when arguments are missing

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: force kill if there are alive children after some time

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: force kill if not every process dies.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c: Simplified method handling.

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: SIGINT doesn't terminate occtl

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: better matching of higher level commands, and
	addition of the reset cmd.

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c: remove_proc() calls
	remove_from_script_list().  This will prevent a race in the case where a proc is deleted (i.e.,
	user is disconnected) but a running script terminates afterwards and
	tries to reference the deleted proc.

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: set sockets to non-blocking outside the loop.

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-ctl-handler.c, src/main.c, src/main.h: 
	better names to lists

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac: added subdir-objects

2014-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use pselect() instead of select()

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: terminate on EOF

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: interface improvements in occtl

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, doc/Makefile.am,
	doc/dbus/org.infradead.ocserv.conf,
	doc/dbus/org.infradead.ocserv.service: install D-BUS and systemd
	files.

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/main-ctl-handler.c,
	src/occtl.c: Added occtl a D-BUS client to query and send commands
	to server.

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: when disconnecting a user make sure that no race
	conditions exist when killing the process.

2014-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in, configure.ac, src/Makefile.am,
	src/main-ctl-handler.c, src/main.c, src/main.h, src/vpn.h: Added
	support for control commands using D-BUS.

2014-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: do not print a port number if it is not available

2014-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main.c: when using systemd socket activation the
	tcp-port option is optional.  Moreover the UDP and TCP ports are "discovered" from the provided
	file descriptors.

2014-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/systemd/ocserv.service,
	doc/systemd/ocserv.socket: Added example systemd socket and service
	files.

2014-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Detect protobuf-c in systems without pkg-config.

2014-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/main.h: store the time a client connected.

2014-01-01  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-vpn.c: Remove unnecessary AnyConnect /2/* files As long as all of our supported OSes are listed under /1/*, the /2/*
	files can be omitted.

2014-01-01  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-vpn.c: Add support for Mac AnyConnect client Populate the 0-byte /1/Darwin_i386 file to prevent the following
	error:     The AnyConnect package on the secure gateway could not be
	    located.  You may be experiencing network connectivity issues.
	    Please try connecting again.  Tested with AnyConnect 3.1.03103.

2014-01-01  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-extras.c: Fix auto-update regression on AnyConnect
	clients If /1/<OS> exists for every valid OS, then the client will never
	even try to request /2/binaries/update.txt.  Instead, it will
	request /1/binaries/update.txt, and then get very confused when the
	response looks like an XML document instead of a version string.

2014-01-01  Kevin Cernekee <cernekee@gmail.com>

	* README: README: Update dependencies

2013-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: set socket options in sockets received by systemd as
	well.

2013-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, config.h.in, configure.ac, src/Makefile.am, src/main.c: 
	Added support for systemd's socket activatable service.

2013-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c, src/worker-vpn.c: Added comments

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, configure.ac, src/Makefile.am, src/common.c,
	src/common.h, src/ipc.h, src/ipc.proto, src/log.c, src/main-auth.c,
	src/main-misc.c, src/main-resume.c, src/main.c, src/main.h,
	src/vpn.h, src/worker-auth.c, src/worker-extras.c,
	src/worker-misc.c, src/worker-resume.c, src/worker-tun.c,
	src/worker-vpn.c, src/worker.h: Converted IPC messaging to
	protocolbuffers-c That adds a dependency on protocolbuffers-c, but simplifies the
	worker-main communication protocol handling.

2013-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed dist-lzip

2013-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: moved length check to correct position

2013-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2013-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: Added text on generating the server
	certificate

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.2.3

2013-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: disabled limits that break the worker

2013-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, src/Makefile.am: generated files added to
	BUILT_SOURCES to fix parallel compilation

2013-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: avoid @AUTOGEN@

2013-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Added newline

2013-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2013-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libopts/m4/libopts.m4: the generation of makefile isn't
	conditional

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: updated

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/ip-lease.c, src/main-auth.c,
	src/main.h: reduced cookie size by only writing down the ipv4 seed.

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/ip-lease.c, src/main-auth.c,
	src/main.h: Augmented cookie format to store the seeds used to
	generate IPv4 and IPv6 addresses.  This ensures that if the IP previously used by a user is free, it
	will be reassigned to him after a reconnection with the same cookie.

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: corrected typo

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: use IPV6_CHECKSUM only when available.

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-tun.c: reorder

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: corrected typo

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: include netinet/ip.h prior to ip_icmp.h to have
	struct ip defined.

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: define ICMP_DEST_UNREACH in systems where it is
	not available

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: corrected typo

2013-12-10  Kevin Cernekee <cernekee@gmail.com>

	* src/main-auth.c: Fix multiple session disconnect when
	max-same-clients is 0 max-same-clients is used to limit the number of outstanding sessions (cookies).  If set to 0, it means an unlimited number of active
	cookies can be owned by each user.  But it doesn't mean that the
	same cookie can be reused for multiple CSTP connections with
	different IPs, as the protocol does not normally work this way.

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: more verbose messages.

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: updated debug messages.

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/group-config.c,
	src/main-misc.c, src/main.c, src/main.h, src/ocserv-args.def,
	src/vpn.h: Added support for cgroups

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/group-config.c: simplified reading the
	net-priority option

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: corrected DPD sending in TLS. Reported by Kevin
	Cernekee.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/group-config.c,
	src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: Allow setting
	directly the IP_TOS from net-priority.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: conditionally use SO_PRIORITY

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: do check the username validity only when a
	certificate is present.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: adjusted severity

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-tun.c, src/worker-vpn.c,
	src/worker.h: simplified setting of additional configuration in the
	worker process

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: corrected typo

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: do not require a certificate when authenticating
	with cookie and always-require-cert is set to false.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/worker-auth.c: Added more verbose logging

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in, configure.ac, src/sec-mod.c: sec-mod ensures that
	requests come from the correct user.

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/Makefile.am, src/config.c,
	src/{main-config.c => group-config.c}, src/main-auth.c,
	src/main-misc.c, src/ocserv-args.def, src/vpn.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: Added the net-priority configuration
	option.  That option allows setting the protocol-defined priority (via
	SO_PRIORITY) for the UDP and TCP sockets, per user/group or
	globally.

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: enforce the RLIMIT_FSIZE and RLIMIT_AS

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in, configure.ac, src/icmp-ping.c: use iphdr only when
	available

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: doc update

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: do not return empty usernames

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-pam, tests/test-pam.config: Added
	test-pam (which is only run manually)

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cert, tests/test-iroute, tests/test-iroute.config,
	tests/test-multi-cookie, tests/test-multi-cookie.config,
	tests/test-pass, tests/test-pass-cert, tests/test-pass-script: 
	reduced fragility of the tests

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-iroute: store temp files in a fixed
	dir

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/main-auth.c, src/main-auth.h, src/pam.c, src/plain.c: 
	Allow PAM to update username

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: explicitly initialize module

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: removed newline from log messages

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: Only add new leases to hash table (and print the
	assigned IPs).

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: print more details on certificate verification
	failure.

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/icmp-ping.c, src/tun.c: 
	Conditionally include system specific headers.

2013-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: if no udp port is set do not bother sending DTLS
	info to client.

2013-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: removed unneeded include

2013-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/main.c: udp-port can now be unset, and
	that will disable listening to UDP.

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README: doc update

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c, src/main-misc.c, src/main.c, src/script-list.h: 
	initialize values prior to list_for_each() calls, to avoid static
	analysers complaints on garbage values.

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ccan/list/list.h: undefine LIST_HEAD and LIST_HEAD_INIT

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in, configure.ac, src/system.c, src/system.h: Use the
	correct sighandler definition on different systems.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-iroute: use regex for comparison

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-multi-cookie,
	tests/test-multi-cookie.config: Added test case for the
	disconnection due to cookie re-use case.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/ip-lease.c, src/main-auth.c, src/main-misc.c,
	src/main.h: When a new connection presents a cookie of an existing
	session the previous session is disconnected.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: fixed issue when compiling with -j

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pam.c: further increase the PAM stack size to allow for more
	complex PAM modules

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: properly initialize rnd IP to avoid valgrind
	complaints

2013-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated todo

2013-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-30  Kevin Cernekee <cernekee@gmail.com>

	* README: README: Add info on build dependencies

2013-11-30  Kevin Cernekee <cernekee@gmail.com>

	* build-aux/.gitignore: Add build-aux/.gitignore

2013-11-30  Kevin Cernekee <cernekee@gmail.com>

	* build-aux/ar-lib, build-aux/compile, build-aux/depcomp,
	build-aux/install-sh, build-aux/missing, build-aux/test-driver: 
	Remove autogenerated scripts from git repo These get dirtied every time somebody runs autogen.sh.

2013-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-11-30  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-vpn.c: Add X-CSTP-License header for mobile client
	compatibility The Android AnyConnect client passes authentication but refuses to
	establish a VPN link if this header is missing.

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: updated title

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, gl/m4/extern-inline.m4: updated gnulib

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cert, tests/test-iroute, tests/test-iroute.config,
	tests/test-pass, tests/test-pass-cert, tests/test-pass-script,
	tests/test-pass-script.config, tests/test1.config,
	tests/test2.config, tests/test3.config: use different ports per test

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-iroute.config, tests/test-pass-script.config,
	tests/test1.config, tests/test2.config, tests/test3.config: daemon
	group is available in more systems. Use that for testing.

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: updated libopts detection

2013-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2013-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/common.sh: relicensed after all authors agreed.

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use definitions to avoid discrepancies.

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: corrected size of explicit nonce

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: The Salsa20 ciphersuites are used over DTLS 1.2,
	and their names follow the new encoding.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: be more precise in MTU calculation even without
	gnutls_est_record_overhead_size().

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Do not use an MTU that is bigger than the
	originally suggested one. Openconnect doesn't like that.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/worker-vpn.c: Better estimate the record
	overhead.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/log.c, src/main.c,
	src/ocserv-args.def, src/vpn.h, src/worker-auth.c,
	src/worker-extras.c, src/worker-vpn.c: Added the --http-debug option
	to ocserv to avoid printing full HTTP messages to normal debug mode.

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: more changes for the new
	ciphersuites

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Added ciphersuites OC-AES-GCM.

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h: corrected include to http-parser

2013-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cert, tests/test-iroute, tests/test-pass,
	tests/test-pass-cert, tests/test-pass-script: relicensed files.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/worker-auth.c,
	src/worker-tun.c, src/worker-vpn.c: Check for local http_parser
	library. If found use it instead of the included one.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: test before copy

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac: Distribute the autogen'erated files as
	.bak and enable them only if local libopts is being used.

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: better phrasing.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/ocserv-script: remove usage of wondershaper

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-bandwidth.c, src/worker-bandwidth.h, src/worker-vpn.c: 
	reduce the calls to gettime().

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gettime.h: use CLOCK_REALTIME_COARSE if available.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: update

2013-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: separated auto-generated files into special
	libraries to allow compilation using make -jx, x>1

2013-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* LICENSE: mentioned the libopts license

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: print package version on initialization

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: added the srcdir prefix

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: delete libopts generated files if system libopts is
	being used

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: ensure that auto-generated files will be
	auto-generated during compilation.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: removed no longer relevant item

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/ag-char-map.h, libopts/ao-strs.c, libopts/ao-strs.h,
	libopts/autoopts/options.h, libopts/autoopts/usage-txt.h,
	libopts/compat/compat.h, libopts/compat/strchr.c,
	libopts/configfile.c, libopts/genshell.c, libopts/genshell.h,
	libopts/m4/libopts.m4, libopts/option-value-type.c,
	libopts/option-value-type.h, libopts/option-xat-attribute.c,
	libopts/option-xat-attribute.h, libopts/pgusage.c, libopts/proto.h,
	libopts/streqvcmp.c, libopts/text_mmap.c, libopts/usage.c: updated
	to libopts 5.18.2

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: updated

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/Makefile.am, libopts/ag-char-map.h, libopts/alias.c,
	libopts/ao-strs.c, libopts/ao-strs.h, libopts/autoopts.c,
	libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/project.h, libopts/autoopts/usage-txt.h,
	libopts/compat/pathfind.c, libopts/configfile.c, libopts/enum.c,
	libopts/find.c, libopts/genshell.c, libopts/genshell.h,
	libopts/gettext.h, libopts/init.c, libopts/load.c,
	libopts/m4/libopts.m4, libopts/makeshell.c,
	libopts/option-value-type.c, libopts/option-value-type.h,
	libopts/option-xat-attribute.c, libopts/option-xat-attribute.h,
	libopts/pgusage.c, libopts/proto.h, libopts/putshell.c,
	libopts/restore.c, libopts/save.c, libopts/stack.c,
	libopts/text_mmap.c, libopts/usage.c, libopts/version.c: updated
	libopts to 5.18

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.2.1

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/main-config.c,
	src/ocserv-args.def, src/worker-bandwidth.c, src/worker-bandwidth.h: 
	count bandwidth in kb/sec to avoid overflows on high bandwidth.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.c, src/ocpasswd-args.h, src/ocserv-args.c,
	src/ocserv-args.h: removed auto-generated files.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/ocpasswd.c, src/str.c, src/str.h,
	src/worker-vpn.c: updated code to avoid memory leaks.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/sec-mod.c: do not ignore errors from system calls

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: autogenerate changelog prior to release

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: call setgroups() after setgid() to avoid staying with
	an unexpected group set.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def: Added pid-file command line
	option, that overrides the configured pid-file.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/ocpasswd-args.c, src/ocpasswd-args.h,
	src/ocserv-args.c, src/ocserv-args.h: reorganized file generation
	and removed auto-generated files.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: increased stack size for PAM coroutines to 64k.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac: link with libopts only if autogen is
	found. This avoids incompatibility issues with different
	autogen/libopts version.

2013-11-05  Mike Miller <mtmiller@ieee.org>

	* Makefile.am, configure.ac, src/Makefile.am: Allow linking with
	system libopts if installed

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am: removed unneeded check for gdbm

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Move ocserv to sbin

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, COPYING, src/common.c, src/common.h, src/config.c,
	src/cookies.c, src/cookies.h, src/gettime.h, src/html.c,
	src/html.h, src/icmp-ping.c, src/icmp-ping.h, src/ip-lease.c,
	src/ip-lease.h, src/ipc.h, src/log.c, src/main-auth.c,
	src/main-auth.h, src/main-config.c, src/main-misc.c,
	src/main-resume.c, src/main-user.c, src/main.c, src/main.h,
	src/ocpasswd.c, src/pam.c, src/pam.h, src/plain.c, src/plain.h,
	src/route-add.c, src/route-add.h, src/script-list.h, src/sec-mod.c,
	src/sec-mod.h, src/setproctitle.c, src/setproctitle.h, src/str.c,
	src/str.h, src/system.c, src/system.h, src/tlslib.c, src/tlslib.h,
	src/tun.c, src/tun.h, src/vpn.h, src/worker-auth.c,
	src/worker-bandwidth.c, src/worker-bandwidth.h,
	src/worker-extras.c, src/worker-misc.c, src/worker-privs.c,
	src/worker-resume.c, src/worker-tun.c, src/worker-vpn.c,
	src/worker.h: updated license information and authors

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, build-aux/config.rpath, config.h.in, configure.ac,
	gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/lib-ld.m4, {m4 => gl/m4}/lib-link.m4, gl/m4/lib-prefix.m4: 
	Added lib-link.m4 via gnulib.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/Makefile.am, src/config.c, src/gettime.h,
	src/main-auth.c, src/main-config.c, src/main-misc.c,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/str.c, src/str.h, src/vpn.h, src/worker-auth.c,
	src/worker-bandwidth.c, src/worker-bandwidth.h, src/worker-vpn.c,
	src/worker.h: Added directives to allow bandwidth limitation.

2013-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-config.c: do not fail if a configuration file is empty

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: reduced the severity of several messages.

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: more informative message

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: avoid multiple calls to time(0)

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-misc.c: added error message

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-pass-script,
	tests/test-pass-script.config: Added login-test when a connect or
	disconnect script is set.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.2.0

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/worker-auth.c: Avoid calling
	handle_script_exit() twice on user connect.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: return correct error code

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: corrected typo

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-resume.c, src/worker-auth.c, src/worker-resume.c: small
	updates

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c, src/vpn.h: Always terminate the
	worker unless he has already been dead.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h, src/worker-misc.c: Corrected behavior on error during
	receiving a UDP fd.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/main-misc.c, src/main.c, src/main.h: Avoid forwarding
	the UDP fd within a minute. That is to avoid duplicate messages
	messing the worker session.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ccan/htable/htable.c, src/ip-lease.c, src/main.h,
	src/tlslib.c: updates in hash table usage.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-iroute, tests/test-iroute.config,
	tests/user-config/test: Added test to check the application of user
	routes.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/str.c, src/str.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c, src/worker.h: Avoid many system
	calls when sending serialized data.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.h, src/main-auth.c, src/worker-auth.c: Simplified
	auth_reply transfer from main to worker.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated todo list

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/route-add.c: increased level of spawn errors.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: updated

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: do not try load configuration on empty string
	groups

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: corrected bug

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c, src/worker-auth.c,
	src/worker-resume.c: Added more debugging information.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/dup2.c, gl/getdtablesize.c, gl/m4/dup2.m4,
	gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
	gl/m4/gnulib-comp.m4, gl/m4/unistd_h.m4, gl/stdio-impl.h,
	gl/stdio.in.h, gl/unistd.in.h: updated gnulib

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-resume.c: small update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: Corrected certificate authentication.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-cert, tests/test-pass,
	tests/test-pass-cert, tests/test3.config: Added test with only a
	certificate.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/main-config.c, src/main-misc.c,
	src/main.c, src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/route-add.c, src/route-add.h, src/tun.c,
	src/vpn.h: Added the 'iroute' directive to allow routes set on
	server.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/route-add.c,
	src/route-add.h, src/vpn.h: Added commands to add and remove a
	route.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-config.c, src/main-misc.c: relocated function

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/common.c, src/common.h,
	src/config.c, src/main-config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h: Added the ipv6-prefix
	configuration option

2013-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/common.c, src/common.h, src/ip-lease.c,
	src/ip-lease.h, src/ipc.h, src/main-auth.c, src/main-config.c,
	src/main-misc.c, src/main-resume.c, src/main-user.c, src/main.c,
	src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tun.c, src/tun.h, src/vpn.h,
	src/worker-auth.c, src/worker-tun.c, src/worker-vpn.c, src/worker.h: 
	Increased the number of directives allowed in group and user
	configurations.

2013-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/Makefile.am, src/common.c,
	src/common.h, src/config.c, src/ipc.h, src/main-auth.c,
	src/main-config.c, src/main-misc.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c, src/worker.h: Allow loading
	additional configuration files per user or per group.  The directives currently allowed are: ipv4/6_dns and route.

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, config.h.in, configure.ac: bumped version

2013-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c: Configuration file parsing was modified to
	allow detecting mispellings of directives and unknown options.

2013-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: 
	Added config options 'mtu' and 'output-buffer'.

2013-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2013-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: Do not wait for
	socket to be ready when sending DTLS data.

2013-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-vpn.c: Reduce limit of output buffer on DTLS
	socket to reduce latency (following similar openconnect change).

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: corrected MTU suggestion when DTLS isn't used

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Suggest a single MTU value instead of two
	distinct for DTLS and CSTP.

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: better calculation of suggested to the peer MTU

2013-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: released 0.1.6

2013-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc update

2013-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-08-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.c, src/ocpasswd-args.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h: doc update

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/ag-char-map.h: Applied Bruce Korb's fix on unacceptable
	chars.

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/ag-char-map.h: Revert "Ignore non-ascii characters in
	configuration file." This reverts commit f7a938e5d7fd07144062ea64a6ab028cf43bb3e6.

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/ag-char-map.h: Ignore non-ascii characters in
	configuration file.  This is a quick fix for

	http://lists.infradead.org/pipermail/openconnect-devel/2013-July/001126.html

2013-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, src/Makefile.am, src/ocpasswd-args.c,
	src/ocpasswd-args.def, src/ocpasswd-args.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/{version.def.in =>
	version.inc.in}: regenerate autogen'ed files when making a
	distribution.

2013-07-21  Mike Miller <mtmiller@ieee.org>

	* tests/test-pass, tests/test-pass-cert: Fix path to common.sh when
	tests run from another directory

2013-07-21  Mike Miller <mtmiller@ieee.org>

	* doc/Makefile.am: Add autogen search path to work when building out
	of the source tree

2013-07-21  Mike Miller <mtmiller@ieee.org>

	* src/ocpasswd-args.c, src/ocpasswd-args.def, src/ocpasswd-args.h: 
	Improve ocpasswd short description, re-run autogen

2013-07-21  Mike Miller <mtmiller@ieee.org>

	* src/main-resume.c, src/main.c, src/main.h: Fix typo maintainance
	-> maintenance

2013-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd.c: Ask the password twice to avoid mistakes.

2013-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.1.5

2013-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: removed debugging

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: use c_strcase in config file parsing

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/html.c: check for errors in sscanf

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, config.h.in, doc/sample.config, doc/sample.passwd,
	gl/Makefile.am, gl/c-ctype.h, gl/c-strcase.h, gl/c-strcasecmp.c,
	gl/c-strncasecmp.c, gl/fseeko.c, gl/m4/extern-inline.m4,
	gl/m4/fseeko.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/msvc-inval.c, src/Makefile.am, src/html.c, src/html.h,
	src/plain.c, src/worker-auth.c, tests/test-pass, tests/test1.passwd: 
	Added decoder for HTML-encoded and URL-encoded passwords and
	usernames.  This prevents special characters from not being recognized. Reported
	by P.H.Vos.  Also updated gnulib and added c-strncasecmp

2013-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-extras.c, src/worker-vpn.c, src/worker.h: Added
	additional handlers for requested files.

2013-07-07  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-extras.c, src/worker-vpn.c, src/worker.h: bypass
	AnyConnect client auto-update mechanism

2013-07-07  Kevin Cernekee <cernekee@gmail.com>

	* src/tlslib.c: add missing GnuTLS version checks around >= v3.2.0
	features

2013-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: use existing files

2013-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/common.sh, tests/test-pass, tests/test-pass-cert: moved
	common tests to common.sh

2013-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/{test1 => test-pass}, tests/{test2 =>
	test-pass-cert}: renamed scripts and added additional test with
	wrong username.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, build-aux/depcomp, build-aux/test-driver,
	configure.ac, tests/Makefile.am, tests/ca-key.pem, tests/ca.pem,
	tests/common.sh, tests/server-cert.pem, tests/server-key.pem,
	tests/test1, tests/test1.config, tests/test1.passwd, tests/test2,
	tests/test2.config, tests/user-cert.pem, tests/user-key.pem: Added
	test suite that depends on openconnect.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: common check for user and group match.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.h, src/main-misc.c, src/main.h, src/pam.c: Put a
	limit in the number of allowed authentication requests, and
	increased size of stack for co-routines.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: silence warnings

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/tlslib.c: more fixes

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: automate the clang static check of code.

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: avoid deinitializing garbage

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-user.c: corrected null pointer deferences

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/tun.c: corrected dead assignments

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/cookies.h, src/main-auth.c, src/main-misc.c,
	src/main.h: better function names and parameter order

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: print proper message when changing password in PAM.

2013-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: Allow session resumption database access, and
	allow more graceful cleanup on authentication failure.

2013-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pcl/pcl_config.h: Do not need the multi-threaded version of
	PCL.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.h, src/tun.c, src/tun.h, src/vpn.h: 
	leases belong to users as well. That way IPs are properly re-used.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: cookie-db no longer exists.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: Corrected plain passwd authentication to read group
	name when needed.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: properly initialize group name in plain passwd.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: allow cookie-only authentication (fixes previously
	introduced bug)

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: disallow mixing multiple username/password
	authentication methods

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/cookies-gdbm.c,
	src/cookies-hash.c, src/cookies.c, src/cookies.h, src/ipc.h,
	src/log.c, src/main-auth.c, src/main-misc.c, src/main.c,
	src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tun.c, src/tun.h, src/vpn.h: Cookies are no
	longer persistent

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: document way to force PFS

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, INSTALL, build-aux/ar-lib, build-aux/compile,
	build-aux/depcomp, build-aux/install-sh, build-aux/missing: updated
	auto-generated scripts.

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: enable ability to change password with PAM

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: removed debugging info

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, config.h.in, configure.ac, src/Makefile.am,
	src/pcl/Makefile.am, src/pcl/pcl.c, src/pcl/pcl.h,
	src/pcl/pcl_config.h, src/pcl/pcl_private.c, src/pcl/pcl_private.h,
	src/pcl/pcl_version.c: Allow compilation without the PCL library

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.h, src/main-auth.c, src/main-auth.h, src/main.h,
	src/pam.c, src/plain.c, src/worker-auth.c: small fixes to avoid
	relying on properly null-terminated strings.

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.h: described authentication process.

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: removed debugging message

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* INSTALL, build-aux/ar-lib, build-aux/compile, build-aux/depcomp,
	build-aux/install-sh, build-aux/missing, doc/sample.config: 
	autogen'ed files update

2013-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/ipc.h, src/main-auth.c,
	src/main-auth.h, src/main-misc.c, src/main.c, src/main.h,
	src/pam.c, src/pam.h, src/plain.c, src/plain.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c, src/worker.h: Advanced auth
	implemented

2013-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Revert "Use the new type of XML" This reverts commit 2163836ad8d3ff5974a69373cfac2d7c2463f2e4.

2013-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Revert "simplified opaque handling" This reverts commit 0af9c45e8c0bca97673f80f63ac73b77f8a23a13.

2013-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: simplified opaque handling

2013-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Use the new type of XML

2013-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/pam.c, src/pam.h: set PAM_RHOST variable
	using the clients's IP.

2013-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* INSTALL, NEWS, build-aux/ar-lib, build-aux/compile,
	build-aux/depcomp, build-aux/install-sh, build-aux/missing,
	configure.ac: bumped version

2013-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-vpn.c: ensure that the actual reads on DTLS are
	at maximum MTU-1.

2013-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: bumped version

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/tlslib.c, src/tlslib.h, src/worker-vpn.c: corrected
	values returned in X-CSTP-MTU and X-DTLS-MTU

2013-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/vpn.h, src/worker-extras.c,
	src/worker-vpn.c, src/worker.h: Removed ability to send binary
	files.

2013-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use X-SALSA20 to avoid any future conflicts

2013-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-extras.c: keep the connection alive

2013-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-extras.c: do not try to send binaries if no path is
	setup

2013-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def, src/worker-extras.c, src/worker-vpn.c,
	src/worker.h: reorganized compatibility layer

2013-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/Makefile.am, src/config.c,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/vpn.h, src/worker-extras.c, src/worker-vpn.c, src/worker.h: 
	Allow downloading raw files from 1/binaries

2013-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: use gnutls_privkey_sign_hash() when available.

2013-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: Check X-CSTP-Address-Type and
	don't send addresses that were not requested.

2013-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: Added gettimeofday in the list of syscalls

2013-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: updated seccomp code

2013-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: more verbose printing of signal deaths

2013-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: simplified seccomp check

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/str.c, src/worker-vpn.c: use strtok() to parse client provided
	string.

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: require gnutls 3.2.1 to enable salsa20

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/m4/libopts.m4: relax check on requirement on headers for
	libopts.

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/gettime.h: Added missing file

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: updated header

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* LICENSE: updated license information

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, src/main-user.c: emulate gettime

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/c-ctype.c, gl/c-ctype.h, gl/cloexec.c,
	gl/cloexec.h, gl/close.c, gl/dup2.c, gl/errno.in.h, gl/fcntl.c,
	gl/fcntl.in.h, gl/fd-hook.c, gl/fd-hook.h, gl/fseek.c, gl/fseeko.c,
	gl/fstat.c, gl/getdelim.c, gl/getdtablesize.c, gl/getline.c,
	gl/getpass.c, gl/getpass.h, gl/gettime.c, gl/gettimeofday.c,
	gl/lseek.c, gl/m4/clock_time.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/gettime.m4, gl/m4/gettimeofday.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/sys_socket_h.m4,
	gl/m4/sys_time_h.m4, gl/m4/timespec.m4, gl/malloc.c, gl/memchr.c,
	gl/memmem.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h,
	gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/realloc.c,
	gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
	gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h, gl/strdup.c,
	gl/string.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/sys_types.in.h, gl/time.in.h, gl/timespec.c, gl/timespec.h,
	gl/unistd.in.h: updated gnulib

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc fix

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: do not restrict worker's memory

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: estream ciphersuite was given priority

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: increased priority

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: print DTLS ciphersuite

2013-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, TODO: doc update

2013-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/str.c, src/str.h: added missing files.

2013-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/m4/libopts.m4: configure proceeds if regex library isn't
	found

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: corrected cipher names

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: Allow for a ciphersuite
	negotiation

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: small fixes

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/main.h, src/worker-vpn.c, src/worker.h: 
	reorganized HTTP header reading.

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: corrected typo

2013-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2013-05-16  Faidon Liambotis <paravoid@debian.org>

	* src/worker-privs.c, src/worker-vpn.c: Make seccomp failures
	non-fatal & lower log prio Building a binary with --enable-seccomp and then running it on a <
	3.5 kernel, results in seccomp_load() failing and ocserv's worker
	process aborting. This might be okay-ish for users who ./configure
	&& make install on their own systems but it's obviously non-ideal
	for e.g.  distributions that need to distribute binaries.  Unfortunately there doesn't seem to be a good way (that I could
	find) to check if the running kernel has seccomp -- uname/uts isn't
	a good solution as Ubuntu has backported it to 3.2, custom kernels
	might have CONFIG_SECCOMP=n etc.  So, this makes a tradeoff call and removes the exit_worker() call on
	seccomp failures, lowers the seccomp error logs to LOG_DEBUG from
	LOG_WARNING and the "could not disable system calls" to LOG_INFO
	from LOG_ERR.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-05-16  Faidon Liambotis <paravoid@debian.org>

	* src/worker-privs.c: Workaround libseccomp bug & fix error handling libseccomp has a bug where -EDOM is returned when seccomp_rule_add
	is called for pseudo system calls (i.e. < -99). This was triggered
	by adding the send() system call on my x86_64 machine. The bug seems
	to have been recently (May 7th, 2013) reported and fixed on
	libseccomp upstream but it will take a while to find its way to a
	release and distributions.  Additionally, there was a bug on how libseccomp calls were error
	handled: libseccomp functions don't actually set errno, but set
	errno values in their return value instead. This resulted in the
	seccomp_rule_add call above to print "could not add send to seccomp
	filter: Success".  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: fixed length checks

2013-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: check for children cleanup prior to checking for
	termination.  That allows to quickly terminate after the secmod death is detected.

2013-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated example

2013-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/http-parser/http_parser.c: use gnulib's ctype

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/m4/libopts.m4: do not check for a working libregex if it
	is disabled

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac: bumped version

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: check for setproctitle

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/c-ctype.c, gl/c-ctype.h: added missing files

2013-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : design update

2013-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: 
	Added X-CSTP-Default-Domain option.

2013-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/die.h, src/main-misc.c, src/main-resume.c,
	src/main-user.c, src/main.c, src/sec-mod.c, src/{die.c =>
	system.c}, src/system.h, src/worker-vpn.c: Use sigaction() to have a
	consistent behavior across systems for signals.

2013-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated TODO

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, doc/profile.xml, doc/sample.config,
	gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/sys_time.in.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tlslib.c, src/worker-auth.c,
	src/worker-vpn.c: Updates for cisco's client.

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: corrected bug in anyconnect compat

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/icmp-ping.c: verify the ICMP IDs prior to checking response.

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/icmp-ping.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h: Added config file
	option ping-leases.

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd.c: corrected bug which prevented ocpasswd adding more
	than a single user.

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/ocpasswd-args.c, src/ocpasswd-args.def,
	src/ocpasswd-args.h: updated ocpasswd doc

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: make ocpasswd manpage

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.c, src/ocpasswd-args.def, src/ocpasswd-args.h,
	src/ocpasswd.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: Updated autogen generated files, and added more
	options to ocpasswd.  ocpasswd now accepts the --lock and --unlock options and accepts the
	username as the last argument.

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, libopts/COPYING.gplv3, libopts/COPYING.lgplv3,
	libopts/Makefile.am, libopts/README, libopts/ag-char-map.h,
	libopts/alias.c, libopts/ao-strs.c, libopts/ao-strs.h,
	libopts/autoopts.c, libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/project.h, libopts/autoopts/usage-txt.h,
	libopts/boolean.c, libopts/check.c, libopts/compat/compat.h,
	libopts/compat/pathfind.c, libopts/compat/snprintf.c,
	libopts/compat/strchr.c, libopts/compat/strdup.c,
	libopts/compat/windows-config.h, libopts/configfile.c,
	libopts/cook.c, libopts/enum.c, libopts/env.c, libopts/file.c,
	libopts/find.c, libopts/genshell.c, libopts/genshell.h,
	libopts/gettext.h, libopts/init.c, libopts/libopts.c,
	libopts/load.c, libopts/m4/libopts.m4, libopts/m4/liboptschk.m4,
	libopts/makeshell.c, libopts/nested.c, libopts/numeric.c,
	libopts/option-value-type.c, libopts/option-value-type.h,
	libopts/option-xat-attribute.c, libopts/option-xat-attribute.h,
	libopts/parse-duration.c, libopts/parse-duration.h,
	libopts/pgusage.c, libopts/proto.h, libopts/putshell.c,
	libopts/reset.c, libopts/restore.c, libopts/save.c, libopts/sort.c,
	libopts/stack.c, libopts/streqvcmp.c, libopts/text_mmap.c,
	libopts/time.c, libopts/tokenize.c, libopts/usage.c,
	libopts/version.c: updated libopts

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, config.h.in, configure.ac, src/Makefile.am,
	src/icmp-ping.c, src/icmp-ping.h, src/log.c, src/tun.c, src/vpn.h: 
	Prior to leasing an IPv4 ping it to check if it is already in use.

2013-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: read device name in FreeBSD

2013-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/Makefile.am, src/cookies-gdbm.c, src/cookies.c,
	src/die.c, src/die.h, src/main-misc.c, src/main-user.c, src/main.c,
	src/pam.c, src/setproctitle.c, src/setproctitle.h, src/tun.c,
	src/vpn.h: several updates to allow compilation on FreeBSD

2013-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: updated
	doc

2013-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* LICENSE, Makefile.am: Added license file

2013-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: removed session
	ticket support

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, TODO: doc update

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker.h: removed unused variable

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-vpn.c, src/worker.h: MTU discovery simplified

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: MTU handling updates

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c: clear any lists prior to running sec
	mod

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Revert "run sec mod earlier to save memory" This reverts commit a8152e8c59fb7007b9dee5718bcb46f55b3d0e68.

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: when debugging do not set memory limits

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: run sec mod earlier to save memory

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: deinitialize memory taken by configuration parser.

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: disable dh-params by default

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: 
	doc update

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: added dh-params option into sample file

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: make clear that anyconnect compat layer is
	experimental

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/main-resume.c, src/sec-mod.c, src/tlslib.c: 
	depend on gnutls 3.1.10

2013-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: updated
	doc

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: use quotes when printing password file

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: cookies are overwritten prior to fork

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: Added anyconnect options to sample config

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: updated

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: readjusted log levels

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: reduce MTU on mtu failure in a less steep way

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: changed level of messages

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/ocserv-args.c, src/ocserv-args.h: consider
	chroot environment when creating socket file.

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def, src/sec-mod.c: simplified umask

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c, src/sec-mod.c, src/sec-mod.h,
	src/tlslib.c: updates in unix socket creation

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing file

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: use pkcs11_reinit() only when defined.

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: adjust buffer size if needed.

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: consider TCP MSS in MTU
	calculations.

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: set certain limits on the worker process using
	setrlimit()

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c, src/plain.c: Added copyright headers

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ccan/list/list.c, src/http-parser/http_parser.c: include
	config.h in all files

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: reinitialize PKCS #11 modules after fork

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c, src/tlslib.c: combine writes to a single system
	call.

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: updated syscall list in seccomp

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, TODO, configure.ac, doc/Makefile.am,
	doc/sample.config, doc/sample.passwd, src/Makefile.am,
	src/common.c, src/common.h, src/config.c, src/main-misc.c,
	src/main.c, src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sec-mod.c, src/sec-mod.h, src/tlslib.c,
	src/tlslib.h, src/vpn.h, src/worker-tun.c, src/worker-vpn.c: The TLS
	private keys are kept into a privileged process.  That process is called security-module (sec-mod) and communicates
	with the workers using a unix domain socket.

2013-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: Always send the provided password to PAM irrespective
	of the prompt.

2013-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, TODO, config.h.in, configure.ac,
	gl/Makefile.am, gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/getpass.c,
	gl/getpass.h, gl/lseek.c, gl/m4/fseek.m4, gl/m4/fseeko.m4,
	gl/m4/fstat.m4, gl/m4/getpass.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/largefile.m4, gl/m4/lseek.m4,
	gl/m4/minmax.m4, gl/m4/strdup.m4, gl/m4/sys_stat_h.m4,
	gl/m4/sys_types_h.m4, gl/malloc.c, gl/minmax.h, gl/stdio-impl.h,
	gl/strdup.c, gl/sys_stat.in.h, gl/unistd.in.h, src/Makefile.am,
	src/ocpasswd-args.c, src/ocpasswd-args.def, src/ocpasswd-args.h,
	src/ocpasswd.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/plain.c, src/vpn.h: crypt(3) is used in the
	plain password file.  In addition, ocpasswd program was added to generate password file
	entries.

2013-03-14  Nikos Mavrogiannopoulos <nikos@esat.kuleuven.be>

	* src/Makefile.am, src/ocpasswd.c, src/plain.c: Added ocpasswd

2013-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/sample.config, doc/scripts/ocserv-down,
	doc/scripts/ocserv-script, doc/scripts/ocserv-up: Updated sample
	script.

2013-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/log.c, src/main-auth.c, src/main-misc.c,
	src/main-user.c, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/script-list.h,
	src/tun.c, src/worker-auth.c: Do not let scripts block the server
	operation.

2013-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, build-aux/snippet/_Noreturn.h, config.h.in,
	doc/sample.config, gl/Makefile.am, gl/errno.in.h, gl/getdelim.c,
	gl/getline.c, gl/m4/errno_h.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/malloc.m4,
	gl/m4/realloc.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
	gl/realloc.c, gl/stdio.in.h, gl/stdlib.in.h, gl/unistd.in.h,
	src/Makefile.am, src/config.c, src/main-auth.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/plain.c, src/plain.h,
	src/vpn.h: Added plain password format

2013-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: small doc updates

2013-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/tlslib.c, src/tlslib.h, src/worker-vpn.c: enable session
	tickets.

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: manual page moved to section 8

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tlslib.c, src/vpn.h: Added ability to specify
	multiple certificate and key pairs.

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tlslib.c, src/tlslib.h, src/vpn.h: Allow
	setting DH parameters.

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: check the server certificate prior to initialization

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: Added sanity check on certificate and key reading.

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: Exit when mandatory configuration options are not
	present

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: rate-limit-ms is no longer mandatory to set

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: updated
	doc

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.0.2

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: updated text

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: seccomp is disabled by default

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tlslib.c, src/vpn.h: Allow setting OCSP
	responses.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-tun.c: corrected advertized address

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: small optimizations

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: unified POST
	handlers, and auto-detect xml content

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: corrected check for banned entries

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Eliminated memory leaks on lists.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/main-auth.c,
	src/main-misc.c, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h: Allow setting a
	reconnection delay time after a failed authentication attempt (added
	min-reauth-time option).

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Allow longer sleeps than a second.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : corrected typo

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h: Allow setting a
	rate limit on the number of connections.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated doc

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: do not link against 3.1.7 or 8 version of gnutls.

2013-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c: Anyconnect client compatibility
	is optional.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: simplified certificate request and require setting.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-tun.c: fix the 'local' keyword in DNS server
	settings.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: corrected cert require rule

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/tlslib.c, src/vpn.h,
	src/worker-auth.c, src/worker.h: Added option to allow sending a
	cookie without the corresponding certificate.  This option is required for the cisco clients, that do not always
	use the client certificate. When this option is set to false it
	means that the cookie itself is sufficient for authentication. This
	is bad practice of smart cards are in use.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use chdir prior to chroot.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/profile.xml, doc/sample.config,
	src/Makefile.am, src/config.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/tlslib.c, src/tlslib.h,
	src/vpn.h, src/worker-auth.c, src/worker-vpn.c: Several updates to
	handle URLs requested by the cisco client.

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: Send correct
	replies.

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Added title into success message

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: always set max-age

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/vpn.h, src/worker-auth.c: include banner in the
	XML success message.

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: ocserv.1 built is optional

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: more verbose in client methods

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-02-26  Jason Cooper <jason@lakedaemon.net>

	* configure.ac, doc/Makefile.am, src/Makefile.am: warn if autogen
	isn't installed Signed-off-by: Jason Cooper <jason@lakedaemon.net>

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: Banner was made
	configurable.

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-resume.c: log message updates

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Added timeout to handshake().

2013-02-26  Jason Cooper <jason@lakedaemon.net>

	* .gitignore, doc/ocserv.1: doc/ocserv.1 is generated, don't track
	it Signed-off-by: Jason Cooper <jason@lakedaemon.net>

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: message updates

2013-02-26  Jason Cooper <jason@lakedaemon.net>

	* .gitignore, Makefile.am, configure.ac: add cscope/ctags make
	targets Newcomers to the code often use these tools to learn their way
	around.  Integrate them into the build so that we don't accidentally
	track their files.  Signed-off-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-02-26  Jason Cooper <jason@lakedaemon.net>

	* src/main.c: main: check return of daemon() Signed-off-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: remove Werror from automake flags

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/main.c: updated

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* autogen.sh: Added autogen file.

2013-02-25  Jason Cooper <jason@lakedaemon.net>

	* .gitignore, aclocal.m4: don't track aclocal.m4, it's a generated
	file Signed-off-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/Makefile.am, src/main.c: Added
	support for TCP wrappers (libwrap)

2013-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Added some more CSTP headers

2013-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: 
	Allow setting NBNS.

2013-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented update

2013-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated installation instructions

2013-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: depend on automake 1.11.3

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: more complete
	http body handling

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: better initialization of req.

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* aclocal.m4, build-aux/ar-lib, configure.ac: Added AM_PROG_AR to
	keep automake-1.12 happy. Reported by David Woodhouse.

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Corrected issue with openconnect <= 4.00.
	Reported by Mike Miller.

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Fix out-of-source tree build. Patch by Mike
	Miller.

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, doc/ocserv.1, doc/sample.config, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h: doc update

2013-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: small update

2013-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: small update

2013-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: updated manual

2013-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: added news

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: updates in DPD handling When have not received DPD for long try sending instead of
	immediately failing.  Also treat any received message as DPD to
	prevent kicking an active client.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: DPD_TRIES was defined and increased to 5 from 3

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: small optimizations

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated sample config

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: updated

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: print the DPD time.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/main.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/worker-misc.c: when receive a new UDP
	session, forward the fd and replace the old.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/tlslib.c: simplified TLS file load and reload.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h: Load PINs early.

2013-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/config.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/tlslib.c, src/vpn.h: 
	Added configuration options for PIN files.

2013-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: print debugging
	information on the received HTTP headers

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: 
	mtu discovery via DPD is optional

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, configure.ac, doc/ocserv.1, src/Makefile.am,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/version.def.in: Added version.def.in

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: updated
	bug report address

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-gdbm.c, src/cookies-hash.c, src/main-auth.c: when
	restoring a cookie connection, extend the lifetime of the cookie.

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, doc/sample.config, src/tlslib.c, src/worker-vpn.c,
	src/worker.h: Added some kind of path MTU discovery using DPD.

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: simplified messages

2013-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c, src/main-resume.c: better log messages

2013-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c, src/main-resume.c, src/tlslib.h: Enable
	maintainance when maximum TLS sessions have been reached. Set more
	sane defaults for max sessions.

2013-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c, src/main.c, src/main.h: When the cookie DB is
	full enforce maintainance.

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/tun.c: simplified (and corrected) TUN device
	creation and re-use

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: postpone usage of cork and uncork

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: corrected typo

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: simplified main loop

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c: reduced the default hash table size.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: Added missing ioctl().

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: Allow NULL PAM auth token. This would allow to have
	password authentication on certain users that have a certificate.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/ocserv.1, doc/scripts/ocserv-down,
	doc/scripts/ocserv-up, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: Added example scripts and updated documentation.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/sample.config: Added missing files

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/main-auth.c, src/main-user.c,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: Simplify
	script calling by using the environment

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: quit if no TCP port is available.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/main.h, src/tlslib.c: write the
	correct PID in pid file

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/config.c, src/cookies.h, src/ipc.h,
	src/main-auth.c, src/main-misc.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/pam.c, src/pam.h,
	src/vpn.h, src/worker-auth.c: Use PAM account management and added
	support for user groups.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README, configure.ac, src/config.c, src/log.c,
	src/main.c, src/main.h, src/tlslib.c, src/tlslib.h, src/vpn.h,
	src/worker-tun.c, src/worker-vpn.c: HUP signal reloads configuration

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config: Updated documentation

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use common function to exit

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/tun.h, src/worker-auth.c, src/worker-tun.c,
	src/worker-vpn.c: small updates

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/Makefile.am, src/worker-privs.c,
	src/worker-vpn.c, src/worker.h: Added support for seccomp (untested)

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c, src/main.h, src/worker-misc.c: 
	connect occurs before sending the fd to worker.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: set time to entry only when writing the WTMP file

2013-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: corrected definition

2013-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c: DTLS-Rekey time is set to be
	the 2/3 of cookie validity

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-gdbm.c, src/main.c: fork moved to gdbm backend
	expiration

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath: added missing file

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: better set socket options

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: Write wtmp file if possible.

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c, src/main-misc.c, src/main.c: increased cookie
	hash table size and better cleanup resources on errors

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-gdbm.c, src/cookies-hash.c, src/cookies.c,
	src/cookies.h, src/main.c, src/sample.config: erase cookie data
	before forking to unprivileged process.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: when expiring stuff, do it on the main process unless
	we use gdbm.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-auth.c, src/main-misc.c, src/main.h,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/sample.config, src/vpn.h: enforce maximum number of same clients

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: Set a default config file.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config: Added PID file

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main-resume.c, src/ocserv-args.c,
	src/ocserv-args.h, src/worker-misc.c, src/worker-vpn.c,
	src/worker.h: small reorganization

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: Added OID examples

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: ignore certificate in DTLS session

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: more explicit debug messages.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: do not require certificate on DTLS session

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main.c: simplified logging in debug mode

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, aclocal.m4, config.h.in, configure.ac,
	m4/lib-link.m4, src/config.c, src/log.c, src/main-auth.c,
	src/main-user.c, src/main.c, src/pam.c, src/tlslib.c, src/tun.c: 
	Several changes to compile on old linux kernels, and in constrained
	libgnutls libraries

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: kick out the peer if non DPD
	packets are received for 3x the DPD time

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Ignore non-fatal DTLS errors.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/setproctitle.c, src/setproctitle.h: Use a compatible with
	BSD's setproctitle.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: changes in debugging messages

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: Added wait_fd state in UDP channel

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/setproctitle.c, src/setproctitle.h: used a more
	sane setproctitle

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/main.c, src/setproctitle.c,
	src/setproctitle.h: set process title

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* COPYING: added license

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/ipc.h, src/main-auth.c, src/main-misc.c,
	src/main.h, src/worker-auth.c, src/worker-misc.c, src/worker-tun.c,
	src/worker-vpn.c, src/worker.h: MTU is now set via the main server

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config, src/vpn.h, src/worker-vpn.c: 
	Added configurable DPD

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-vpn.c: explicitly close the logging
	subsystem

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/worker-tun.c, src/worker-vpn.c, src/worker.h: 
	separated tun handling code from main worker code.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: correctly send termination signal to peer

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-vpn.c: added a more graceful termination of
	workers.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-gdbm.c, src/cookies-hash.c, src/cookies.h,
	src/main-auth.c, src/main.c, src/main.h, src/worker-vpn.c: several
	updates in cookies, and tun handling.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: fixes for newer gnutls

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: set tun device MTU based on minimum MTU of DTLS
	and TLS.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sample.config: sample config uses cookie DB

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.h, src/tlslib.c, src/tlslib.h,
	src/worker-auth.c, src/worker-vpn.c: use gnutls cork() and uncork()
	when available

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/main.h, src/ocserv-args.def, src/sample.config,
	src/tlslib.c, src/tlslib.h, src/vpn.h, src/worker.h: cleaned up TLS
	code which was moved to tlslib

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: mtu cleanups

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/Makefile.am, src/config.c,
	src/cookies-gdbm.c, src/cookies-hash.c, src/cookies.c,
	src/cookies.h, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/vpn.h: gdbm was re-added and made optional.

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, src/sample.config: updated readme

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : updated

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h, src/worker-vpn.c, src/worker.h: Honour client's MTU
	choice.

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: removed warning

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : Added a description of the server

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, src/config.c, src/ipc.h, src/log.c, src/main-auth.c,
	src/main-resume.c, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/tun.c, src/tun.h, src/vpn.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: Use a single UDP port in the server.  Several modifications to use a single UDP port in the server. This
	is currently done using a hack, i.e., pass the UDP socket to worker,
	close it on the main server and then re-open it (using REUSEADDR).  Also several updates in TUN handling to allow more than one clients
	connecting.

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: removed unneeded warning

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/config.c, src/cookies.c,
	src/cookies.h, src/main-auth.c, src/main.c, src/main.h,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/sample.config, src/tlslib.c, src/tlslib.h, src/vpn.h: dropped
	dependency on gdbm. Cookies are stored in a hash.

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: corrected issue in utmp

2013-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed uneeded text

2013-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/main-auth.c,
	src/{main-script.c => main-user.c}, src/main.c, src/main.h,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/sample.config, src/vpn.h: Added explicit logging to UTMP file.

2013-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, gl/Makefile.am, gl/hash-pjw-bare.c,
	gl/hash-pjw-bare.h, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	src/Makefile.am, src/ccan/build_assert/build_assert.h,
	src/ccan/check_type/check_type.h,
	src/ccan/container_of/container_of.h, src/ccan/hash/hash.c,
	src/ccan/hash/hash.h, src/ccan/htable/htable.c,
	src/ccan/htable/htable.h, src/ccan/htable/htable_type.h,
	src/ccan/licenses/BSD-MIT, src/ccan/licenses/CC0,
	src/ccan/licenses/LGPL-2.1, src/ccan/list/list.c,
	src/ccan/list/list.h, src/hash.h, src/hashtable.h, src/list.h,
	src/main-auth.c, src/main-resume.c, src/main-script.c, src/main.c,
	src/main.h, src/tlslib.c, src/tlslib.h, src/tun.c, src/tun.h: Use
	CCAN hashes and lists.

2013-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: added fixme

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/log.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/vpn.h, src/worker-auth.c, src/worker-vpn.c: 
	corrected DTLS packet handling.

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.h, src/log.c, src/main.c, src/main.h, src/tlslib.h,
	src/vpn.h, src/worker-resume.c, src/worker.h: reorganized headers

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.h, src/ipc.h, src/main-auth.c, src/main-script.c,
	src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config, src/worker-auth.c: store
	hostname of the user, and pass it to scripts.

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: reply to the correct interface

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config, src/vpn.h, src/worker-vpn.c: 
	changes to enable VPN functionality.

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: be less verbose about children dying

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-script.c, src/main.h: call connect
	script with explicit lease

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h, src/worker-vpn.c: Send X-CSTP-Version and read
	hostname.

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/tlslib.c, src/tlslib.h, src/tun.h: deinitialize
	the TLS cache prior to fork

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: depend on the correct gnutls version

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing files

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/cookies.h, src/ipc.h, src/main.c: simplified
	call to expire cookies

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, TODO, aclocal.m4, config.h.in: updated

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Check for root permissions after parsing command line

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-script.c, src/main.c, src/tun.c: use close-on-exec flag
	on fds

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/cloexec.c, gl/cloexec.h, gl/close.c,
	gl/dup2.c, gl/fcntl.c, gl/fcntl.in.h, gl/fd-hook.c, gl/fd-hook.h,
	gl/getdtablesize.c, gl/m4/close.m4, gl/m4/dup2.m4,
	gl/m4/fcntl-o.m4, gl/m4/fcntl.m4, gl/m4/fcntl_h.m4,
	gl/m4/getdtablesize.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/off_t.m4, gl/m4/ssize_t.m4, gl/m4/stdbool.m4,
	gl/m4/sys_types_h.m4, gl/m4/unistd_h.m4, gl/msvc-inval.c,
	gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
	gl/stdbool.in.h, gl/sys_types.in.h, gl/unistd.c, gl/unistd.in.h: 
	added cloexec module

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-script.c, src/main.c, src/main.h: clear all fds and mem
	prior to exec

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/main-auth.c,
	src/main-script.c, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/vpn.h: Added connect and disconnect scripts

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: handle disconnections

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: print the pid of dying processes

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-resume.c: removed debugging info

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-resume.c, src/main.c, src/main.h, src/sample.config,
	src/tlslib.c, src/tlslib.h, src/worker-vpn.c: Added automatic TLS
	session expiration.

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-resume.c, src/worker-resume.c: reduce
	the number of data exchanged during a resumption.

2013-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Added missing file

2013-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, gl/Makefile.am, gl/hash-pjw-bare.c,
	gl/hash-pjw-bare.h, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/stdint.in.h, gl/sys_time.in.h, src/Makefile.am, src/hash.h,
	src/hashtable.h, src/{worker-auth.h => ipc.h}, src/list.h,
	src/main-auth.c, src/main-resume.c, src/main.c, src/main.h,
	src/tlslib.c, src/tlslib.h, src/vpn.h, src/worker-auth.c,
	src/worker-resume.c, src/worker-vpn.c, src/worker.h: Added session
	resumption to TLS server.

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: updated

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: updated config.h.in

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: use the full certificate DN if no username is
	set

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/vpn.h, src/worker-vpn.c: Added some primitive
	mtu handling

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/gettime.c, gl/gettimeofday.c, gl/m4/clock_time.m4,
	gl/m4/extern-inline.m4, gl/m4/gettime.m4, gl/m4/gettimeofday.m4,
	gl/m4/sys_socket_h.m4, gl/m4/sys_time_h.m4, gl/m4/time_h.m4,
	gl/m4/timespec.m4, gl/sys_time.in.h, gl/time.in.h, gl/timespec.c,
	gl/timespec.h: Added missing files

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/cookies.c, src/vpn.h: better name for db_file

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.h, src/main-auth.c, src/vpn.h, src/worker-auth.c,
	src/worker-auth.h: master secret doesn't need to be generated by the
	server

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/sample.config, src/vpn.h: set a
	maximum number of clients

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/sample.config: set a default priority string if
	not set.

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, src/worker-vpn.c: cleanups

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, aclocal.m4, gl/Makefile.am, gl/dummy.c,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, src/config.c,
	src/cookies.h, src/main-auth.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/vpn.h, src/worker-auth.c, src/worker-auth.h, src/worker-vpn.c: 
	Fixed UDP side.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-vpn.c: Allow a graceful shutdown.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.h, src/worker-vpn.c: Allow worker to received
	asynchronous commands from main.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/sample.config: chroot worker process

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing file

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: Added todo

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/Makefile.am, src/main-auth.c,
	src/pam.c, src/pam.h: Added PAM authentication.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/cookies.c, src/cookies.h,
	src/log.c, src/main-auth.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/tun.c, src/vpn.h, src/worker-auth.c, src/worker-auth.h,
	src/worker-vpn.c: several updates and fixes in auth

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/cookies.h, src/http_auth.h,
	src/main.c, src/tun.c, src/vpn.h, src/{http_auth.c =>
	worker-auth.c}, src/{vpn.c => worker-vpn.c}: better file structure

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: silence background operation

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: notify that root access is required

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: daemonize

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config: small updates. Added sample
	configuration.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main.c, src/vpn.c: Associate a gnutls session with
	the worker state ptr.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h: Read
	configuration file

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.c: make local option work

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, build-aux/compile: Added compile

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, Makefile.am, aclocal.m4, config.h.in, configure.ac,
	libopts/COPYING.gplv3, libopts/COPYING.lgplv3,
	libopts/COPYING.mbsd, libopts/MakeDefs.inc, libopts/Makefile.am,
	libopts/README, libopts/ag-char-map.h, libopts/alias.c,
	libopts/ao-strs.c, libopts/ao-strs.h, libopts/autoopts.c,
	libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/project.h, libopts/autoopts/usage-txt.h,
	libopts/boolean.c, libopts/check.c, libopts/compat/compat.h,
	libopts/compat/pathfind.c, libopts/compat/snprintf.c,
	libopts/compat/strchr.c, libopts/compat/strdup.c,
	libopts/compat/windows-config.h, libopts/configfile.c,
	libopts/cook.c, libopts/enum.c, libopts/env.c, libopts/file.c,
	libopts/find.c, libopts/genshell.c, libopts/genshell.h,
	libopts/libopts.c, libopts/load.c, libopts/m4/libopts.m4,
	libopts/m4/liboptschk.m4, libopts/makeshell.c, libopts/nested.c,
	libopts/numeric.c, libopts/parse-duration.c,
	libopts/parse-duration.h, libopts/pgusage.c, libopts/proto.h,
	libopts/putshell.c, libopts/reset.c, libopts/restore.c,
	libopts/save.c, libopts/sort.c, libopts/stack.c,
	libopts/streqvcmp.c, libopts/text_mmap.c, libopts/time.c,
	libopts/tokenize.c, libopts/usage.c, libopts/value-type.c,
	libopts/value-type.h, libopts/version.c, libopts/xat-attribute.c,
	libopts/xat-attribute.h, src/Makefile.am, src/config.c, src/main.c,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/vpn.h: use autogen for command line options

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/http_auth.c, src/main.c, src/vpn.c, src/vpn.h: better notation

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.c: Allow a certain number of requests to the HTTP server

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/cookies.h, src/http_auth.c, src/http_auth.h,
	src/log.c, src/main.c, src/vpn.c, src/vpn.h: server_st -> worker_st

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: bring up tun interface

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: initialize memory

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/http_auth.c, src/main.c, src/tun.c,
	src/tun.h, src/vpn.c, src/vpn.h: Provide client with normal leased
	IPs.

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main.c, src/tun.c, src/tun.h, src/vpn.h: use const

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/vpn.c, src/vpn.h: main server keeps list of client
	IPs

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* main.c, src/http_auth.c, src/main.c, src/tun.c, src/tun.h,
	src/vpn.c, src/vpn.h: updated

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/main.c, src/tun.c, src/tun.h: separated tun
	code from main

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, build-aux/snippet/arg-nonnull.h,
	build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h: Added
	missing files

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/{auth.c => http_auth.c},
	src/{auth.h => http_auth.h}, src/main.c, src/vpn.c, src/vpn.h: 
	updated server.

2013-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* main.c: Added missing file

2013-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* root/index.xml, root/login.xml, src/auth.c, src/auth.h, src/vpn.c: 
	Fixed connection issue with new openconnect client.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, src/main.c, src/vpn.c: small fixes

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/main.c, src/vpn.h: Allow dropping privileges

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/vpn.c: set configured addresses to tun device.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth.c, src/tlslib.h, src/vpn.c: tls_print -> tls_puts to
	distinguish from printf

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth.c, src/auth.h, src/main.c, src/vpn.c, src/vpn.h: 
	preliminary configuration for networks.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/auth.c, src/common.h, src/cookies.c,
	src/log.c, src/main.c, src/tlslib.c, src/vpn.c, src/vpn.h: Added
	internal logging subsystem.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, AUTHORS, COPYING, ChangeLog, INSTALL, Makefile,
	Makefile.am, NEWS, README, aclocal.m4, build-aux/depcomp,
	build-aux/install-sh, build-aux/missing, config.h.in, configure.ac,
	gl/Makefile.am, gl/dummy.c, gl/m4/00gnulib.m4, gl/m4/extensions.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/include_next.m4,
	gl/m4/longlong.m4, gl/m4/memchr.m4, gl/m4/memmem.m4,
	gl/m4/mmap-anon.m4, gl/m4/multiarch.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/string_h.m4, gl/m4/warn-on-use.m4,
	gl/m4/wchar_t.m4, gl/memchr.c, gl/memchr.valgrind, gl/memmem.c,
	gl/stddef.in.h, gl/stdint.in.h, gl/str-two-way.h, gl/string.in.h,
	src/Makefile.am, src/auth.c, src/cookies.c, src/main.c,
	src/tlslib.c, src/vpn.c: Added automake/autoconf system

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* auth.c => src/auth.c, auth.h => src/auth.h, common.h =>
	src/common.h, cookies.c => src/cookies.c, cookies.h =>
	src/cookies.h, {http-parser => src/http-parser}/http_parser.c,
	{http-parser => src/http-parser}/http_parser.h, list.h =>
	src/list.h, main.c => src/main.c, tlslib.c => src/tlslib.c,
	tlslib.h => src/tlslib.h, vpn.c => src/vpn.c, vpn.h => src/vpn.h: 
	Moved sources

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* vpn.c, vpn.h: better handling of headers.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* auth.c, cookies.h, main.c, vpn.h: extract username from
	certificate.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* vpn.c: removed unused code

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile, auth.c, auth.h, common.h, cookies.c, cookies.h,
	http-parser/http_parser.c, http-parser/http_parser.h, list.h,
	main.c, root/index.xml, root/login.xml, tlslib.c, tlslib.h,
	server.c => vpn.c, vpn.h: updated server

2013-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile: a.out -> server Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile, server.c: updated for gnutls Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-01-04  David Woodhouse <David.Woodhouse@intel.com>

	* Initial import of test hack Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

