2015-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2015-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: ip-lease: use 128 as prefix in local IP

2015-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-common.sh,
	tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-debian-unix, tests/full-test,
	tests/radius-test, tests/unix-test: tests: updated for new IPv4
	assignment

2015-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: manpage: generate a DER PKCS #12 file

2015-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/ip-lease.c, src/main-resume.c: 
	avoid using the IPv4 network address as tun address, and simplify
	valid address checking

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: ip-lease: fixed hash value for IPv6 leases This corrects the unique check for assigned IPv6 addresses.

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test, tests/radius-test: tests: fix pings to IPv6
	addresses for the new tun address

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: In IPv6 use the network address + 1 as the tun
	address

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/ocserv-radius.conf,
	tests/docker-ocserv/radius-clients.conf, tests/radius-test: 
	radius-test: completed test

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix,
	tests/docker-ocserv/ocserv.conf, tests/full-test, tests/unix-test: 
	full/unix-test: updated for new IP assignments

2015-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, src/tun.c: Linux ipv6: assign route to the remote
	IP

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: force relative names on the socket file to allow it
	being accessible from main and workers

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: use seccomp where it is available

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use IPV6_V6ONLY flag only when defined

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/system.c: use headers for clone() only when ENABLE_LINUX_NS is
	defined

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: added missing file

2015-02-14  Stuart Henderson <stu@spacehopper.org>

	* src/main.h: header/macro fix for OpenBSD Signed-off-by: Stuart Henderson <stu@spacehopper.org>

2015-02-14  Stuart Henderson <stu@spacehopper.org>

	* src/tun.c: correct byte-order for tun header Signed-off-by: Stuart Henderson <stu@spacehopper.org>

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: use writev() and readv() for tun_read/write in OpenBSD

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c, src/tun.h, src/worker-vpn.c: Handle OpenBSD's
	additional tun header

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: oc_recvfrom_at: correctly set *addrlen

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main.c: Set blocking mode to fd
	returned by accept That addresses issues in OpenBSD where the fd is set to non blocking
	when the accept's fd is non blocking.

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: added missing colon

2015-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: Attempted to simplify the BSD tun handling code

2015-02-13  Stuart Henderson <stu@spacehopper.org>

	* src/tun.c: BSD patches for ocserv Iterate over tunXX devices, for BSDs that can't just open /dev/tun
	to retrieve the "next available tun".  This is just copied with minor changes from openconnect/src/tun.c, Signed-off-by: Stuart Henderson <stu@spacehopper.org>

2015-02-13  Stuart Henderson <stu@spacehopper.org>

	* src/common.c, src/system.c, src/tun.c: BSD patches for ocserv Hi Nikos, here are patches for a couple of issues which are stopping
	ocserv from building on OpenBSD (and might be causing problems on
	other OS too).  There's a bit more to do for OpenBSD, it does need
	the iteration as done in openconnect's tun.c:405-410, I might have
	another diff for that later.  Signed-off-by: Stuart Henderson <stu@spacehopper.org>

2015-02-13  Joerg Mayer <jmayer@loplof.de>

	* tests/ocpasswd-test: Fix one of the places where "make distcheck"
	fails: In case of success ocpasswd-test should not leave the last
	test output lying around Signed-off-by: Joerg Mayer <jmayer@loplof.de>

2015-02-13  Joerg Mayer <jmayer@loplof.de>

	* src/Makefile.am: Fix out of tree build.  Signed-off-by: Joerg Mayer <jmayer@loplof.de>

2015-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile-fedora-radius: tests: updated
	radius-test for fedora

2015-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/ipc.proto, src/main-auth.c, src/main-misc.c,
	src/main.h, src/sec-mod-auth.c: when opening a session forward the
	received cookie to sec-module That allows to verify that the cookie hasn't been tampered without
	relying only on the MAC.

2015-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/sec-mod.h: added seclog_hex

2015-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def: no longer
	document the auth option certificate[optional]

2015-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/ocserv-args.def: doc update

2015-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c, src/common.h, src/icmp-ping.c, src/icmp-ping.h,
	src/ip-lease.c: always assign the first network address as PtP
	address

2015-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: check the explicit IP addresses for existence in
	our leases

2015-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/user-config-explicit/test2,
	tests/user-config-explicit/test4: test-explicit-ip: Modified illegal
	checks for the new illegal addresses

2015-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: reserve the first address of the network to be set
	as the local part in our tun devices That is used only when explicit IP addresses are set. That way we
	don't need to separate addresses into odd and even.

2015-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/proc-search.c, src/proc-search.h: Added
	failure codes for proc_table_add()

2015-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main.h, src/proc-search.c, src/proc-search.h: 
	added hash table to search via 'real' SID

2015-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/main.h, src/proc-search.c, src/proc-search.h: 
	correctly renamed DTLS ID search functions

2015-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, src/ocserv-args.def, tests/Makefile.am,
	tests/test-explicit-ip, tests/test-explicit-ip.config,
	tests/user-config-explicit/test, tests/user-config-explicit/test2,
	tests/user-config-explicit/test3, tests/user-config-explicit/test4: 
	Added implicit accounting when explicit addresses are specified Only odd IP addresses can now explicitly be set, so that the next
	even address can be used as the local one.

2015-02-08  Kevin Cernekee <cernekee@gmail.com>

	* src/ip-lease.c: Use distinct remote and local IPs when
	explicit_ipv[46] is specified Currently the code sets the local interface IP to the same value as
	the P-t-P IP: tun0      Link encap:UNSPEC  HWaddr
	          00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet
	          addr:192.168.63.1  P-t-P:192.168.63.1  Mask:255.255.255.0 UP
	          POINTOPOINT RUNNING NOARP MULTICAST  MTU:1341  Metric:1 RX packets:0
	          errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0
	          dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B) This doesn't seem to get things routed correctly.  e.g. pinging
	192.168.63.1 from the ocserv gateway just loops traffic back to the
	local machine instead of pinging the client.  So instead we'll set LIP = RIP + 1.  This isn't terribly intuitive
	(an administrator might try to number consecutive users 192.168.1.1,
	192.168.1.2, 192.168.1.3, ...) but it's better than the current
	situation.  Maybe at some point, fixed IPs should also make use of
	the hash table.

2015-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-db.c: set cookie to expire when the last user
	disconnects

2015-02-08  Kevin Cernekee <cernekee@gmail.com>

	* src/config.c: config: Use talloc_free() to free "route" strings Adding redundant routes triggers a glibc assertion on startup.  The
	offending config file contained:     route = 192.168.1.0/255.255.255.0     route = default The assertion:     # ./src/ocserv -c ocserv.conf -f     *** Error in `./src/ocserv': munmap_chunk(): invalid pointer:
	    0x0000000001703470 *** Aborted (core dumped) Fix this by calling the correct free() function.

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: document explicit-ipv?

2015-02-08  Kevin Cernekee <cernekee@gmail.com>

	* src/sup-config/file.c: Allow explicit-ipv4 / explicit-ipv6
	addresses in per-user config files If a machine is running remotely accessible services, it can be
	helpful to assign a fixed IP address upon connection.

2015-02-08  Kevin Cernekee <cernekee@gmail.com>

	* src/main.c: main: Check chdir() return value This fixes:     main.c: In function ‘main’:     main.c:1025:8: warning: ignoring return value of ‘chdir’,
	       declared with attribute warn_unused_result [-Wunused-result]
	chdir(s->config->chroot_dir);             ^

2015-02-08  Kevin Cernekee <cernekee@gmail.com>

	* src/main.c: main: Fix unused variable warning on !HAVE_LIBSYSTEMD
	builds This fixes:       CC       main.o     main.c: In function ‘listen_ports’:     main.c:276:11: warning: unused variable ‘fds’
	      [-Wunused-variable] int ret, fds;                ^

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/main-auth.c, src/main-misc.c,
	src/main.c, src/main.h, src/sec-mod-auth.c: eliminate double books
	for session expiration Session expiration is now handled only by security module. That
	simplifies the logic significantly.

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: delete client entry after message is sent

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c: Before allowing the steal of leases, check that
	usernames match

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.h: corrected typo

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/main-auth.c, src/main-misc.c: 
	when we detect user disconnection, set the proper expiration time on
	their cookies

2015-02-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-cookie-timeout: test-cookie-timeout: verify that a
	forced kill will not alter the cookie's validity

2015-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2015-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: be explicit that dbus support is incomplete

2015-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ctl.proto, src/ipc.proto,
	src/main-auth.c, src/main-ctl-unix.c, src/main-misc.c,
	src/occtl-unix.c, src/ocserv-args.def, src/sup-config/file.c,
	src/vpn.h, src/worker-auth.c, src/worker-misc.c, src/worker-vpn.c,
	src/worker.h: Added support for no-routes (X-Split-Exclude)

2015-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: only use libseccomp in x86 (64) and ARM

2015-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated package dependencies

2015-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-broken-seccomp.c: Revert "tests:
	added test for broken seccomp" This reverts commit 889d6ba0b7ffdc7b38086e80654e21ca7e515944.

2015-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-broken-seccomp.c: Revert "tests: only run the seccomp
	check if it was enabled" This reverts commit 00a2caee368cacc59be963288f705070b2c54a80.

2015-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: seccomp: allow _newselect since it is called
	in x86 instead of select

2015-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: specify that experimental are not
	recommended

2015-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2015-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: rearrange supported options

2015-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-broken-seccomp.c: tests: only run the seccomp check if
	it was enabled

2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-broken-seccomp.c: tests: added test
	for broken seccomp

2015-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cookie-timeout.config: tests: added missing file

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: ask for libfreeradius-client 1.1.7

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-pass, tests/test1.passwd: tests: check for empty
	password support

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-ban.c: sec-mod: use ctime() to print the ban list
	expiration time

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: sec-mod: pass all failures through
	handle_sec_auth_res() That will set the proper state to the user entry.

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: worker: allow empty passwords

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c, src/sec-mod.h, src/system.c: moved LOG_DEBUG messages
	to debug level 3 or higher

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: moved some debugging messages into http level

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/docker-common.sh,
	tests/docker-ocserv/Dockerfile-debian-radius,
	tests/docker-ocserv/Dockerfile-fedora-radius,
	tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/freeradius-users,
	tests/docker-ocserv/ocserv-radius.conf,
	tests/docker-ocserv/radius-clients.conf,
	tests/docker-ocserv/radiusclient-servers,
	tests/docker-ocserv/radiusclient.conf, tests/full-test,
	tests/radius-test, tests/unix-test: tests: added radius test

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cookie-timeout, tests/test-cookie-timeout-2,
	tests/test-multi-cookie: tests: made pid file names unique

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/sec-mod-db.c, src/sec-mod.h, src/vpn.h,
	src/worker-auth.c: harmonize the time cookies are stored in security
	module and main server

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-cookie-timeout-2,
	tests/test-cookie-timeout-2.config: tests: added check to ensure
	that cookies remain valid during all session time

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-cookie-timeout: tests: check whether
	the expiration time in cookies in checked

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-multi-cookie: test-multi-cookie: corrected test

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : updated design documents

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.radius: account freeradius-client version 1.1.7 in
	README.radius.

2015-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2015-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: enable min-reauth-time in
	default configuration

2015-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/plain.c, src/auth/radius.c: enforce the actual number of
	MAX_TRIES in authentication

2015-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: added gperf a development dependency

2015-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-dbus.c: occtl: corrected sending of dbus msgs

2015-01-24  Aron Xu <aron@debian.org>

	* doc/systemd/socket-activated/ocserv.service,
	doc/systemd/standalone/ocserv.service: Run after
	network-online.target, instead of network.target Signed-off-by: Aron Xu <aron@debian.org>

2015-01-24  Aron Xu <aron@debian.org>

	* doc/systemd/socket-activated/ocserv.service,
	doc/systemd/standalone/ocserv.service: Remove syslog.target from
	systemd service files syslog is now socket-activated on all major distributions, hence the
	target is deprecated.  Signed-off-by: Aron Xu <aron@debian.org>

2015-01-24  Aron Xu <aron@debian.org>

	* doc/systemd/socket-activated/ocserv.service,
	doc/systemd/standalone/ocserv.service: Run in foreground when using
	systemd Signed-off-by: Aron Xu <aron@debian.org>

2015-01-24  Aron Xu <aron@debian.org>

	* configure.ac, src/Makefile.am, src/main.c: Replace
	LIBSYSTEMD_DAEMON with LIBSYSTEMD Signed-off-by: Aron Xu <aron@debian.org>

2015-01-24  Aron Xu <aron@debian.org>

	* doc/systemd/socket-activated/ocserv.socket: Listen to Port 443 as
	in sample.config Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-01-24  Aron Xu <aron@debian.org>

	* src/main-ctl-dbus.c: Update call parameters of str_init() for
	--with-dbus Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2015-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker: calculate MTU prior to sending IPv6
	addresses That way we can disable IPv6 if the calculated MTU size is less than
	the allowed by IPv6.

2015-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: include http-heads.h into ocserv's sources

2015-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.9.0

2015-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update

2015-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/system.c: properly disable safe_fork

2015-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: corrected isolate-workers typo

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/ocpasswd.c: ocpasswd: attempt to use sha2crypt
	only in glibc uclibc's crypt(3) is so dumb it will not error if $5$ is specified
	as salt, but not supported.

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocpasswd.c: ocpasswd: corrected fallback to MD5 crypt

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/ocserv-unix.conf: tests: enable compression in
	the unix test

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: disable linux namespaces by default

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/system.c, src/system.h: only define safe_fork() in systems
	with linux namespaces

2015-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-unix.c, src/sec-mod.c, src/system.c, src/system.h: 
	silence debugging messages from sec-mod when not in debug

2015-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-http.c, src/worker-vpn.c, src/worker.h: move more
	http-related functions to worker-http

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/lzs.c, src/lzs.h: updated copyright information in LZS code

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-http.c: combined parsing of CSTP and DTLS encoding

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/http-heads.gperf, src/worker-http.c,
	src/worker.h: Replace header_check() mess with a gperf table

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/worker-extras.c, src/worker-http.c,
	src/worker-vpn.c, src/worker.h: Moved HTTP parts of worker to
	worker-http.c

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.def,
	src/vpn.h, src/worker-extras.c: Compression is disabled by default

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/lzs.h: lzs.h: added license

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/lzs.c, src/lzs.h, src/worker-extras.c: Added
	support for LZS

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def, src/vpn.h: increased
	MIN_NO_COMPRESS_LIMIT

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-fedora-tcp: tests: install lz4 on
	docker images

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: fixed compression to use the correct start of
	buffer

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: only enforce undumpable if we are not debugging

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/ipc.proto, src/main-ctl-unix.c,
	src/main-misc.c, src/main.h, src/occtl-unix.c, src/worker-vpn.c: 
	report the compression algorithms to occtl

2015-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-vpn.c: Made the no-compress-limit configurable

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-extras.c, src/worker-vpn.c: Allow compression to fail,
	and in that case send uncompressed packets That allows to cancel compression early, if it seems to expand the
	packet. Suggested by David Woodhouse.

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: only transmit a compressed packet, if it reduces
	the size

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-extras.c: 
	added option to disable compression

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-extras.c, src/worker-vpn.c, src/worker.h: Moved
	negotiation/parsing of parameters using HTTP headers to
	worker-extras.c

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/vpn.h, src/worker-vpn.c,
	src/worker.h: Added support for LZ4 compression

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: corrected typo

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/main.c, src/ocserv-args.def,
	src/vpn.h, src/worker-vpn.c: replaced use-seccomp by isolate-workers That, if enabled, includes the Linux namespaces restrictions into
	workers.

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: reorganized to avoid compiler warnings

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/system.c: include linux/sched.h to compile on
	systems with older libc

2015-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/system.c: remove the CLONE_NEWNET isolation option as it's
	performance cost is too high

2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: typo fix

2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/haproxy.cfg: tests: remove all error file
	references from haproxy.cfg These files don't exist in Fedora.

2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/config.c, src/main.c, src/system.c,
	src/system.h: In linux run the server in it's own container with
	separate IPC and PID namespace

2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-common.sh: tests: attempt to use lockfile-create if
	it exists

2015-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/system.c, src/system.h, src/worker-vpn.c: do not allow the
	processes to be traced in linux That would prevent a worker process tracing one from another user.

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c, src/worker-vpn.c: removed unneeded variable

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: corrected check for non-empty pull buffer

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c: prevent a memory leak when multiple fds are
	received in short time

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-unix.c: occtl: re-arranged user-agent and MTU printing

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-dbus.c, src/occtl-unix.c: added more precise match of
	version

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c, src/main-auth.c, src/main-misc.c: avoid repeating
	username in logs

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: do not enforce PFS on
	default strings That allows legacy clients connect.

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-misc.c, src/worker-vpn.c, src/worker.h: 
	simplified DTLS fd handling and dtls_pull()

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-misc.c: always forward the first message
	when forwarding fd

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/main.c: cleanups

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: only set IPV6_RECVPKTINFO on IPv6 sockets

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main.c: simplified
	forward_udp_to_owner() by introducing oc_recvfrom_at()

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/main-ctl-unix.c, src/main-misc.c, src/main.h,
	src/occtl-unix.c: save MTU in main, and report it to occtl

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main.c, src/worker-misc.c, src/worker-vpn.c,
	src/worker.h: bind to the address we received UDP on That in addition allocates a new UDP socket per client, and forwards
	the initial client hello to the worker process as auxillary data.
	That, eliminates the need to re-open the main server's UDP socket
	per client connection.

2015-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: when compiling with gnutls 3.3.5 or later use
	the zero copy recv API

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/radius.c: radius: added safety checks in the parsing of
	Framed-IPv6-Prefix

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/radius.c: radius: use separate types for ipv4 and ipv6

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: set seccomp as enabled by default

2015-01-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c: radius: handle Framed-IPv6-Prefix as routes to
	add

2014-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/config.c, src/ocserv-args.def: 
	Allow prefixes in specifying the IPv4 network

2014-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Disable route and DNS assignment in IPv6 for
	non-openconnect clients That is because anyconnect clients can handle the assignment of an
	IPv6 address, but cannot handle routes or DNS in IPv6.  So we
	disable IPv6 after an IP is assigned.

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile-fedora-unix: dockerfile: added
	missing haproxy

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def,
	src/sup-config/file.c, src/vpn.h: simplify the input of IPv6
	networks The prefix is specified as part of the network.

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.radius, src/auth/radius.c, src/auth/radius.h,
	src/ocserv-args.def, src/sup-config/radius.c: radius: added support
	for Framed-IPv6-Prefix

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: print IPv6 netmask only when in non-full mode Also use the network address if available to print netmask.

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: bail out if use-seccomp is set to true but there is
	no seccomp capability

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: tests: enabled nuttcp when running in Fedora

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/docker-common.sh,
	tests/docker-ocserv/Dockerfile-debian-tcp,
	tests/docker-ocserv/Dockerfile-debian-unix,
	tests/docker-ocserv/Dockerfile-fedora-tcp,
	tests/docker-ocserv/Dockerfile-fedora-unix,
	tests/docker-ocserv/Dockerfile-tcp,
	tests/docker-ocserv/Dockerfile-unix,
	tests/docker-ocserv/Makefile.am, tests/full-test, tests/unix-test: 
	full-test, unix-test: modified to operate in Fedora as well That also enables a check for ping in the IPv6 address.

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: Added protobuf-c dependency

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/ocserv-unix.conf,
	tests/docker-ocserv/ocserv.conf, tests/unix-test: tests: separated
	the address ranges on full and unix tests and added IPv6 addresses

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: send the Netmask when an IPv6 Address is
	assigned

2014-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: IPv6 fixes in ip-lease Issue discovered and fixed by sskaje.

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: use libsystemd instead of systemd-daemon

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: enable IPv6 in Anyconnect clients, and send the
	prefix

2014-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c: Do print error when pam_authenticate or
	pam_acct_mgmt fail

2014-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.radius: doc update

2014-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: override the default ipv6_prefix only if
	ipv6_prefix is set

2014-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: the default strings will
	enforce PFS

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c: radius: optimize "parse" of route

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.radius, src/auth/radius.c, src/auth/radius.h,
	src/sup-config/radius.c: radius: use Framed-Route and
	Framed-IPv6-Route That is read and if format is the expected, they are forwarded to
	client.

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c, src/auth/plain.c, src/auth/radius.c: more
	strlcpy() related changes

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-misc.c, src/sec-mod-auth.c: ensure that
	stats are only updated if they increase That is, transferred bytes will not decrease in an update due to
	miscommunication between main and workers.

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/common.c, src/common.h, src/config.c,
	src/main-auth.c, src/main-ctl-unix.c, src/main-misc.c,
	src/main-user.c, src/main.c, src/sec-mod-auth.c, src/sec-mod-ban.c,
	src/sec-mod-db.c, src/sec-mod.c, src/tlslib.c, src/tun.c,
	src/worker-auth.c: use strlcpy() instead of snprintf() where it make
	sense That should reduce wasted cycles.

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c, src/auth/radius.c, src/auth/radius.h,
	src/ipc.proto, src/main-misc.c, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/sec-mod.h, src/worker-vpn.c, src/worker.h: 
	radius: increase the info sent during accounting requests Based on suggestions by Niels Peen. That adds: Calling-Station-Id in
	auth message, and Service-Type, Framed-Protocol, Framed-IP-Address,
	Acct-Authentic, NAS-Port-Type, Acct-Session-Time in acct messages.

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: removed unused option

2014-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c: removed redundant checks

2014-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: check for a suitable freeradius-client

2014-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/radius.c, src/auth/radius.h: simplify radius usage

2014-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, doc/README.radius: updated radius documentation

2014-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README, doc/Makefile.am, doc/README.radius: Added README.radius

2014-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: first set amod and then use it That fixes a crash with PAM module on startup.  Reported by Ismail
	Donmez.

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-sup-config.c: do not utilize radius symbols if radius
	is disabled Reported by Ismail Donmez

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 3307793e3474678516c85279521bc74f5095171e Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Wed Dec 10 19:55:12 2014
	+0100

2014-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/sec-mod-auth.c, src/sec-mod.c, src/sec-mod.h: 
	undid ed5b177691d52c1c5417ef802854e26c9dd5d4f4 It is not currently possible to reload only a part of the
	configuration. If the back-end module changes, the server will bail
	out instead.

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: sec-mod: always reply on open-session cmd

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: avoid crash when no auth module is in use

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/sec-mod.c, src/sec-mod.h: sec-mod:
	preparations for thread safety

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/sec-mod.c: sec-mod: separated request
	serving from main loop

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README, doc/sample.config, src/ocserv-args.def: updated
	documentation on radius

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: updated todo list

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/auth/pam.c, src/auth/radius.c,
	src/auth/radius.h, src/common.c, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/sec-mod.c, src/sec-mod.h: Added support for
	radius interim updates

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ipc.proto, src/ocserv-args.def, src/sec-mod.c,
	src/sec-mod.h, src/vpn.h, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: added option to send statistics periodically to
	sec-mod

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: authentication information is only read on load

2014-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/Makefile.am, src/auth/radius.c,
	src/auth/radius.h, src/config.c, src/ocserv-args.def,
	src/sec-mod-sup-config.c, src/sec-mod-sup-config.h,
	src/sup-config/radius.c, src/sup-config/radius.h, src/vpn.h: Added
	support for reading user configuration from radius.

2014-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, doc/sample.config, src/Makefile.am,
	src/auth/common.c, src/auth/common.h, src/auth/plain.c,
	src/auth/radius.c, src/auth/radius.h, src/config.c, src/main.h,
	src/ocserv-args.def, src/sec-mod-auth.c, src/sec-mod-auth.h,
	src/sec-mod.c, src/sec-mod.h, src/vpn.h: Added support for radius
	authentication

2014-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/common.h, src/config.c, src/ip-lease.c,
	src/ipc.proto, src/main-auth.c, src/main-misc.c,
	src/main-sup-config.c, src/main-sup-config.h, src/main.c,
	src/main.h, src/ocserv-args.def, src/sec-mod-auth.c,
	src/sec-mod-sup-config.c, src/sec-mod-sup-config.h, src/sec-mod.c,
	src/sec-mod.h, src/sup-config/file.c, src/sup-config/file.h,
	src/vpn.h: Supplementary configuration is now read by the security
	module.  That allows sec-mod to handle both authentication and accounting.
	That deprecates the session-control configuration option.

2014-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.h, src/config.c, src/ip-lease.c, src/main-auth.c,
	src/sup-config/file.c, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c: deprecated ipv6_netmask

2014-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: call disconnect script only if the user was on
	connected state

2014-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: separate log messages between up and down script

2014-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test, tests/unix-test: tests: satisfy latest docker's
	restrictions

2014-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test, tests/unix-test: tests: try to check stats only
	when file is present

2014-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: run the down script even if the client's IP
	address has been re-used

2014-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/sec-mod-ban.c, src/sec-mod-db.c,
	src/sec-mod.c, src/sec-mod.h: sec-mod: made logging consistent with
	the main server

2014-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-vpn.c: Notify the client that the server may have a
	dynamic DNS address That is send "X-CSTP-DynDNS: true", in CSTP headers if the server is
	configured as having a dynamic DNS address.

2014-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/auth/plain.c, src/ocpasswd.c: use define
	_XOPEN_SOURCE to get crypt()

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: sec-mod: print whether a certificate is
	present

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: enhanced sample.config

2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: forward to gnutls manual for priority string
	documentation

2014-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.8

2014-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: use TCP_NOPUSH in systems that support it (FreeBSD)

2014-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: Disable RC4 in the default
	priority strings

2014-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: when generating the DTLS session ID set its size
	as well

2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/worker.h: added oclog_hex()

2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-auth.c, src/sec-mod-auth.c: Generate a new
	DTLS session ID on every cookie connection That allows openconnect to distinguish when the DTLS key has
	switched.

2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c: print the username earlier in log

2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: improved logged messages

2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: advertise a new DTLS session only when it is one

2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-misc.c, src/worker.h: partially reverted
	b924eba1acd0a9159d1a938509475174b10644ef The timeouts were reset to the original values.

2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: disable matching of IPs when the listen-clear-file
	option is set

2014-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/worker-misc.c, src/worker-vpn.c, src/worker.h: 
	reduced the severity of log messages when forwarding packets and
	reduced the timeouts

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: when reporting errors, mention the username of the
	relevant client

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: corrected typo

2014-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h: increased the SID_SIZE (cookie used during
	authentication phase) to 128 bits

2014-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h, src/occtl-dbus.c, src/occtl-unix.c, src/vpn.h,
	src/worker-vpn.c: send session information from worker to parent
	twice That allows to account changes after DTLS is established (e.g., send
	the DTLS ciphersuite name).

2014-10-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: TODO update

2014-10-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/main-auth.c, src/main-misc.c, src/main.c,
	src/main.h, src/proc-search.c, src/proc-search.h: use hash tables to
	locate proc entries That would avoid a walk on all connected clients, when a new UDP
	session starts.

2014-10-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: when selecting a DTLS ciphersuite try to ensure
	it matches the CSTP

2014-10-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: remove the disable safe renegotiation flag from
	DTLS

2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: updated synopsis

2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.7

2014-10-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: use 3des-pkcs12 in the documentation for the
	generation of PKCS #12 structures That format seems to be compatible with more clients (e.g.
	Anyconnect).

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: disable SSL 3.0 on the
	default priorities

2014-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: disabled session control by default in
	sample.config

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: only enable session control when a username/password
	authentication is used

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: Added sanity checks into sec-mod That prevents a crash when certificate authentication is used but
	session control is enabled. Reported by George Panda.

2014-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: enable non-blocking DTLS timers

2014-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: removed no longer relevant todo entries

2014-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: corrected typo

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: changes for non-blocking sockets

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main.c, src/tlslib.c,
	src/worker-misc.c, src/worker-vpn.c: use non-blocking sockets in
	worker process

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main.c: added set_non_block()

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: corrected typo

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: released 0.8.6

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.h: simplified FATAL_ERR_CMD()

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/tlslib.c, src/tlslib.h: added
	recv_timeout() to replace force_read_timeout() in socket reading

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/worker-vpn.c: cleanup of cstp_recv() and
	cstp_recv_nb()

2014-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/Makefile.am, libopts/ag-char-map.h, libopts/ao-strs.c,
	libopts/ao-strs.h, libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/usage-txt.h, libopts/compat/_Noreturn.h,
	libopts/genshell.c, libopts/genshell.h, libopts/intprops.h,
	libopts/m4/libopts.m4, libopts/m4/stdnoreturn.m4,
	libopts/option-value-type.c, libopts/option-value-type.h,
	libopts/option-xat-attribute.c, libopts/option-xat-attribute.h,
	libopts/parse-duration.c, libopts/proto.h,
	libopts/stdnoreturn.in.h, libopts/version.c: updated to libopts
	5.18.4

2014-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.5

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/tun.c: eliminated last uses of force_close()

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.h, src/main-ctl-unix.c, src/main-misc.c, src/main.c: 
	Revert "use force_close() on server to avoid descriptor leaks" This reverts commit f622f6696c3b3a5fc8ffc39c4d5db2322c78c7c2.

2014-09-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.def,
	tests/docker-ocserv/ocserv-unix.conf: listen-file ->
	listen-clear-file

2014-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.def,
	tests/docker-ocserv/ocserv-unix.conf: unix-conn-file -> listen-file

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c, src/main.h, src/sec-mod-auth.c,
	src/sec-mod.c, src/sec-mod.h: use more reasonable names to open and
	close a session

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: override the user's group prior to opening the
	group configuration file That prevented opening group configuration for users that had their
	group in a certificate. Reported by Norbert Paschedag.

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/ocserv-args.def, tests/Makefile.am,
	tests/test-pass-opt-cert.config: optional-certificate was renamed to
	certificate[optional]

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: allow positive values to waitpid

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: increased the verbosity of shutdown messages

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-pass-opt-cert,
	tests/test-pass-opt-cert.config, tests/user-config-opt/test: Added
	self-tests for optional certificate authentication

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ipc.proto, src/main-auth.c,
	src/ocserv-args.def, src/sec-mod-auth.c, src/sec-mod.h,
	src/sup-config/file.c, src/vpn.h, src/worker-auth.c, src/worker.h: 
	added new authentication mode optional-certificate That mode allows having only specific group of users that are
	required to present a certificate.

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vasprintf.c: replaced vasprintf() with correct variant

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* COPYING, src/auth/pam.c, src/auth/plain.c, src/common.c,
	src/config.c, src/cookies.c, src/html.c, src/icmp-ping.c,
	src/ip-lease.c, src/log.c, src/main-auth.c, src/main-ctl-dbus.c,
	src/main-ctl-unix.c, src/main-misc.c, src/main-resume.c,
	src/main-sup-config.c, src/main-user.c, src/main.c,
	src/occtl-args.def, src/occtl-cache.c, src/occtl-dbus.c,
	src/occtl-nl.c, src/occtl-pager.c, src/occtl-unix.c, src/occtl.c,
	src/ocpasswd-args.def, src/ocpasswd.c, src/ocserv-args.def,
	src/route-add.c, src/sec-mod-auth.c, src/sec-mod-ban.c,
	src/sec-mod-db.c, src/sec-mod.c, src/setproctitle.c,
	src/sup-config/file.c, src/system.c, src/tlslib.c, src/tun.c,
	src/worker-auth.c, src/worker-bandwidth.c, src/worker-extras.c,
	src/worker-misc.c, src/worker-privs.c, src/worker-resume.c,
	src/worker-vpn.c: Revert "license upgraded to GPLv3" This reverts commit 213f9a63ee60192c5bb086c3c970c4644e55f459.  Conflicts: 	configure.ac

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/docker-ocserv/Dockerfile,
	tests/docker-ocserv/Dockerfile-tcp,
	tests/docker-ocserv/Dockerfile-unix,
	tests/docker-ocserv/Makefile.am, tests/docker-ocserv/combo.pem,
	tests/docker-ocserv/haproxy.cfg,
	tests/docker-ocserv/ocserv-unix.conf, tests/full-test,
	tests/unix-test: added test for unix socket operation

2014-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Allow disabling the TCP port completely

2014-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/ocserv-args.def: doc update

2014-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: do not allow the combination of
	AUTH_TYPE_CERTIFICATE and unix-conn-file

2014-09-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: allow the group owner of the connection socket to
	access it

2014-09-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/main.c, src/main.h,
	src/ocserv-args.def, src/tlslib.c, src/tlslib.h, src/vpn.h,
	src/worker-auth.c, src/worker-extras.c, src/worker-vpn.c,
	src/worker.h: Allow the CSTP layer to operate without TLS That also introduces a unix domain socket under which connections to
	the server can occur.

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: corrected tun device closing order for BSD systems

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h, src/main-ctl-unix.c, src/main-misc.c, src/main.c: 
	use force_close() on server to avoid descriptor leaks

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.h, src/tun.c: ensure that in all cases
	the tun fd is closed

2014-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: when a UDP packet error occurs print the IP of the
	packet

2014-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: fail when a tun device has no name

2014-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: updated comment

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c: reduced the severity of debug messages

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c: added more debugging messages in pam module

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c: pam messages made more specific

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-auth.c, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c, src/worker-vpn.c: send the IPv6 netmask in a
	compatible with cisco servers way

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: In IPv6 send the prefix instead of the netmask That allows vpnc-script in windows to apply the correct settings.

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: TODO: updated

2014-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: modified rx test to an occtl test

2014-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl-unix.c,
	src/worker-vpn.c: Revert "print the per-user RX and TX bytes from
	occtl" This reverts commit ecd6e316a9f447a6766af6174d632e43a557e237.

2014-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/docker-ocserv/Dockerfile,
	tests/docker-ocserv/ocserv.conf, tests/full-test: updated full-test

2014-09-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/full-test: added test for RX data

2014-09-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl-unix.c,
	src/worker-vpn.c: print the per-user RX and TX bytes from occtl

2014-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod-auth: don't print misleading message
	on session control

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test: full_test: requires building on debian due to
	gnutls symbol differences

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-pass-group-cert: tests: added check for the DEFAULT
	group in test-pass-group-cert

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: when the default group is selected, don't treat
	it as no selection

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: made the comparison for XML fiels case
	insensitive Suggested by sskaje, based on an issue with the Anyconnect iOS
	client.

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/fcntl.in.h, gl/getdtablesize.c, gl/getpass.c,
	gl/m4/dup2.m4, gl/m4/extern-inline.m4, gl/m4/fcntl.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/strcase.m4, gl/m4/strcasestr.m4,
	gl/m4/strings_h.m4, gl/stdint.in.h, gl/strcasecmp.c,
	gl/strcasestr.c, gl/strings.in.h, gl/strncasecmp.c,
	gl/sys_types.in.h, gl/time.in.h, gl/unistd.in.h: gnulib: added
	strcasestr

2014-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile, tests/full-test: full-test: do not
	require --without-protobuf

2014-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: avoid calling gnutls_record_get_discarded() when
	a DTLS session isn't available

2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test: full-test: require the --without-protobuf option

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/protobuf/protobuf-c/protobuf-c.c,
	src/protobuf/protobuf-c/protobuf-c.h: updated to protobuf 1.0.1

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/autoopts.h: check for stdnoreturn.h presence

2014-08-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am,
	src/protobuf/google/protobuf-c/protobuf-c.c,
	src/protobuf/google/protobuf-c/protobuf-c.h,
	src/protobuf/protobuf-c/protobuf-c.c,
	src/protobuf/protobuf-c/protobuf-c.h: corrected included protobuf's
	path, to align with protobuf 1.0.0

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: corrected typo

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/docker-ocserv/Makefile.am: 
	include the docker test into distribution

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.3

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: added work-around for infinite loop if the UDP
	descriptor becomes invalid

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-user.c, src/main.c, src/main.h: after fork restore the
	default signal mask

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c: worker: when the UDP socket is updated, update
	the DTLS session

2014-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/system.c: updated bsd's getpeereid() check to match the Linux
	behavior

2014-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker: call sigprocmask() prior to entering
	main loop

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/protobuf/google/protobuf-c/protobuf-c.c,
	src/protobuf/google/protobuf-c/protobuf-c.h: protobuf-c: upgraded to
	1.0.0

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: only consider DTLS pending data if the UDP port
	is in active state That may address a possibility for an infinite loop.

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO, src/ipc.proto, src/main-auth.c, src/ocserv-args.def,
	src/sup-config/file.c, src/vpn.h, src/worker-auth.c: user-profile is
	now allowed in per-user configuration

2014-07-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README: removed text on seccomp

2014-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/COPYING.gplv3, libopts/COPYING.lgplv3, libopts/README,
	libopts/ag-char-map.h, libopts/alias.c, libopts/ao-strs.c,
	libopts/ao-strs.h, libopts/autoopts.c, libopts/autoopts.h,
	libopts/autoopts/options.h, libopts/autoopts/project.h,
	libopts/autoopts/usage-txt.h, libopts/boolean.c, libopts/check.c,
	libopts/compat/compat.h, libopts/compat/windows-config.h,
	libopts/configfile.c, libopts/cook.c, libopts/enum.c,
	libopts/env.c, libopts/file.c, libopts/find.c, libopts/genshell.c,
	libopts/genshell.h, libopts/gettext.h, libopts/init.c,
	libopts/load.c, libopts/m4/libopts.m4, libopts/m4/liboptschk.m4,
	libopts/makeshell.c, libopts/nested.c, libopts/numeric.c,
	libopts/option-value-type.c, libopts/option-value-type.h,
	libopts/option-xat-attribute.c, libopts/option-xat-attribute.h,
	libopts/parse-duration.c, libopts/parse-duration.h,
	libopts/pgusage.c, libopts/proto.h, libopts/putshell.c,
	libopts/reset.c, libopts/restore.c, libopts/save.c, libopts/sort.c,
	libopts/stack.c, libopts/streqvcmp.c, libopts/text_mmap.c,
	libopts/time.c, libopts/tokenize.c, libopts/usage.c,
	libopts/version.c: updated libopts to 5.18.3

2014-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: /profiles request allows partial match

2014-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: better error messages when certificate username
	limit is reached

2014-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2014-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/sup-config/file.c: made macro usage safer That solves an issue where the pid_file would be overwritten on a
	configuration file reload.

2014-07-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: updated todo list

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc: do not explicitly set serial number in
	generated certificate That would allow certtool to use a random one.

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c: pam: deinitialize co-routine when session is open
	to save memory

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c: pam: reduced default stack size

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.1

2014-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/str.c: initialize str to null

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: fix typo

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: ocserv: corrected debug message

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: ocserv: print the correct message when only
	selecting a group.

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/str.c, src/str.h,
	src/vasprintf.c, src/vasprintf.h, src/worker-auth.c: introduced
	str_append_printf()

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/common.sh: tests: Increased the server start wait time

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-pass-group-cert-no-pass,
	tests/test-user-group-cert-no-pass.config: tests: Added check for
	certificate-only client with groups

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/worker-auth.c: ocserv: prompt the user for
	group selection even if only certificate authentication is used.

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: document how to convert key to pkcs12 file

2014-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: search for group_list in addition to
	group%5flist That allows to read the group from AnyConnect clients.

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker-misc.c: Set the applicable DNS and
	NBNS servers in complete_vpn_info().

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c, src/vpn.h: Eliminated the MAX_ROUTES requirement.

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker.h: Forward the appropriate DNS and
	NBNS values when using a per-user/group config.

2014-06-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/ocpasswd-test: tests: Added check for the
	basic commands of ocpasswd.

2014-06-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def: Use a more terse, but with more
	dynamic information version string.

2014-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocpasswd.c: Avoid using snprintf() and simply use strcpy().

2014-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Ignore the return code of snprintf(); it is
	useless.

2014-06-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/worker-auth.c, src/worker.h: When renegotiating,
	verify that any certificate received from the client contains the
	same username.

2014-06-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config: doc update

2014-06-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-vpn.c: Seccomp is now compiled in by default, and can be
	enabled at run-time.

2014-06-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-12  Hexchain Tong <i@hexchain.org>

	* src/html.c: Fix array subscription in unescape_url Passwords with url escaped characters were parsed incorrectly. The
	variable used for iterating over `url` should be `i`, not `pos`.
	This patch fixes the problem.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-db.c: removed debugging message

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod.c: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/sec-mod.c: Reload the configuration of the
	security module as well, on main process reload.

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* : Added sequence diagram describing the session control operation.

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/common.c, src/config.c, src/ipc.proto,
	src/main-auth.c, src/main-ctl-unix.c, src/main-misc.c, src/main.c,
	src/main.h, src/ocserv-args.def, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/sec-mod-ban.c, src/sec-mod-db.c,
	src/sec-mod.c, src/sec-mod.h, src/system.c, src/system.h, src/vpn.h: 
	Added support for session control (relevant for PAM for now) That in effect will utilize the pam_open_session() and
	pam_close_session().  It is disabled by default as it requires more
	resources from the security module.

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-auth.c, src/main.h, src/ocserv-args.def,
	src/sec-mod-auth.c, src/vpn.h: Include the SID into the cookie and
	store it in proc_st.

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/vpn.h, src/worker-auth.c, src/worker-vpn.c, src/worker.h: 
	Added work-around for openconnect v3.20 That version of openconnect requires some strict format on the XML
	messages. Thus we send it, what it expects.

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto: removed unused protobuf variable

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-pass, tests/test-pass-script, tests/test1.passwd: 
	tests: check for special characters into username in addition to
	password

2014-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Send the server version string to client.

2014-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: TODO: removed completed item

2014-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: removed dbus from the dependencies

2014-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.def, src/ocpasswd.c: ocpasswd: added parameter
	to delete a user.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac: bumped version

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-args.def: doc update

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: No longer install d-bus or systemd files.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-02  Brian Chu <cynix@cynix.org>

	* src/tun.c: Fix tun IPv6 on platforms that use SIOCAIFADDR_IN6.  Also remove a redundant call to SIOCDIFADDR. A freshly cloned tun
	interface should not have existing aliases.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: removed double header inclusion

2014-06-02  Brian Chu <cynix@cynix.org>

	* src/tun.c: Fix insufficient arguments in an error message.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: Avoid warning due to unused variables.

2014-06-02  Brian Chu <cynix@cynix.org>

	* src/main-misc.c, src/main.h, src/tun.c: Fix tun device usage on
	*BSD.  SIOCSIFADDR is deprecated on *BSD. Instead, use SIOCAIFADDR to add
	an alias. Also destroy the tun device with SIOCIFDESTROY when the
	client disconnects.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: doc update

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: SID is no longer being randomized in main.  This was unecessary as it is now being set (and generated) by
	sec-mod.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker-misc.c, src/worker-vpn.c: reduced
	the severity on several worker log messages.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/plain.c: corrected string comparison

2014-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h, src/worker-misc.c, src/worker-vpn.c: Do a more graceful
	termination of the client if main server closes the CMD fd.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-unix.c, src/occtl-unix.c, src/sec-mod.c: Always use
	the native endianness.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: autogenerate args files if version.inc is update.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed no longer applicable message

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.0

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/kill-parent.sh, tests/test-iroute,
	tests/test-pass-script: use a more portable way to kill the
	openconnect process.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: full-test: be more resilient to docker errors.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: corrected compilation with local protobuf

2014-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: doc update

2014-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Listed previous releases.

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c: main: correct hashing of cookie

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: more debug messages

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/main.h: main: removed the inactive ban_list.

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: main: deactivate the cookie when releasing proc.

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: worker: only check for friendly names, if there
	are any

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: increased the maintainance time to 15 mins

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h: inline revive_cookie()

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c: No need for safe_memset() of the cookie hash.

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/main.h: Limit the number of TLS resumption
	requests to one.

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/main-auth.c, src/main.h: Store a hash of the
	client's cookie instead of the cookie itself.  That ensures that the cookies cannot be leaked from the server.  On
	a hash collision, the IP of the other cookie in use will be
	hijacked.

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: zeroize cookies and TLS session data after read.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/ocserv-args.def: doc update

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-resume.c, src/tlslib.h, src/worker-vpn.c: TLS sessions
	expire the at cookie timeout.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/system.c: better printing of module name.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl-unix.c: Report the
	number of active cookies and TLS resumed sessions to occtl

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/cookies.c, src/cookies.h, src/main-auth.c,
	src/main-misc.c, src/main.c, src/main.h, src/ocserv-args.def,
	src/sec-mod-auth.c, src/vpn.h, src/worker-auth.c: Keep track of
	cookies internally.  That allows to restrict the cookie validity time to the absolutely
	minimum required to establish and reconnect a recently disconnected
	session.  That deprecates the cookie-validity option and introduces
	the cookie-timeout option.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-resume.c: corrected safe_memset() of expired sessions.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.h: Allow memset of zero

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-resume.c, src/main.c, src/main.h, src/tlslib.c,
	src/tlslib.h, src/vpn.h: Simplified the TLS hash table
	initialization.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-resume.c: Overwrite TLS session data prior to release.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: use macros for reason messages

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: require the certificate being present on the
	sec-mod session initialization.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Better HTTP error messages.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-05-26  Joerg Mayer <jmayer@loplof.de>

	* src/Makefile.am: ocserv: Fix out of tree builds Signed-off-by: Joerg Mayer <jmayer@loplof.de>

2014-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test3.config: enable cisco-client-compat in cert test

2014-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: do not deny roaming by default

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Return 401 error on cookie authentication
	failure.

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/main-auth.c,
	src/main-misc.c, src/ocserv-args.def, src/sup-config/file.c,
	src/vpn.h: Added the configuration option deny-roaming.  That required moving the read of the group configuration during the
	cookie authentication phase.

2014-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.0pre0

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/auth/pam.c, src/config.c,
	src/ocserv-args.def, src/sec-mod-auth.c, src/vpn.h: Added auto group
	listing on PAM authentication as well.  In addition a configuration option to print group IDs over a certain
	number was added.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/plain.c: ensure that the group table isn't overflowed.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* COPYING, configure.ac, src/auth/pam.c, src/auth/plain.c,
	src/common.c, src/config.c, src/cookies.c, src/html.c,
	src/icmp-ping.c, src/ip-lease.c, src/log.c, src/main-auth.c,
	src/main-ctl-dbus.c, src/main-ctl-unix.c, src/main-misc.c,
	src/main-resume.c, src/main-sup-config.c, src/main-user.c,
	src/main.c, src/occtl-args.def, src/occtl-cache.c,
	src/occtl-dbus.c, src/occtl-nl.c, src/occtl-pager.c,
	src/occtl-unix.c, src/occtl.c, src/ocpasswd-args.def,
	src/ocpasswd.c, src/ocserv-args.def, src/route-add.c,
	src/sec-mod-auth.c, src/sec-mod-ban.c, src/sec-mod-db.c,
	src/sec-mod.c, src/setproctitle.c, src/sup-config/file.c,
	src/system.c, src/tlslib.c, src/tun.c, src/worker-auth.c,
	src/worker-bandwidth.c, src/worker-extras.c, src/worker-misc.c,
	src/worker-privs.c, src/worker-resume.c, src/worker-vpn.c: license
	upgraded to GPLv3

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-pam: test-pam: better messages

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: remove const from temp variables.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/auth/plain.c, src/sec-mod-auth.c: Better auth
	log messages.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/route-add.c: re-use the string replace API for route add/del
	replacements.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/main.h, src/ocserv-args.def,
	src/route-add.c, src/str.c: re-use the string replace API for route
	add/del replacements.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def, src/worker-vpn.c: The
	replaced keywords were put into brackets.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: check for allocation error in custom header
	replacement.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config: doc update

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def, src/worker-vpn.c: The custom header options
	allows %U and %G.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ipc.proto, src/main-auth.c,
	src/ocserv-args.def, src/str.c, src/str.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c: Added the proxy-url option to
	allow sending a proxy URL.  This corresponds to the X-CSTP-MSIE-Proxy-Pac-URL CSTP header.

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: limit the cookie validity
	time to 3 hours in the configuration examples.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-auth.c, src/sec-mod-auth.c: Restrict
	cookies to a single IP address.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/ipc.proto, src/main-auth.c,
	src/main.h, src/sec-mod-auth.c, src/sec-mod.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: Cookies are packed using protocol
	buffers to reduce their size.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Do not call close() twice. Issue spotted by
	coverity.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Correctly check for network name. Issue spotted
	using coverity.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Corrected check for group list sending to
	client.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Allow an empty friendly_group_list (in
	auto-select-group).

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: Make pid-file an array to avoid issues with memory
	allocation.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: corrected filename

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: When a client has already selected a group,
	re-order our group selection form.  This is required by some Anyconnect clients and the openconnect
	android app.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-auth.c: Allow aliases to group names.

2014-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/worker.h: more precise usage of MAX_*_SIZE
	definitions.

2014-05-20  Kevin Cernekee <cernekee@gmail.com>

	* src/sec-mod.h: Add missing GnuTLS header file sec-mod.h now uses gnutls_privkey_t, so include <gnutls/abstract.h>
	to fix this error:       CC       main-misc.o     In file included from main-misc.c:43:0:     ./sec-mod.h:31:2: error: unknown type name
	      ‘gnutls_privkey_t’ gnutls_privkey_t *key;       ^

2014-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: mention the occtl tool instead of who -u

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: Corrected certificate generation
	instructions.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: fixed unescape code.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-group-cert,
	tests/test-group-cert.config, tests/test-group-pass,
	tests/test-group-pass.config, tests/test-pass-group-cert,
	tests/test-user-group-cert.config, tests/user-group-cert.pem,
	tests/user-group-key.pem: Added test for group selection when having
	a certificate.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-group-pass,
	tests/test-group-pass.config, tests/test-group.passwd,
	tests/test-pam, tests/test-pam.config, tests/test1.passwd: Added
	tests for group authentication using passwords and PAM.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/auth/plain.c, src/ipc.proto,
	src/sec-mod-auth.c, src/worker-auth.c, src/worker.h: Allow multiple
	groups to be present in a client certificate.  In that case the user will be prompted to select a group.

2014-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-auth.c: Added the default-select-group directive.

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Corrected filename in Makefile.

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, doc/sample.passwd, src/auth/pam.c,
	src/auth/plain.c, src/config.c, src/ipc.proto, src/main.c,
	src/main.h, src/ocserv-args.def, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/vpn.h, src/worker-auth.c, src/worker.h: 
	Added the select-group and auto-select-group config options.  These options allow to prompt the user for a group prior to login.
	That in addition enhances the password file format and multiple
	groups can be specified on a comma separated list, as:
	user:group1,group2,group3:$5$encodedpassword

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/config.c, src/ocserv-args.def, src/worker-auth.c,
	src/worker-misc.c, src/worker-vpn.c, src/worker.h: The route
	configuration directive accepts the keyword 'default' In that case it will return a default route irrespective of any
	other route directives. That allows overriding existing routes with
	a default route for specific users and groups.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: sample.config: comment out the
	occtl-socket-file.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/cookies.h, src/main-misc.c, src/main.c,
	src/main.h, src/sec-mod-auth.c, src/sec-mod.c, src/sec-mod.h: memory
	reorganization in sec-mod.  It no longer relies on main pool, it uses it's own pool.  In
	addition the DEBUG_LEAKS definition was added to allow debugging
	leaks.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: define HAVE_LIBTALLOC when libtalloc is being used.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main-misc.c, src/main.c, src/main.h,
	src/sec-mod-ban.c, src/sec-mod-db.c, src/sec-mod.c, src/sec-mod.h,
	src/worker-vpn.c, src/worker.h: Clean-up all memory on
	deinitialization of sec-mod and worker.  That will allow to easier spot any unintentional memory leaks.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: corrected issue in talloc detection.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/worker-privs.c: Add the clock_gettime()
	syscall on the list of allowed in seccomp.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/kill-parent.sh, tests/test-iroute,
	tests/test-pass-script: Force full connection after cookie when a
	script is involved.  That is because in the new design of ocserv, the cookie is being
	provided prior to any script being run or evaluated.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/auth/pam.h, src/auth/plain.h,
	src/main-auth.c, src/main-auth.h, src/main.c, src/sec-mod-auth.c,
	src/sec-mod-auth.h: Renamed main-auth.h.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/group-config.c, src/main-misc.c,
	src/main-sup-config.c, src/main-sup-config.h, src/main.c,
	src/main.h, src/sup-config/file.c, src/sup-config/file.h: 
	Supplementary group/user configuration is now modular.  That will ease the addition of other backends that can be used to
	read the user/group configuration. The only backend supported now is
	file.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/group-config.c: use safe_memset() when overwritting the group
	configuration

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: cleanup the inclusion of protobuf sources.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: Added sanity checks in state transitions.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* : Updated authentication state and design figures.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/auth/pam.c, src/auth/pam.h,
	src/auth/plain.c, src/auth/plain.h, src/main-auth.c,
	src/main-misc.c, src/main.c, src/pam.c, src/pam.h, src/plain.c,
	src/plain.h, src/sec-mod-auth.c: Authentication modules were moved
	to subdirectory auth/

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/main-misc.c,
	src/ocserv-args.def, src/vpn.h: Added default-user-config and
	default-group-config configuration options.  These allow setting a configuration file that will be loaded if a
	user-specific or group-specific configuration file isn't found.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/sec-mod-auth.c, src/vpn.h: 
	Allow for random and for predictable IP assignment.

2014-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO, src/Makefile.am, src/common.c, src/cookies.c,
	src/cookies.h, src/ip-lease.c, src/ipc.proto, src/main-auth.c,
	src/main-ctl-dbus.c, src/main-ctl-unix.c, src/main-misc.c,
	src/main.c, src/main.h, src/sec-mod-auth.c, src/sec-mod-ban.c,
	src/sec-mod-db.c, src/sec-mod.c, src/sec-mod.h, src/system.c,
	src/tlslib.c, src/vpn.h, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: Password authentication is now delegated to sec-mod.  That prevents any memory from the authentication modules to be
	leaked to a worker process. As a result, the status zombie and dead
	no longer exists.

2014-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: include malloc.h when needed.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/main.c, src/main.h: Corrected the removal of
	socket files in chrooted environment.  In addition remove the occtl_socket_file.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/main.h: eliminate the need for a worker_pool
	variable in main_server_st.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/group-config.c, src/ipc.proto, src/main-auth.c,
	src/ocserv-args.def, src/vpn.h, src/worker-auth.c: Added no-udp
	group configuration option.  That options allows disabling UDP for specific users or groups.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pam.c: corrected PAM module and its usage of malloc.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/sec-mod.c, src/system.c: Allow the main process to
	connect to sec-module.  That allows gnutls' to verify the key validity during
	initialization.

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated sample.config

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-unix.c, src/occtl.c: occtl: propagate error codes on
	error conditions.

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ctl.h, src/main-ctl-unix.c, src/occtl-args.def,
	src/occtl-dbus.c, src/occtl-unix.c, src/occtl.c, src/occtl.h,
	src/ocserv-args.def, src/vpn.h: Allow modifying the default occtl
	socket file.

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: use safe_memset() when overwriting the TLS cache
	entries.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-dbus.c, src/occtl-unix.c, src/occtl.h: use common
	definition for date-time format.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/main-ctl-unix.c, src/main.c, src/main.h,
	src/occtl-unix.c: status cmd will report the server uptime

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Added missing files.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use safe_memset() where needed.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h, src/plain.c: Use a static buffer to read the
	password file entries from.  That allows easier overwrite of the parameters read.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: do not separately allocate buffer,
	but place it instead into worker structure.

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: corrected function prototype.

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/main.c: use malloc_trim() to return memory to OS
	after fork().

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/occtl-cache.c, src/occtl-unix.c,
	src/occtl.c, src/occtl.h: Fixes in talloc usage in occtl in
	combination with readline.

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: better interplay between use-dbus and use-occtl.

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: When deinitializing the IP-leases table disable
	the lease destructor.

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile, tests/full-test: updated docker
	test.

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/common.c, src/common.h,
	src/config.c, src/group-config.c, src/html.c, src/html.h,
	src/ip-lease.c, src/ip-lease.h, src/main-auth.c, src/main-auth.h,
	src/main-ctl-dbus.c, src/main-ctl-unix.c, src/main-misc.c,
	src/main-resume.c, src/main.c, src/main.h, src/occtl-cache.c,
	src/occtl-dbus.c, src/occtl-unix.c, src/occtl.c, src/occtl.h,
	src/pam.c, src/plain.c, src/script-list.h, src/str.c, src/str.h,
	src/tlslib.c, src/tlslib.h, src/worker-auth.c, src/worker-resume.c,
	src/worker-vpn.c, src/worker.h: Use talloc() for all allocations to
	reduce the possibility of memory leaks.

2014-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2014-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/config.c, src/main-ctl-unix.c, src/ocserv-args.def,
	src/vpn.h: Support for the unix socket is now configurable.

2014-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Added configure option --without-pam

2014-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, configure.ac, src/Makefile.am, src/common.c,
	src/config.c, src/ctl.h, src/ctl.proto, src/main-ctl-dbus.c,
	src/main-ctl-handler.c, src/main-ctl-unix.c, src/main-ctl.h,
	src/main.c, src/main.h, src/occtl-dbus.c, src/occtl-unix.c,
	src/occtl.c, src/occtl.h, src/sec-mod.c, src/system.c, src/system.h: 
	Added support for unix sockets for the occtl communication.  D-BUS support is left, but is not enabled by default.

2014-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/ccan/compiler/compiler.h,
	src/ccan/talloc/talloc.c, src/ccan/talloc/talloc.h,
	src/ccan/typesafe_cb/typesafe_cb.h: Added talloc.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.h, src/worker-vpn.c: Use exit_worker() or gnutls fatal
	errors instead of plain exit().  That solves issue with stats not being reported to the main process.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/scripts/ocserv-script, src/main-user.c,
	src/ocserv-args.def: Added the STATS_DURATION script environment
	variable.  This variable reports the duration of the session in seconds.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: sample config update

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: name the cli stats packet.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Resumed sessions are assigned the correct
	auth_state.

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.3.4

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: initialize values to avoid compiler warnings.

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/worker-misc.c: check for posix_memalign
	presence.

2014-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2014-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/scripts/ocserv-script: updated example script to account for
	STATS_BYTES variables.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile, tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/myscript, tests/docker-ocserv/ocserv.conf,
	tests/full-test: Test whether the statistics are exported to
	disconnect script.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO, src/ipc.proto, src/main-misc.c, src/main-user.c,
	src/main.h, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c,
	src/worker.h: Export TUN device statistics from the worker process.  When a worker process terminates in authenticated state, then export
	statistics from the tun device (currently bytes_in and bytes_out).
	These statistics are sent to main process using an informational
	message just prior to process exit. The statistics are also exported
	to the disconnect script using the STATS_BYTES_IN and
	STATS_BYTES_OUT environment variables.

2014-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-misc.c: Active session timeout was reduced to 30 secs.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-misc.c: corrected sigstack permissions.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: Avoid running test if our conditions are not met.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/system.c, src/worker-misc.c, src/worker-vpn.c,
	src/worker.h: Setup an alternative stack for signals on heap.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: Allow the worker signal handlers to operate
	under seccomp.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: Added sigprocmask to the list of seccomp
	allowed calls.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main.c, src/worker-misc.c: When receiving
	unexpected UDP packets, check if they match a known IP and forward
	them.  This will not work for many clients that come from a single IP but
	will work-around issues, when clients are behind a NAT that keeps
	their UDP port state for shorter time than DPD.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: changed the default DPD
	time to 90 seconds, to prevent UDP port from changing in several
	NATs.

2014-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: When a DTLS hello message is received, print the
	source address.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-cache.c, src/occtl-nl.c, src/occtl-pager.c,
	src/occtl.c, src/ocpasswd.c, src/pam.c, src/plain.c,
	src/route-add.c, src/sec-mod.c, src/setproctitle.c, src/str.c,
	src/system.c, src/tlslib.c, src/tun.c, src/worker-auth.c,
	src/worker-bandwidth.c, src/worker-extras.c, src/worker-misc.c,
	src/worker-privs.c, src/worker-resume.c, src/worker-vpn.c: corrected
	program name in license

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: Added note on enable-local-libopts for full-test

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: Modified full test for debian.

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, tests/Makefile.am, tests/docker-ocserv/Dockerfile,
	tests/docker-ocserv/Makefile.am, tests/docker-ocserv/cert.pem,
	tests/docker-ocserv/key.pem, tests/docker-ocserv/ocserv.conf,
	tests/docker-ocserv/passwd, tests/full-test: Added a full test
	between openconnect and ocserv based on docker.  That allows testing the establishment of a connection plus the
	transferring of packets.

2014-04-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, src/main-misc.c, src/main.h: Revert "Delay the
	cleanup of resources of a worker if a disconnect script is set." This reverts commit 7e0ee385c202807f7fb798564063c7c9a5fcfbb4.

2014-04-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-04-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/tlslib.c, src/tlslib.h: renamed function names for
	clarity.

2014-04-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/connect-script: do not require the device to be present in
	the connect script.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/worker-vpn.c: Do not use renegotiation in old
	clients.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: Revert "When a disconnect script is set, the main
	process will close the tun device on client exit." This reverts commit e50051b435ca54e6d7eac558e37b814d17fcb97e.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/ocpasswd.c, src/sec-mod.c, src/tlslib.c,
	src/worker-vpn.c: Corrected several coverity uncovered bugs.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c: use list_for_each_safe() when
	disconnecting a user.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: check the return value of socket()

2014-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/group-config.c, src/main-misc.c: Simplified group
	configuration file loading.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Correctly close tun lease descriptors prior to running
	worker.  That is, properly initialize them to -1, to avoid deinitializing an
	unrelated descriptor.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: corrected ipv6 netmask assignment.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Revert "close tun lease descriptors prior to running
	worker" This reverts commit 9496819a33d256d5bcf1588cbd1081a016a0ff15.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: correctly print message for no-ip.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: Avoid assigning broadcast address as either lip or
	rip.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/main-misc.c, src/occtl.c: send ID as
	signed integer over dbus.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: close tun lease descriptors prior to running worker

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c, src/main-misc.c, src/main.h: Delay the cleanup of
	resources of a worker if a disconnect script is set.  In that case use the intermediate state PS_AUTH_DEAD to delay the
	release of resources for few seconds. That would allow the
	disconnect script to gather any required statistics from the device,
	IPs etc.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/connect-script, tests/test-pass-script,
	tests/test-pass-script.config: Test whether the connect and
	disconnect scripts have been called.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/main-auth.c, src/main-misc.c, src/main.h,
	src/ocserv-args.def: The tun device will be closed only after the
	disconnect script has been called.  This allows gathering statistics from it. In addition, changed
	behavior of script calling, and now will always contain the IP
	information.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: When a disconnect script is set, the main process
	will close the tun device on client exit.  That allows the disconnect script to gather statistics from the
	client session.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: document new behavior in calling disconnect
	script.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main-user.c, src/ocserv-args.def: Execute
	disconnect script for user that their IP was hijacked by a cookie
	reconnection This will prevent having the script be called to initiate
	connections that are never disconnected. This patch also introduces
	IPV6_LOCAL and IPV6_REMOTE script environment variables that allow
	passing both addresses in case both IPv4 and IPv6 are assigned.

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: released 0.3.3

2014-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h: renamed function for consistency

2014-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: Revert "Try to read
	more than a single packet from the TUN device." This reverts commit 019126abfd5603971cc208b404ef8b2ee1980ccd.

2014-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/worker-vpn.c: Revert "corrected DTLS data
	sending." This reverts commit 374f8d52a90708f8bfe58f11d1313c8af843c794.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/worker-vpn.c: corrected DTLS data sending.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Revert "check sockets for writability and use
	that information to discard packets rather than block." This reverts commit 449302afe2960dcf0f2edd717863c8be00f89b12.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: Try to read more
	than a single packet from the TUN device.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: check sockets for writability and use that
	information to discard packets rather than block.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: refactored worker main loop

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: corrected name of crl template

2014-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: updated comments

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-cert: better message

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/common.sh, tests/test-cert, tests/test3.config: Added test
	for CRL file support.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/ocserv-args.def, src/tlslib.c, src/tlslib.h: 
	Updates in CRL handling.  Ensure reload on SIGHUP, and do print an appropriate error when an
	empty CRL file is encountered.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/setproctitle.c: avoid a totally empty function body.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c: small code improvements

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c: properly copy the username from a certificate

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/common.sh, tests/test-cert, tests/test-iroute,
	tests/test-multi-cookie, tests/test-pam, tests/test-pass,
	tests/test-pass-cert, tests/test-pass-script: simplified and
	corrected test execution

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-pass-cert,
	tests/test-user-cert.config, tests/test2.config,
	tests/user-cert-wrong.pem: Added check for connection with incorrect
	certificate

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* LICENSE: explicitly specify GPLv2+ (or later) in LICENSE.

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/route-add.c: Added sys/wait.h for WEXITSTATUS

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/route-add.c: Added limits.h for
	POSIX_PATH_MAX

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c, src/main-misc.c, src/worker-misc.c: Added sys/uio.h

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: Added LIBGNUTLS_CFLAGS to ocserv's CFLAGS

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: more verbose log message

2014-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: notify the peer when disabling the DTLS channel
	with a close alert.

2014-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: more cleanups in MTU calculation

2014-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: removed cast as it is not available on every readline
	version.

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: Use the Base-MTU for MTU
	calculations.

2014-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/route-add.c, src/str.c, src/str.h: removed unused functions

2014-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/setproctitle.c: doc update

2014-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* : Added diagram with authentication state machine.

2014-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: Do not set the
	output-buffer in the default configuration.

2014-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pam.c: updated comment

2014-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: The IP don't fragment bit is only set if
	try-mtu-discovery is true.

2014-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: better naming of variables.

2014-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: dropped support for Salsa20 and UMAC.  They are not supported by openconnect and the latest IETF drafts use
	Chacha20 with poly1305.

2014-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-vpn.c, src/worker.h: No longer send IPv6
	information to CISCO clients that may not be able to handle it.  Now IPv6 information is only forwarded if the client is openconnect,
	or if the client is unknown and has advertised full IPv6 support.

2014-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/ocserv-args.def: doc update

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: when printing link-local addresses do not include the
	zone info.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: fixed formatting of news

2014-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/http-parser/http_parser.c, src/http-parser/http_parser.h: 
	Updated the included http-parser

2014-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: Print a compact version of the DTLS ciphersuite.

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: Allow TUN_MTU command only in authenticated state

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: simplified handle_auth_res()

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.h, src/worker-vpn.c: Do not block in TLS and DTLS reads This prevents an issue where a client disconnects but the server is
	blocked on a DTLS read without being able to detect the
	disconnection.

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: check return value of tls_send()

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c, src/occtl.c: move bytes2human in occtl.c to allow
	compilation without libnl

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/occtl-nl.c, src/occtl.c, src/occtl.h: 
	provide the bandwidth limit through d-bus

2014-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2014-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/group-config.c, src/main-ctl-handler.c, src/occtl.c: 
	occtl will print the user's dns, nbns, routes, and iroutes.

2014-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: Warn when setting a default route the wrong way.

2014-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2014-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2014-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* INSTALL, configure.ac: Added options to explicitly disable
	checking for certain libraries

2014-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use remove_proc() instead of user_disconnected() when
	killing children.

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated sample

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Added the rekey-method config option.

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use RND_RANDOM for the generation of SID

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/vpn.h: when mobile-dpd and mobile-idle-timeout
	are not set, they get values from their non-mobile counterpart.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Added the mobile-idle-timeout config option.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pam.c: better messages from pam authentication module

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/plain.c: only print an authentication failure message if the
	maximum tries have been reached

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: send disconnect packet instead of server
	terminate when disconnecting a user.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c,
	src/worker.h: Implemented Idle timeout.  When set, a client that does not have any non-control traffic for
	that period is getting disconnected.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/vpn.h: modified priorities

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: added debug message in remove_proc

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h: Do not allow DPD to
	be disabled.  Doing so would prevent the server from dropping inactive
	connections. If the dpd values are not configured, set some
	reasonable defaults.

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config: doc update

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c,
	src/worker.h: Added the mobile-dpd configuration option.  This option allows setting a different DPD value for mobile clients
	to allow them going to sleep for longer time.

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/log.c, src/main.c, src/ocserv-args.def,
	src/tlslib.c, src/vpn.h, src/worker-vpn.c: Simplified debugging by
	allowing multiple levels.  'ocserv -d' now accepts a numeric option from 0 (no debugging) to 9
	(maximum verbosity).

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: better log names.

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, TODO: doc update

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: Added profile.xml to the distributed files

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-args.def: Added 'See Also' section in occtl.8

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: better wording

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-auth.c, src/main-ctl-handler.c,
	src/main-misc.c, src/main.c, src/main.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: simplified handling of CISCO
	reconnecting clients.  Instead of having a client use the initial SID over and over, re-set
	the SID cookie, during authentication when needed. That way we avoid
	having expensive checks to ensure uniqueness of SID.

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c: eliminated double [m]

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c: Indicate the main process in message logging, to
	distinguish from worker messages.

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c, src/plain.c: Better messages in password asking.

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: Allow a number of retries in plain password
	authentication.

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: set output buffer based on DTLS MTU, and ensure
	a minimum value

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: distribute test-stress

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.3.1

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: check for auth context presence when locating a
	previous session

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: removed the periodic printing of TCP MSS

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: corrected typo

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: added example of IPv6 route

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/group-config.c: print errors when an invalid
	IPv6 prefix is found.

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/group-config.c, src/ipc.proto, src/main-auth.c,
	src/main-misc.c, src/vpn.h, src/worker-auth.c, src/worker-misc.c,
	src/worker-vpn.c, src/worker.h: Added support for the "new" type of
	IP6 support in AnyConnect.  If the client sends "X-CSTP-Full-IPv6-Capability: true", then we use
	     the headers: X-CSTP-Address-IP6: 2001:db8:1000:1000::1/64      X-CSTP-Split-Include-IP6: 2001:db8:1000:1001::/64      X-CSTP-Split-Include-IP6: 2001:db8:1000:1002::/64 (see corresponding openconnect change)

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: corrected typo

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/main.c: eliminate small leak

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/common.sh, tests/test-stress, tests/test-stress.config,
	tests/test1.passwd: Added stress test

2014-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: Do not enforce safe negotiation on the main TLS
	channel.  This is only set when in CISCO compatibility mode, as CISCO clients
	come from the past.

2014-02-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/plain.c: simplified type usage

2014-02-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/plain.c: switch to strtok_r() and other small fixes.

2014-02-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: when a user is rejected due to multiple
	connections set an appropriate status.

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: set a reasonable default rekey time

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: sample.conf update

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: removed exclamation mark

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: DTLS rekey time and method was aligned with
	CSTP.

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: Allow rehandshakes on the DTLS
	channel.

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Rekey time is now configurable and can be disabled.

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: removed unused label

2014-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: when the tcp channel is terminated attempt to
	close the DTLS channel as well.

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-02-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: Use brackets in DEL macro

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-privs.c: seccomp will make the forbidden system
	calls to return an error.

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: reduced the number of allowed ioctl() to the
	ones used.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/ocserv-args.def: doc update

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Added the split-dns config option.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Added configuration option to send custom headers to client.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/group-config.c,
	src/ipc.proto, src/main-auth.c, src/main-misc.c,
	src/ocserv-args.def, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c, src/worker-vpn.c, src/worker.h,
	tests/test-iroute.config, tests/test-multi-cookie.config,
	tests/test-pam.config, tests/test-pass-script.config,
	tests/test1.config, tests/test2.config, tests/test3.config: Added
	support for multiple DNS and NBNS servers.  This patch also combines ipv4-dns and ipv6-dns options that are now
	handled as aliases to dns.  A side-effect of this patch is that the local keyword is no longer
	supported.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: Added untested code to set an IPv6 on FreeBSD.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: separated linux-specific code to allow easier
	portability fixes.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c, src/ip-lease.h, src/tun.c: on systems without IPv6
	support remove the IPv6 lease.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: if the loading of default config in the new location
	fails, try the old default file.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: use linux/types.h for __u32

2014-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/common.c, src/config.c, src/ipc.proto,
	src/log.c, src/main-auth.c, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c, src/worker-tun.c, src/worker-vpn.c, src/worker.h: 
	The worker process receives the client's IPs from the main process.  That eliminates the need to read the IP address from the tun device
	(which can be quite tricky to implement in a clean portable way).

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: remove socket and pid files prior to waiting for kill.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c: Get real-time netlink information rather than
	using the cache.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c: updated netlink handling.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.def, src/ocpasswd.c: better error messages

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd.c: When not reading from a tty use getline().

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: use etc/ocserv as config directory

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocpasswd.c: Set a default password file if one
	is not specified in ocpasswd.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: ensure that our MTU discovery will not try an
	MTU smaller than the minimum.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: Take into account peer's MTU
	values after considering the overhead.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: change default ipv6 to link-local

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: set IFF_RUNNING and fail if tun interfaces cannot be
	brought up.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-tun.c: 'guess' DST address in IPv6 links

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-tun.c: Corrected auto-detection of the address.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: simpler handling of IPv6 assignment

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/icmp-ping.c, src/icmp-ping.h: Revert "ping a single host in
	IPv6" This reverts commit b7a4a098a30390f2549be66deda513b6e2c05875.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: Revert "Lease a single IPv6." This reverts commit a3889c9053607bccde126e34bcef381c64e6e412.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/occtl.c: Revert "The D-BUS protocol
	transfers only a single IPv6." This reverts commit 1f08ebc70ad54ceadd565e03704db2d76c7b9278.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c: The D-BUS protocol transfers
	only a single IPv6.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: Lease a single IPv6.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c, src/icmp-ping.h: ping a single host in IPv6

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: Set both IPv4 and IPv6 addresses in Linux.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/vpn.h, src/worker-tun.c: corrected reading of IP addresses.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-tun.c: Use getifaddrs() to obtain the IPs of the tun
	device.  This is a waste of resources but it seems there is no other easy way
	to obtain to IPv6 address of a tun device.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: use ffff instead of FFFF for IPv6 masks

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, src/tun.c: Cleanups in IPv6 handling.

2014-01-29  Thomas Glanzmann <thomas@glanzmann.de>

	* doc/profile.xml: Allow Remote Desktop Users to establish
	AnyConnect connections Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: reduced log level

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: only install DBUS and systemd files if they don't
	exist.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/systemd/ocserv.service,
	doc/systemd/ocserv.socket,
	doc/systemd/socket-activated/ocserv.service,
	doc/systemd/socket-activated/ocserv.socket,
	doc/systemd/standalone/ocserv.service: Added two versions of systemd
	socket files, a standalone and a socket activate.  From the standalone is installed by default.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, doc/Makefile.am,
	doc/dbus/org.infradead.ocserv.service: No need to install the dbus
	service file.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: safer decoding of cookies.

2014-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: print info when a UDP connection is rejected due to
	time.

2014-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: print message when a SID cannot be decoded.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: IP -> Remote IP

2014-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd.c: only ask to verify password in interactive mode

2014-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-iroute.config, tests/test-multi-cookie.config,
	tests/test-pam.config, tests/test-pass-script.config,
	tests/test1.config, tests/test2.config, tests/test3.config: updated
	config files

2014-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed pre0

2014-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: indented file

2014-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/sec-mod.c: Added support for getpeereid

2014-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, README, src/worker-privs.c: updated seccomp rules.

2014-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: Do not rehandshake on the DTLS
	channel.

2014-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: better detect original readline

2014-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: protect the server from multiple
	rehandshakes.

2014-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/worker-vpn.c: when the client requests a
	rehandshake accept there request.

2014-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/occtl.c: When libreadline isn't
	available try editline.

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: better checking for readline

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am,
	src/google/protobuf-c/protobuf-c.c,
	src/google/protobuf-c/protobuf-c.h,
	src/protobuf/google/protobuf-c/protobuf-c.c,
	src/protobuf/google/protobuf-c/protobuf-c.h: Changes to avoid the
	embedded protobuf files being included when not needed.

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c, src/occtl.c: code cleanup

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: do not duplicate technical info

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README, configure.ac, src/Makefile.am,
	src/google/protobuf-c/protobuf-c.c,
	src/google/protobuf-c/protobuf-c.h: protocolbuf-c was made an
	optional dependency.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: more reasonable line wrapping

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: better order of options

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/base64.c, gl/base64.h, gl/gettimeofday.c,
	gl/m4/absolute-header.m4, gl/m4/base64.m4, gl/m4/gettimeofday.m4,
	gl/m4/sys_socket_h.m4, gl/m4/sys_time_h.m4, gl/sys_time.in.h: Added
	gnulib's missing files

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: simplified ciphersuite selection
	method and select ciphers based on server's desire.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h, src/vpn.h, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: better definition names.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: increased minimum maintainance time, and decreased log
	level of maintainance message.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath, build-aux/snippet/arg-nonnull.h,
	build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
	gl/Makefile.am, gl/c-ctype.c, gl/c-ctype.h, gl/c-strcase.h,
	gl/c-strcasecmp.c, gl/c-strncasecmp.c, gl/cloexec.c, gl/cloexec.h,
	gl/close.c, gl/dup2.c, gl/errno.in.h, gl/fcntl.c, gl/fcntl.in.h,
	gl/fd-hook.c, gl/fd-hook.h, gl/fseek.c, gl/fseeko.c, gl/fstat.c,
	gl/getdelim.c, gl/getdtablesize.c, gl/getline.c, gl/getpass.c,
	gl/getpass.h, gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/close.m4,
	gl/m4/dup2.m4, gl/m4/errno_h.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl.m4,
	gl/m4/fcntl_h.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fstat.m4,
	gl/m4/getdelim.m4, gl/m4/getdtablesize.m4, gl/m4/getline.m4,
	gl/m4/getpass.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/include_next.m4,
	gl/m4/largefile.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
	gl/m4/lib-prefix.m4, gl/m4/longlong.m4, gl/m4/lseek.m4,
	gl/m4/malloc.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4,
	gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/multiarch.m4, gl/m4/off_t.m4, gl/m4/realloc.m4,
	gl/m4/ssize_t.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
	gl/m4/strdup.m4, gl/m4/string_h.m4, gl/m4/sys_stat_h.m4,
	gl/m4/sys_types_h.m4, gl/m4/time_h.m4, gl/m4/unistd_h.m4,
	gl/m4/warn-on-use.m4, gl/m4/wchar_t.m4, gl/malloc.c, gl/memchr.c,
	gl/memmem.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h,
	gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/realloc.c,
	gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
	gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h, gl/strdup.c,
	gl/string.in.h, gl/sys_stat.in.h, gl/sys_types.in.h, gl/time.in.h,
	gl/unistd.in.h: updated gnulib

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/worker-misc.c: on unknown messages print the
	number of the message when cmd_request_to_str() is used.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c: evened out the level of some
	debug messages.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main-auth.c, src/main-resume.c, src/main.h: 
	mslog_hex() will allow printing values encoded in base64.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: better debug messge

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main.c, src/main.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: Use base64 to encode Cookies. That
	reduces the size of the cookie.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/main-misc.c, src/main.h: Added proc_st
	status PS_AUTH_FAILED to prevent users that failed authentication to
	leave a zombie proc_st.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use pselect() in worker process as well.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: better message when cannot reach server.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c: main-ctl-handler.c when disconnecting IDs and ID==-1 then continue looping until all
	zombies have been cleaned up.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: list users -> show users

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: remove zombie proc_st when its state has been
	'stolen'

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: reduce maintainance time to remove zombie processes
	sooner.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: when taking the state of a proc_st set its status
	to zombie.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c: do not give information on zombie
	processes

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c, src/occtl-time.c, src/occtl.c: info printing
	updates

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: updated copyright date

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: updated authors

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-auth.c, src/main.c, src/main.h,
	src/vpn.h, src/worker-auth.c, src/worker-vpn.c, src/worker.h: 
	instead of using the TLS session ID as session identifier prior to
	authentication use the webvpncontext cookie.

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c: send auth reply failure when
	needed.

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto: Added sketch of authentication protocol between
	main and worker.

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/common.c, src/cookies.c, src/ipc.proto,
	src/main-auth.c, src/main-ctl-handler.c, src/main-misc.c,
	src/main-resume.c, src/main.c, src/main.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c, src/worker.h: enabling
	cisco-client-compat allows 'stealing' of processes.  This change puts a proc_st that its client has terminated to a
	"zombie" state. That state will allow a client that connects later
	using the same TLS session ID to reclaim it. That way clients that
	try to authenticate by sending their credentials in different
	sessions can still authenticate with ocserv. That however puts more
	trust to worker processes (as the main process has no way of telling
	whether a TLS session is certainly resumed).

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-auth.c, src/ocserv-args.def, src/tlslib.c,
	src/vpn.h, src/worker-auth.c: replace always-require-cert with
	cisco-client-compat.

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: added missing dependency

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: documented all dependencies

2014-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure info update

2014-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c: corrected prototype

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c: send empty array instead of nothing when a
	user or ID aren't found.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: print correct error when a user or ID are not found

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/occtl-nl.c, src/occtl.c,
	src/occtl.h: Added function to print network interface statistics.

2014-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: free the output of gnutls_session_get_desc

2014-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c, src/ocserv-args.def: export ID env variable

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h: print file name instead of function name

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main-misc.c, src/main.h,
	src/worker-auth.c, src/worker-resume.c, src/worker.h: print textual
	name of messages exchanged.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-ctl-handler.c, src/main-misc.c,
	src/main.h, src/occtl.c, src/vpn.h, src/worker-vpn.c, src/worker.h: 
	Store User-Agent information and send to occtl.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: unset needs_compact_auth if client changes its
	mind.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: use a common version message.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: use config-auth header in success message

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: removed vpn-client-pkg-version which didn't
	seem to affect anything.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: combined CSCOT URLs

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: Replaced the
	username cookie with a compact auth option.  That option performs authentication of username, password in a
	single go for clients that request Connection: Close.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: use config-auth XML format.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: corrected size calculation for CONFIG_MSG

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker.h: report the file name plus line instead of function
	name.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-auth.c: Indicate properly
	the status of TLS authentication when a client has reconnected.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-auth.c, src/worker-vpn.c: updated
	copyrights

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/html.c, src/html.h, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: Allow a client to reconnect and continue
	authentication.  That allows clients like CISCO anyconnect to resume authentication
	in a different session by keeping the username in a cookie. That
	works only when a single password is used.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Advertize a very low version of client.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: stricter check of acceptable states.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: more debug messages and be more strict when
	cannot read the password.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/html.c, src/worker-auth.c: Added more debugging messages.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c, src/vpn.h: increased maximum name size of DTLS cipher
	and other occtl cleanups.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main-ctl-handler.c, src/vpn.h: Added human_addr2()
	which will display port number only when requested.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: reduced space for IPs

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: corrected reporting of VPN IP addresses.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: better reporting of ciphersuite and group name.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: corrected default pager behavior

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h, src/vpn.h: increased sizes for ciphersuite name, and
	decreased maximum size for the DTLS ciphersuite (as we use openssl's
	short names)

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: removed dbus_message_iter_has_next() as it behaves
	differently on different versions.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c: more debugging info

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: ignore sigpipe and print (none) when no group is
	available.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/occtl-pager.c: Added configure option to specify
	the default pager for occtl.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main-user.c, src/worker-auth.c: Better error
	checking and cleaned up support for scripts.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: make sure that recvmsg() will continue after signal

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: use TUNSETPERSIST

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: systemd file installation is optional

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: corrected args file generation

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: combined EXTRA_DIST

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, configure.ac, src/main.c: use pselect only when available.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing file

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: Added SEE ALSO man section.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/ocpasswd-args.def,
	src/ocserv-args.def: updated copyright notices

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, src/Makefile.am, src/occtl-args.def,
	src/occtl-cache.c, src/occtl-pager.c, src/occtl-time.c, src/occtl.c: 
	Added occtl.8

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: removed CISCO example policy

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: when used non-interactively return error codes to
	shell on failure.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: display proper error when server sends no reply on
	D-BUS.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in: removed auto-generated file

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: Added more conservative
	priority strings.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/occtl-cache.c, src/occtl.c, src/occtl.h: Add
	usernames and session IDs to readline cache.  This allows auto-completion to show user, and show id, after list
	users is executed.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c: shorter names for states

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c, src/worker-vpn.c: The
	ciphersuite of the client is transferred from the D-BUS interface.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-misc.c, src/main.h, src/vpn.h,
	src/worker-vpn.c: worker will send information on the negotiated
	TLS/DTLS ciphersuites to main.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/occtl-pager.c: do not start pager when not on a
	tty.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: updated commands and descriptions.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: print the license in the interactive client.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/main-ctl-handler.c,
	src/ocserv-args.def, src/vpn.h: Added configuration option use-dbus
	to allow disabling D-BUS usage.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: unblock signals in children.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main-ctl-handler.c, src/main.c, src/main.h,
	src/tlslib.c, src/tlslib.h: Try to release as much memory as
	possible to be able to detect real memory leaks.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main-misc.c: eliminated memory leaks

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: block signals on the proper time.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: use c_strncasecmp() and c_strcasecmp() for matching.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-time.c: doc update

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/occtl-time.c, src/occtl.c, src/occtl.h: print
	the connection time in a compact way

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: print brackets in IPs only when needed (IPv6+port)

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c: Added commands to obtain
	information on a user or an ID.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/occtl-pager.c, src/occtl.c, src/occtl.h: Use
	pager in list users command.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/main.c, src/main.h, src/occtl.c: Added
	reload and 'stop now' D-BUS commands.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: print help when arguments are missing

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: force kill if there are alive children after some time

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: force kill if not every process dies.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c: Simplified method handling.

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: SIGINT doesn't terminate occtl

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: better matching of higher level commands, and
	addition of the reset cmd.

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c: remove_proc() calls
	remove_from_script_list().  This will prevent a race in the case where a proc is deleted (i.e.,
	user is disconnected) but a running script terminates afterwards and
	tries to reference the deleted proc.

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: set sockets to non-blocking outside the loop.

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-ctl-handler.c, src/main.c, src/main.h: 
	better names to lists

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac: added subdir-objects

2014-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use pselect() instead of select()

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: terminate on EOF

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: interface improvements in occtl

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, doc/Makefile.am,
	doc/dbus/org.infradead.ocserv.conf,
	doc/dbus/org.infradead.ocserv.service: install D-BUS and systemd
	files.

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/main-ctl-handler.c,
	src/occtl.c: Added occtl a D-BUS client to query and send commands
	to server.

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: when disconnecting a user make sure that no race
	conditions exist when killing the process.

2014-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in, configure.ac, src/Makefile.am,
	src/main-ctl-handler.c, src/main.c, src/main.h, src/vpn.h: Added
	support for control commands using D-BUS.

2014-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: do not print a port number if it is not available

2014-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main.c: when using systemd socket activation the
	tcp-port option is optional.  Moreover the UDP and TCP ports are "discovered" from the provided
	file descriptors.

2014-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/systemd/ocserv.service,
	doc/systemd/ocserv.socket: Added example systemd socket and service
	files.

2014-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Detect protobuf-c in systems without pkg-config.

2014-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/main.h: store the time a client connected.

2014-01-01  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-vpn.c: Remove unnecessary AnyConnect /2/* files As long as all of our supported OSes are listed under /1/*, the /2/*
	files can be omitted.

2014-01-01  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-vpn.c: Add support for Mac AnyConnect client Populate the 0-byte /1/Darwin_i386 file to prevent the following
	error:     The AnyConnect package on the secure gateway could not be
	    located.  You may be experiencing network connectivity issues.
	    Please try connecting again.  Tested with AnyConnect 3.1.03103.

2014-01-01  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-extras.c: Fix auto-update regression on AnyConnect
	clients If /1/<OS> exists for every valid OS, then the client will never
	even try to request /2/binaries/update.txt.  Instead, it will
	request /1/binaries/update.txt, and then get very confused when the
	response looks like an XML document instead of a version string.

2014-01-01  Kevin Cernekee <cernekee@gmail.com>

	* README: README: Update dependencies

2013-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: set socket options in sockets received by systemd as
	well.

2013-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, config.h.in, configure.ac, src/Makefile.am, src/main.c: 
	Added support for systemd's socket activatable service.

2013-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c, src/worker-vpn.c: Added comments

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, configure.ac, src/Makefile.am, src/common.c,
	src/common.h, src/ipc.h, src/ipc.proto, src/log.c, src/main-auth.c,
	src/main-misc.c, src/main-resume.c, src/main.c, src/main.h,
	src/vpn.h, src/worker-auth.c, src/worker-extras.c,
	src/worker-misc.c, src/worker-resume.c, src/worker-tun.c,
	src/worker-vpn.c, src/worker.h: Converted IPC messaging to
	protocolbuffers-c That adds a dependency on protocolbuffers-c, but simplifies the
	worker-main communication protocol handling.

2013-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed dist-lzip

2013-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: moved length check to correct position

2013-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2013-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: Added text on generating the server
	certificate

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.2.3

2013-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: disabled limits that break the worker

2013-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, src/Makefile.am: generated files added to
	BUILT_SOURCES to fix parallel compilation

2013-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: avoid @AUTOGEN@

2013-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Added newline

2013-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2013-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libopts/m4/libopts.m4: the generation of makefile isn't
	conditional

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: updated

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/ip-lease.c, src/main-auth.c,
	src/main.h: reduced cookie size by only writing down the ipv4 seed.

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/ip-lease.c, src/main-auth.c,
	src/main.h: Augmented cookie format to store the seeds used to
	generate IPv4 and IPv6 addresses.  This ensures that if the IP previously used by a user is free, it
	will be reassigned to him after a reconnection with the same cookie.

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: corrected typo

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: use IPV6_CHECKSUM only when available.

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-tun.c: reorder

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: corrected typo

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: include netinet/ip.h prior to ip_icmp.h to have
	struct ip defined.

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: define ICMP_DEST_UNREACH in systems where it is
	not available

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: corrected typo

2013-12-10  Kevin Cernekee <cernekee@gmail.com>

	* src/main-auth.c: Fix multiple session disconnect when
	max-same-clients is 0 max-same-clients is used to limit the number of outstanding sessions (cookies).  If set to 0, it means an unlimited number of active
	cookies can be owned by each user.  But it doesn't mean that the
	same cookie can be reused for multiple CSTP connections with
	different IPs, as the protocol does not normally work this way.

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: more verbose messages.

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: updated debug messages.

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/group-config.c,
	src/main-misc.c, src/main.c, src/main.h, src/ocserv-args.def,
	src/vpn.h: Added support for cgroups

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/group-config.c: simplified reading the
	net-priority option

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: corrected DPD sending in TLS. Reported by Kevin
	Cernekee.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/group-config.c,
	src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: Allow setting
	directly the IP_TOS from net-priority.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: conditionally use SO_PRIORITY

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: do check the username validity only when a
	certificate is present.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: adjusted severity

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-tun.c, src/worker-vpn.c,
	src/worker.h: simplified setting of additional configuration in the
	worker process

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: corrected typo

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: do not require a certificate when authenticating
	with cookie and always-require-cert is set to false.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/worker-auth.c: Added more verbose logging

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in, configure.ac, src/sec-mod.c: sec-mod ensures that
	requests come from the correct user.

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/Makefile.am, src/config.c,
	src/group-config.c, src/main-auth.c, src/main-config.c,
	src/main-misc.c, src/ocserv-args.def, src/vpn.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: Added the net-priority configuration
	option.  That option allows setting the protocol-defined priority (via
	SO_PRIORITY) for the UDP and TCP sockets, per user/group or
	globally.

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: enforce the RLIMIT_FSIZE and RLIMIT_AS

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in, configure.ac, src/icmp-ping.c: use iphdr only when
	available

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: doc update

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: do not return empty usernames

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-pam, tests/test-pam.config: Added
	test-pam (which is only run manually)

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cert, tests/test-iroute, tests/test-iroute.config,
	tests/test-multi-cookie, tests/test-multi-cookie.config,
	tests/test-pass, tests/test-pass-cert, tests/test-pass-script: 
	reduced fragility of the tests

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-iroute: store temp files in a fixed
	dir

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/main-auth.c, src/main-auth.h, src/pam.c, src/plain.c: 
	Allow PAM to update username

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: explicitly initialize module

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: removed newline from log messages

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: Only add new leases to hash table (and print the
	assigned IPs).

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: print more details on certificate verification
	failure.

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/icmp-ping.c, src/tun.c: 
	Conditionally include system specific headers.

2013-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: if no udp port is set do not bother sending DTLS
	info to client.

2013-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: removed unneeded include

2013-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/main.c: udp-port can now be unset, and
	that will disable listening to UDP.

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README: doc update

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c, src/main-misc.c, src/main.c, src/script-list.h: 
	initialize values prior to list_for_each() calls, to avoid static
	analysers complaints on garbage values.

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ccan/list/list.h: undefine LIST_HEAD and LIST_HEAD_INIT

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in, configure.ac, src/system.c, src/system.h: Use the
	correct sighandler definition on different systems.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-iroute: use regex for comparison

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-multi-cookie,
	tests/test-multi-cookie.config: Added test case for the
	disconnection due to cookie re-use case.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/ip-lease.c, src/main-auth.c, src/main-misc.c,
	src/main.h: When a new connection presents a cookie of an existing
	session the previous session is disconnected.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: fixed issue when compiling with -j

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pam.c: further increase the PAM stack size to allow for more
	complex PAM modules

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: properly initialize rnd IP to avoid valgrind
	complaints

2013-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated todo

2013-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-30  Kevin Cernekee <cernekee@gmail.com>

	* README: README: Add info on build dependencies

2013-11-30  Kevin Cernekee <cernekee@gmail.com>

	* build-aux/.gitignore: Add build-aux/.gitignore

2013-11-30  Kevin Cernekee <cernekee@gmail.com>

	* build-aux/ar-lib, build-aux/compile, build-aux/depcomp,
	build-aux/install-sh, build-aux/missing, build-aux/test-driver: 
	Remove autogenerated scripts from git repo These get dirtied every time somebody runs autogen.sh.

2013-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-11-30  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-vpn.c: Add X-CSTP-License header for mobile client
	compatibility The Android AnyConnect client passes authentication but refuses to
	establish a VPN link if this header is missing.

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: updated title

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, gl/m4/extern-inline.m4: updated gnulib

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cert, tests/test-iroute, tests/test-iroute.config,
	tests/test-pass, tests/test-pass-cert, tests/test-pass-script,
	tests/test-pass-script.config, tests/test1.config,
	tests/test2.config, tests/test3.config: use different ports per test

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-iroute.config, tests/test-pass-script.config,
	tests/test1.config, tests/test2.config, tests/test3.config: daemon
	group is available in more systems. Use that for testing.

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: updated libopts detection

2013-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2013-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/common.sh: relicensed after all authors agreed.

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use definitions to avoid discrepancies.

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: corrected size of explicit nonce

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: The Salsa20 ciphersuites are used over DTLS 1.2,
	and their names follow the new encoding.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: be more precise in MTU calculation even without
	gnutls_est_record_overhead_size().

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Do not use an MTU that is bigger than the
	originally suggested one. Openconnect doesn't like that.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/worker-vpn.c: Better estimate the record
	overhead.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/log.c, src/main.c,
	src/ocserv-args.def, src/vpn.h, src/worker-auth.c,
	src/worker-extras.c, src/worker-vpn.c: Added the --http-debug option
	to ocserv to avoid printing full HTTP messages to normal debug mode.

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: more changes for the new
	ciphersuites

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Added ciphersuites OC-AES-GCM.

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h: corrected include to http-parser

2013-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cert, tests/test-iroute, tests/test-pass,
	tests/test-pass-cert, tests/test-pass-script: relicensed files.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/worker-auth.c,
	src/worker-tun.c, src/worker-vpn.c: Check for local http_parser
	library. If found use it instead of the included one.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: test before copy

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac: Distribute the autogen'erated files as
	.bak and enable them only if local libopts is being used.

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: better phrasing.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/ocserv-script: remove usage of wondershaper

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-bandwidth.c, src/worker-bandwidth.h, src/worker-vpn.c: 
	reduce the calls to gettime().

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gettime.h: use CLOCK_REALTIME_COARSE if available.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: update

2013-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: separated auto-generated files into special
	libraries to allow compilation using make -jx, x>1

2013-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* LICENSE: mentioned the libopts license

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: print package version on initialization

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: added the srcdir prefix

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: delete libopts generated files if system libopts is
	being used

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: ensure that auto-generated files will be
	auto-generated during compilation.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: removed no longer relevant item

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/ag-char-map.h, libopts/ao-strs.c, libopts/ao-strs.h,
	libopts/autoopts/options.h, libopts/autoopts/usage-txt.h,
	libopts/compat/compat.h, libopts/compat/strchr.c,
	libopts/configfile.c, libopts/genshell.c, libopts/genshell.h,
	libopts/m4/libopts.m4, libopts/option-value-type.c,
	libopts/option-value-type.h, libopts/option-xat-attribute.c,
	libopts/option-xat-attribute.h, libopts/pgusage.c, libopts/proto.h,
	libopts/streqvcmp.c, libopts/text_mmap.c, libopts/usage.c: updated
	to libopts 5.18.2

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: updated

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/Makefile.am, libopts/ag-char-map.h, libopts/alias.c,
	libopts/ao-strs.c, libopts/ao-strs.h, libopts/autoopts.c,
	libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/project.h, libopts/autoopts/usage-txt.h,
	libopts/compat/pathfind.c, libopts/configfile.c, libopts/enum.c,
	libopts/find.c, libopts/genshell.c, libopts/genshell.h,
	libopts/gettext.h, libopts/init.c, libopts/load.c,
	libopts/m4/libopts.m4, libopts/makeshell.c,
	libopts/option-value-type.c, libopts/option-value-type.h,
	libopts/option-xat-attribute.c, libopts/option-xat-attribute.h,
	libopts/pgusage.c, libopts/proto.h, libopts/putshell.c,
	libopts/restore.c, libopts/save.c, libopts/stack.c,
	libopts/text_mmap.c, libopts/usage.c, libopts/version.c: updated
	libopts to 5.18

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.2.1

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/main-config.c,
	src/ocserv-args.def, src/worker-bandwidth.c, src/worker-bandwidth.h: 
	count bandwidth in kb/sec to avoid overflows on high bandwidth.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.c, src/ocpasswd-args.h, src/ocserv-args.c,
	src/ocserv-args.h: removed auto-generated files.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/ocpasswd.c, src/str.c, src/str.h,
	src/worker-vpn.c: updated code to avoid memory leaks.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/sec-mod.c: do not ignore errors from system calls

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: autogenerate changelog prior to release

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: call setgroups() after setgid() to avoid staying with
	an unexpected group set.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def: Added pid-file command line
	option, that overrides the configured pid-file.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/ocpasswd-args.c, src/ocpasswd-args.h,
	src/ocserv-args.c, src/ocserv-args.h: reorganized file generation
	and removed auto-generated files.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: increased stack size for PAM coroutines to 64k.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac: link with libopts only if autogen is
	found. This avoids incompatibility issues with different
	autogen/libopts version.

2013-11-05  Mike Miller <mtmiller@ieee.org>

	* Makefile.am, configure.ac, src/Makefile.am: Allow linking with
	system libopts if installed

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am: removed unneeded check for gdbm

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Move ocserv to sbin

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, COPYING, src/common.c, src/common.h, src/config.c,
	src/cookies.c, src/cookies.h, src/gettime.h, src/html.c,
	src/html.h, src/icmp-ping.c, src/icmp-ping.h, src/ip-lease.c,
	src/ip-lease.h, src/ipc.h, src/log.c, src/main-auth.c,
	src/main-auth.h, src/main-config.c, src/main-misc.c,
	src/main-resume.c, src/main-user.c, src/main.c, src/main.h,
	src/ocpasswd.c, src/pam.c, src/pam.h, src/plain.c, src/plain.h,
	src/route-add.c, src/route-add.h, src/script-list.h, src/sec-mod.c,
	src/sec-mod.h, src/setproctitle.c, src/setproctitle.h, src/str.c,
	src/str.h, src/system.c, src/system.h, src/tlslib.c, src/tlslib.h,
	src/tun.c, src/tun.h, src/vpn.h, src/worker-auth.c,
	src/worker-bandwidth.c, src/worker-bandwidth.h,
	src/worker-extras.c, src/worker-misc.c, src/worker-privs.c,
	src/worker-resume.c, src/worker-tun.c, src/worker-vpn.c,
	src/worker.h: updated license information and authors

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, build-aux/config.rpath, config.h.in, configure.ac,
	gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/lib-ld.m4, gl/m4/lib-link.m4, gl/m4/lib-prefix.m4,
	m4/lib-link.m4: Added lib-link.m4 via gnulib.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/Makefile.am, src/config.c, src/gettime.h,
	src/main-auth.c, src/main-config.c, src/main-misc.c,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/str.c, src/str.h, src/vpn.h, src/worker-auth.c,
	src/worker-bandwidth.c, src/worker-bandwidth.h, src/worker-vpn.c,
	src/worker.h: Added directives to allow bandwidth limitation.

2013-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-config.c: do not fail if a configuration file is empty

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: reduced the severity of several messages.

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: more informative message

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: avoid multiple calls to time(0)

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-misc.c: added error message

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-pass-script,
	tests/test-pass-script.config: Added login-test when a connect or
	disconnect script is set.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.2.0

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/worker-auth.c: Avoid calling
	handle_script_exit() twice on user connect.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: return correct error code

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: corrected typo

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-resume.c, src/worker-auth.c, src/worker-resume.c: small
	updates

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c, src/vpn.h: Always terminate the
	worker unless he has already been dead.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h, src/worker-misc.c: Corrected behavior on error during
	receiving a UDP fd.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/main-misc.c, src/main.c, src/main.h: Avoid forwarding
	the UDP fd within a minute. That is to avoid duplicate messages
	messing the worker session.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ccan/htable/htable.c, src/ip-lease.c, src/main.h,
	src/tlslib.c: updates in hash table usage.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-iroute, tests/test-iroute.config,
	tests/user-config/test: Added test to check the application of user
	routes.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/str.c, src/str.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c, src/worker.h: Avoid many system
	calls when sending serialized data.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.h, src/main-auth.c, src/worker-auth.c: Simplified
	auth_reply transfer from main to worker.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated todo list

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/route-add.c: increased level of spawn errors.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: updated

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: do not try load configuration on empty string
	groups

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: corrected bug

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c, src/worker-auth.c,
	src/worker-resume.c: Added more debugging information.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/dup2.c, gl/getdtablesize.c, gl/m4/dup2.m4,
	gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
	gl/m4/gnulib-comp.m4, gl/m4/unistd_h.m4, gl/stdio-impl.h,
	gl/stdio.in.h, gl/unistd.in.h: updated gnulib

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-resume.c: small update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: Corrected certificate authentication.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-cert, tests/test-pass,
	tests/test-pass-cert, tests/test3.config: Added test with only a
	certificate.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/main-config.c, src/main-misc.c,
	src/main.c, src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/route-add.c, src/route-add.h, src/tun.c,
	src/vpn.h: Added the 'iroute' directive to allow routes set on
	server.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/route-add.c,
	src/route-add.h, src/vpn.h: Added commands to add and remove a
	route.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-config.c, src/main-misc.c: relocated function

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/common.c, src/common.h,
	src/config.c, src/main-config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h: Added the ipv6-prefix
	configuration option

2013-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/common.c, src/common.h, src/ip-lease.c,
	src/ip-lease.h, src/ipc.h, src/main-auth.c, src/main-config.c,
	src/main-misc.c, src/main-resume.c, src/main-user.c, src/main.c,
	src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tun.c, src/tun.h, src/vpn.h,
	src/worker-auth.c, src/worker-tun.c, src/worker-vpn.c, src/worker.h: 
	Increased the number of directives allowed in group and user
	configurations.

2013-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/Makefile.am, src/common.c,
	src/common.h, src/config.c, src/ipc.h, src/main-auth.c,
	src/main-config.c, src/main-misc.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c, src/worker.h: Allow loading
	additional configuration files per user or per group.  The directives currently allowed are: ipv4/6_dns and route.

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, config.h.in, configure.ac: bumped version

2013-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c: Configuration file parsing was modified to
	allow detecting mispellings of directives and unknown options.

2013-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: 
	Added config options 'mtu' and 'output-buffer'.

2013-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2013-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: Do not wait for
	socket to be ready when sending DTLS data.

2013-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-vpn.c: Reduce limit of output buffer on DTLS
	socket to reduce latency (following similar openconnect change).

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: corrected MTU suggestion when DTLS isn't used

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Suggest a single MTU value instead of two
	distinct for DTLS and CSTP.

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: better calculation of suggested to the peer MTU

2013-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: released 0.1.6

2013-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc update

2013-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-08-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.c, src/ocpasswd-args.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h: doc update

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/ag-char-map.h: Applied Bruce Korb's fix on unacceptable
	chars.

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/ag-char-map.h: Revert "Ignore non-ascii characters in
	configuration file." This reverts commit f7a938e5d7fd07144062ea64a6ab028cf43bb3e6.

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/ag-char-map.h: Ignore non-ascii characters in
	configuration file.  This is a quick fix for

	http://lists.infradead.org/pipermail/openconnect-devel/2013-July/001126.html

2013-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, src/Makefile.am, src/ocpasswd-args.c,
	src/ocpasswd-args.def, src/ocpasswd-args.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/version.def.in,
	src/version.inc.in: regenerate autogen'ed files when making a
	distribution.

2013-07-21  Mike Miller <mtmiller@ieee.org>

	* tests/test-pass, tests/test-pass-cert: Fix path to common.sh when
	tests run from another directory

2013-07-21  Mike Miller <mtmiller@ieee.org>

	* doc/Makefile.am: Add autogen search path to work when building out
	of the source tree

2013-07-21  Mike Miller <mtmiller@ieee.org>

	* src/ocpasswd-args.c, src/ocpasswd-args.def, src/ocpasswd-args.h: 
	Improve ocpasswd short description, re-run autogen

2013-07-21  Mike Miller <mtmiller@ieee.org>

	* src/main-resume.c, src/main.c, src/main.h: Fix typo maintainance
	-> maintenance

2013-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd.c: Ask the password twice to avoid mistakes.

2013-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.1.5

2013-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: removed debugging

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: use c_strcase in config file parsing

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/html.c: check for errors in sscanf

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, config.h.in, doc/sample.config, doc/sample.passwd,
	gl/Makefile.am, gl/c-ctype.h, gl/c-strcase.h, gl/c-strcasecmp.c,
	gl/c-strncasecmp.c, gl/fseeko.c, gl/m4/extern-inline.m4,
	gl/m4/fseeko.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/msvc-inval.c, src/Makefile.am, src/html.c, src/html.h,
	src/plain.c, src/worker-auth.c, tests/test-pass, tests/test1.passwd: 
	Added decoder for HTML-encoded and URL-encoded passwords and
	usernames.  This prevents special characters from not being recognized. Reported
	by P.H.Vos.  Also updated gnulib and added c-strncasecmp

2013-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-extras.c, src/worker-vpn.c, src/worker.h: Added
	additional handlers for requested files.

2013-07-07  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-extras.c, src/worker-vpn.c, src/worker.h: bypass
	AnyConnect client auto-update mechanism

2013-07-07  Kevin Cernekee <cernekee@gmail.com>

	* src/tlslib.c: add missing GnuTLS version checks around >= v3.2.0
	features

2013-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: use existing files

2013-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/common.sh, tests/test-pass, tests/test-pass-cert: moved
	common tests to common.sh

2013-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-pass, tests/test-pass-cert,
	tests/test1, tests/test2: renamed scripts and added additional test
	with wrong username.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, build-aux/depcomp, build-aux/test-driver,
	configure.ac, tests/Makefile.am, tests/ca-key.pem, tests/ca.pem,
	tests/common.sh, tests/server-cert.pem, tests/server-key.pem,
	tests/test1, tests/test1.config, tests/test1.passwd, tests/test2,
	tests/test2.config, tests/user-cert.pem, tests/user-key.pem: Added
	test suite that depends on openconnect.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: common check for user and group match.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.h, src/main-misc.c, src/main.h, src/pam.c: Put a
	limit in the number of allowed authentication requests, and
	increased size of stack for co-routines.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: silence warnings

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/tlslib.c: more fixes

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: automate the clang static check of code.

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: avoid deinitializing garbage

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-user.c: corrected null pointer deferences

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/tun.c: corrected dead assignments

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/cookies.h, src/main-auth.c, src/main-misc.c,
	src/main.h: better function names and parameter order

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: print proper message when changing password in PAM.

2013-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: Allow session resumption database access, and
	allow more graceful cleanup on authentication failure.

2013-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pcl/pcl_config.h: Do not need the multi-threaded version of
	PCL.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.h, src/tun.c, src/tun.h, src/vpn.h: 
	leases belong to users as well. That way IPs are properly re-used.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: cookie-db no longer exists.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: Corrected plain passwd authentication to read group
	name when needed.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: properly initialize group name in plain passwd.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: allow cookie-only authentication (fixes previously
	introduced bug)

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: disallow mixing multiple username/password
	authentication methods

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/cookies-gdbm.c,
	src/cookies-hash.c, src/cookies.c, src/cookies.h, src/ipc.h,
	src/log.c, src/main-auth.c, src/main-misc.c, src/main.c,
	src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tun.c, src/tun.h, src/vpn.h: Cookies are no
	longer persistent

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: document way to force PFS

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, INSTALL, build-aux/ar-lib, build-aux/compile,
	build-aux/depcomp, build-aux/install-sh, build-aux/missing: updated
	auto-generated scripts.

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: enable ability to change password with PAM

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: removed debugging info

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, config.h.in, configure.ac, src/Makefile.am,
	src/pcl/Makefile.am, src/pcl/pcl.c, src/pcl/pcl.h,
	src/pcl/pcl_config.h, src/pcl/pcl_private.c, src/pcl/pcl_private.h,
	src/pcl/pcl_version.c: Allow compilation without the PCL library

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.h, src/main-auth.c, src/main-auth.h, src/main.h,
	src/pam.c, src/plain.c, src/worker-auth.c: small fixes to avoid
	relying on properly null-terminated strings.

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.h: described authentication process.

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: removed debugging message

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* INSTALL, build-aux/ar-lib, build-aux/compile, build-aux/depcomp,
	build-aux/install-sh, build-aux/missing, doc/sample.config: 
	autogen'ed files update

2013-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/ipc.h, src/main-auth.c,
	src/main-auth.h, src/main-misc.c, src/main.c, src/main.h,
	src/pam.c, src/pam.h, src/plain.c, src/plain.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c, src/worker.h: Advanced auth
	implemented

2013-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Revert "Use the new type of XML" This reverts commit 2163836ad8d3ff5974a69373cfac2d7c2463f2e4.

2013-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Revert "simplified opaque handling" This reverts commit 0af9c45e8c0bca97673f80f63ac73b77f8a23a13.

2013-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: simplified opaque handling

2013-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Use the new type of XML

2013-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/pam.c, src/pam.h: set PAM_RHOST variable
	using the clients's IP.

2013-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* INSTALL, NEWS, build-aux/ar-lib, build-aux/compile,
	build-aux/depcomp, build-aux/install-sh, build-aux/missing,
	configure.ac: bumped version

2013-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-vpn.c: ensure that the actual reads on DTLS are
	at maximum MTU-1.

2013-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: bumped version

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/tlslib.c, src/tlslib.h, src/worker-vpn.c: corrected
	values returned in X-CSTP-MTU and X-DTLS-MTU

2013-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/vpn.h, src/worker-extras.c,
	src/worker-vpn.c, src/worker.h: Removed ability to send binary
	files.

2013-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use X-SALSA20 to avoid any future conflicts

2013-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-extras.c: keep the connection alive

2013-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-extras.c: do not try to send binaries if no path is
	setup

2013-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def, src/worker-extras.c, src/worker-vpn.c,
	src/worker.h: reorganized compatibility layer

2013-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/Makefile.am, src/config.c,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/vpn.h, src/worker-extras.c, src/worker-vpn.c, src/worker.h: 
	Allow downloading raw files from 1/binaries

2013-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: use gnutls_privkey_sign_hash() when available.

2013-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: Check X-CSTP-Address-Type and
	don't send addresses that were not requested.

2013-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: Added gettimeofday in the list of syscalls

2013-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: updated seccomp code

2013-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: more verbose printing of signal deaths

2013-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: simplified seccomp check

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/str.c, src/worker-vpn.c: use strtok() to parse client provided
	string.

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: require gnutls 3.2.1 to enable salsa20

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/m4/libopts.m4: relax check on requirement on headers for
	libopts.

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/gettime.h: Added missing file

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: updated header

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* LICENSE: updated license information

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, src/main-user.c: emulate gettime

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/c-ctype.c, gl/c-ctype.h, gl/cloexec.c,
	gl/cloexec.h, gl/close.c, gl/dup2.c, gl/errno.in.h, gl/fcntl.c,
	gl/fcntl.in.h, gl/fd-hook.c, gl/fd-hook.h, gl/fseek.c, gl/fseeko.c,
	gl/fstat.c, gl/getdelim.c, gl/getdtablesize.c, gl/getline.c,
	gl/getpass.c, gl/getpass.h, gl/gettime.c, gl/gettimeofday.c,
	gl/lseek.c, gl/m4/clock_time.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/gettime.m4, gl/m4/gettimeofday.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/sys_socket_h.m4,
	gl/m4/sys_time_h.m4, gl/m4/timespec.m4, gl/malloc.c, gl/memchr.c,
	gl/memmem.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h,
	gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/realloc.c,
	gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
	gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h, gl/strdup.c,
	gl/string.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/sys_types.in.h, gl/time.in.h, gl/timespec.c, gl/timespec.h,
	gl/unistd.in.h: updated gnulib

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc fix

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: do not restrict worker's memory

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: estream ciphersuite was given priority

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: increased priority

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: print DTLS ciphersuite

2013-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, TODO: doc update

2013-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/str.c, src/str.h: added missing files.

2013-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/m4/libopts.m4: configure proceeds if regex library isn't
	found

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: corrected cipher names

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: Allow for a ciphersuite
	negotiation

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: small fixes

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/main.h, src/worker-vpn.c, src/worker.h: 
	reorganized HTTP header reading.

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: corrected typo

2013-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2013-05-16  Faidon Liambotis <paravoid@debian.org>

	* src/worker-privs.c, src/worker-vpn.c: Make seccomp failures
	non-fatal & lower log prio Building a binary with --enable-seccomp and then running it on a <
	3.5 kernel, results in seccomp_load() failing and ocserv's worker
	process aborting. This might be okay-ish for users who ./configure
	&& make install on their own systems but it's obviously non-ideal
	for e.g.  distributions that need to distribute binaries.  Unfortunately there doesn't seem to be a good way (that I could
	find) to check if the running kernel has seccomp -- uname/uts isn't
	a good solution as Ubuntu has backported it to 3.2, custom kernels
	might have CONFIG_SECCOMP=n etc.  So, this makes a tradeoff call and removes the exit_worker() call on
	seccomp failures, lowers the seccomp error logs to LOG_DEBUG from
	LOG_WARNING and the "could not disable system calls" to LOG_INFO
	from LOG_ERR.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-05-16  Faidon Liambotis <paravoid@debian.org>

	* src/worker-privs.c: Workaround libseccomp bug & fix error handling libseccomp has a bug where -EDOM is returned when seccomp_rule_add
	is called for pseudo system calls (i.e. < -99). This was triggered
	by adding the send() system call on my x86_64 machine. The bug seems
	to have been recently (May 7th, 2013) reported and fixed on
	libseccomp upstream but it will take a while to find its way to a
	release and distributions.  Additionally, there was a bug on how libseccomp calls were error
	handled: libseccomp functions don't actually set errno, but set
	errno values in their return value instead. This resulted in the
	seccomp_rule_add call above to print "could not add send to seccomp
	filter: Success".  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: fixed length checks

2013-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: check for children cleanup prior to checking for
	termination.  That allows to quickly terminate after the secmod death is detected.

2013-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated example

2013-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/http-parser/http_parser.c: use gnulib's ctype

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/m4/libopts.m4: do not check for a working libregex if it
	is disabled

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac: bumped version

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: check for setproctitle

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/c-ctype.c, gl/c-ctype.h: added missing files

2013-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : design update

2013-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: 
	Added X-CSTP-Default-Domain option.

2013-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/die.c, src/die.h, src/main-misc.c,
	src/main-resume.c, src/main-user.c, src/main.c, src/sec-mod.c,
	src/system.c, src/system.h, src/worker-vpn.c: Use sigaction() to
	have a consistent behavior across systems for signals.

2013-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated TODO

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, doc/profile.xml, doc/sample.config,
	gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/sys_time.in.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tlslib.c, src/worker-auth.c,
	src/worker-vpn.c: Updates for cisco's client.

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: corrected bug in anyconnect compat

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/icmp-ping.c: verify the ICMP IDs prior to checking response.

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/icmp-ping.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h: Added config file
	option ping-leases.

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd.c: corrected bug which prevented ocpasswd adding more
	than a single user.

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/ocpasswd-args.c, src/ocpasswd-args.def,
	src/ocpasswd-args.h: updated ocpasswd doc

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: make ocpasswd manpage

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.c, src/ocpasswd-args.def, src/ocpasswd-args.h,
	src/ocpasswd.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: Updated autogen generated files, and added more
	options to ocpasswd.  ocpasswd now accepts the --lock and --unlock options and accepts the
	username as the last argument.

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, libopts/COPYING.gplv3, libopts/COPYING.lgplv3,
	libopts/Makefile.am, libopts/README, libopts/ag-char-map.h,
	libopts/alias.c, libopts/ao-strs.c, libopts/ao-strs.h,
	libopts/autoopts.c, libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/project.h, libopts/autoopts/usage-txt.h,
	libopts/boolean.c, libopts/check.c, libopts/compat/compat.h,
	libopts/compat/pathfind.c, libopts/compat/snprintf.c,
	libopts/compat/strchr.c, libopts/compat/strdup.c,
	libopts/compat/windows-config.h, libopts/configfile.c,
	libopts/cook.c, libopts/enum.c, libopts/env.c, libopts/file.c,
	libopts/find.c, libopts/genshell.c, libopts/genshell.h,
	libopts/gettext.h, libopts/init.c, libopts/libopts.c,
	libopts/load.c, libopts/m4/libopts.m4, libopts/m4/liboptschk.m4,
	libopts/makeshell.c, libopts/nested.c, libopts/numeric.c,
	libopts/option-value-type.c, libopts/option-value-type.h,
	libopts/option-xat-attribute.c, libopts/option-xat-attribute.h,
	libopts/parse-duration.c, libopts/parse-duration.h,
	libopts/pgusage.c, libopts/proto.h, libopts/putshell.c,
	libopts/reset.c, libopts/restore.c, libopts/save.c, libopts/sort.c,
	libopts/stack.c, libopts/streqvcmp.c, libopts/text_mmap.c,
	libopts/time.c, libopts/tokenize.c, libopts/usage.c,
	libopts/version.c: updated libopts

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, config.h.in, configure.ac, src/Makefile.am,
	src/icmp-ping.c, src/icmp-ping.h, src/log.c, src/tun.c, src/vpn.h: 
	Prior to leasing an IPv4 ping it to check if it is already in use.

2013-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: read device name in FreeBSD

2013-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/Makefile.am, src/cookies-gdbm.c, src/cookies.c,
	src/die.c, src/die.h, src/main-misc.c, src/main-user.c, src/main.c,
	src/pam.c, src/setproctitle.c, src/setproctitle.h, src/tun.c,
	src/vpn.h: several updates to allow compilation on FreeBSD

2013-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: updated
	doc

2013-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* LICENSE, Makefile.am: Added license file

2013-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: removed session
	ticket support

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, TODO: doc update

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker.h: removed unused variable

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-vpn.c, src/worker.h: MTU discovery simplified

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: MTU handling updates

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c: clear any lists prior to running sec
	mod

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Revert "run sec mod earlier to save memory" This reverts commit a8152e8c59fb7007b9dee5718bcb46f55b3d0e68.

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: when debugging do not set memory limits

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: run sec mod earlier to save memory

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: deinitialize memory taken by configuration parser.

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: disable dh-params by default

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: 
	doc update

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: added dh-params option into sample file

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: make clear that anyconnect compat layer is
	experimental

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/main-resume.c, src/sec-mod.c, src/tlslib.c: 
	depend on gnutls 3.1.10

2013-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: updated
	doc

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: use quotes when printing password file

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: cookies are overwritten prior to fork

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: Added anyconnect options to sample config

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: updated

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: readjusted log levels

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: reduce MTU on mtu failure in a less steep way

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: changed level of messages

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/ocserv-args.c, src/ocserv-args.h: consider
	chroot environment when creating socket file.

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def, src/sec-mod.c: simplified umask

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c, src/sec-mod.c, src/sec-mod.h,
	src/tlslib.c: updates in unix socket creation

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing file

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: use pkcs11_reinit() only when defined.

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: adjust buffer size if needed.

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: consider TCP MSS in MTU
	calculations.

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: set certain limits on the worker process using
	setrlimit()

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c, src/plain.c: Added copyright headers

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ccan/list/list.c, src/http-parser/http_parser.c: include
	config.h in all files

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: reinitialize PKCS #11 modules after fork

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c, src/tlslib.c: combine writes to a single system
	call.

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: updated syscall list in seccomp

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, TODO, configure.ac, doc/Makefile.am,
	doc/sample.config, doc/sample.passwd, src/Makefile.am,
	src/common.c, src/common.h, src/config.c, src/main-misc.c,
	src/main.c, src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sec-mod.c, src/sec-mod.h, src/tlslib.c,
	src/tlslib.h, src/vpn.h, src/worker-tun.c, src/worker-vpn.c: The TLS
	private keys are kept into a privileged process.  That process is called security-module (sec-mod) and communicates
	with the workers using a unix domain socket.

2013-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: Always send the provided password to PAM irrespective
	of the prompt.

2013-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, TODO, config.h.in, configure.ac,
	gl/Makefile.am, gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/getpass.c,
	gl/getpass.h, gl/lseek.c, gl/m4/fseek.m4, gl/m4/fseeko.m4,
	gl/m4/fstat.m4, gl/m4/getpass.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/largefile.m4, gl/m4/lseek.m4,
	gl/m4/minmax.m4, gl/m4/strdup.m4, gl/m4/sys_stat_h.m4,
	gl/m4/sys_types_h.m4, gl/malloc.c, gl/minmax.h, gl/stdio-impl.h,
	gl/strdup.c, gl/sys_stat.in.h, gl/unistd.in.h, src/Makefile.am,
	src/ocpasswd-args.c, src/ocpasswd-args.def, src/ocpasswd-args.h,
	src/ocpasswd.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/plain.c, src/vpn.h: crypt(3) is used in the
	plain password file.  In addition, ocpasswd program was added to generate password file
	entries.

2013-03-14  Nikos Mavrogiannopoulos <nikos@esat.kuleuven.be>

	* src/Makefile.am, src/ocpasswd.c, src/plain.c: Added ocpasswd

2013-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/sample.config, doc/scripts/ocserv-down,
	doc/scripts/ocserv-script, doc/scripts/ocserv-up: Updated sample
	script.

2013-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/log.c, src/main-auth.c, src/main-misc.c,
	src/main-user.c, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/script-list.h,
	src/tun.c, src/worker-auth.c: Do not let scripts block the server
	operation.

2013-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, build-aux/snippet/_Noreturn.h, config.h.in,
	doc/sample.config, gl/Makefile.am, gl/errno.in.h, gl/getdelim.c,
	gl/getline.c, gl/m4/errno_h.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/malloc.m4,
	gl/m4/realloc.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
	gl/realloc.c, gl/stdio.in.h, gl/stdlib.in.h, gl/unistd.in.h,
	src/Makefile.am, src/config.c, src/main-auth.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/plain.c, src/plain.h,
	src/vpn.h: Added plain password format

2013-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: small doc updates

2013-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/tlslib.c, src/tlslib.h, src/worker-vpn.c: enable session
	tickets.

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: manual page moved to section 8

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tlslib.c, src/vpn.h: Added ability to specify
	multiple certificate and key pairs.

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tlslib.c, src/tlslib.h, src/vpn.h: Allow
	setting DH parameters.

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: check the server certificate prior to initialization

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: Added sanity check on certificate and key reading.

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: Exit when mandatory configuration options are not
	present

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: rate-limit-ms is no longer mandatory to set

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: updated
	doc

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.0.2

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: updated text

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: seccomp is disabled by default

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tlslib.c, src/vpn.h: Allow setting OCSP
	responses.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-tun.c: corrected advertized address

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: small optimizations

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: unified POST
	handlers, and auto-detect xml content

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: corrected check for banned entries

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Eliminated memory leaks on lists.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/main-auth.c,
	src/main-misc.c, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h: Allow setting a
	reconnection delay time after a failed authentication attempt (added
	min-reauth-time option).

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Allow longer sleeps than a second.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : corrected typo

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h: Allow setting a
	rate limit on the number of connections.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated doc

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: do not link against 3.1.7 or 8 version of gnutls.

2013-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c: Anyconnect client compatibility
	is optional.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: simplified certificate request and require setting.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-tun.c: fix the 'local' keyword in DNS server
	settings.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: corrected cert require rule

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/tlslib.c, src/vpn.h,
	src/worker-auth.c, src/worker.h: Added option to allow sending a
	cookie without the corresponding certificate.  This option is required for the cisco clients, that do not always
	use the client certificate. When this option is set to false it
	means that the cookie itself is sufficient for authentication. This
	is bad practice of smart cards are in use.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use chdir prior to chroot.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/profile.xml, doc/sample.config,
	src/Makefile.am, src/config.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/tlslib.c, src/tlslib.h,
	src/vpn.h, src/worker-auth.c, src/worker-vpn.c: Several updates to
	handle URLs requested by the cisco client.

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: Send correct
	replies.

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Added title into success message

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: always set max-age

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/vpn.h, src/worker-auth.c: include banner in the
	XML success message.

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: ocserv.1 built is optional

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: more verbose in client methods

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-02-26  Jason Cooper <jason@lakedaemon.net>

	* configure.ac, doc/Makefile.am, src/Makefile.am: warn if autogen
	isn't installed Signed-off-by: Jason Cooper <jason@lakedaemon.net>

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: Banner was made
	configurable.

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-resume.c: log message updates

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Added timeout to handshake().

2013-02-26  Jason Cooper <jason@lakedaemon.net>

	* .gitignore, doc/ocserv.1: doc/ocserv.1 is generated, don't track
	it Signed-off-by: Jason Cooper <jason@lakedaemon.net>

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: message updates

2013-02-26  Jason Cooper <jason@lakedaemon.net>

	* .gitignore, Makefile.am, configure.ac: add cscope/ctags make
	targets Newcomers to the code often use these tools to learn their way
	around.  Integrate them into the build so that we don't accidentally
	track their files.  Signed-off-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-02-26  Jason Cooper <jason@lakedaemon.net>

	* src/main.c: main: check return of daemon() Signed-off-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: remove Werror from automake flags

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/main.c: updated

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* autogen.sh: Added autogen file.

2013-02-25  Jason Cooper <jason@lakedaemon.net>

	* .gitignore, aclocal.m4: don't track aclocal.m4, it's a generated
	file Signed-off-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/Makefile.am, src/main.c: Added
	support for TCP wrappers (libwrap)

2013-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Added some more CSTP headers

2013-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: 
	Allow setting NBNS.

2013-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented update

2013-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated installation instructions

2013-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: depend on automake 1.11.3

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: more complete
	http body handling

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: better initialization of req.

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* aclocal.m4, build-aux/ar-lib, configure.ac: Added AM_PROG_AR to
	keep automake-1.12 happy. Reported by David Woodhouse.

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Corrected issue with openconnect <= 4.00.
	Reported by Mike Miller.

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Fix out-of-source tree build. Patch by Mike
	Miller.

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, doc/ocserv.1, doc/sample.config, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h: doc update

2013-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: small update

2013-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: small update

2013-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: updated manual

2013-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: added news

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: updates in DPD handling When have not received DPD for long try sending instead of
	immediately failing.  Also treat any received message as DPD to
	prevent kicking an active client.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: DPD_TRIES was defined and increased to 5 from 3

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: small optimizations

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated sample config

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: updated

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: print the DPD time.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/main.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/worker-misc.c: when receive a new UDP
	session, forward the fd and replace the old.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/tlslib.c: simplified TLS file load and reload.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h: Load PINs early.

2013-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/config.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/tlslib.c, src/vpn.h: 
	Added configuration options for PIN files.

2013-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: print debugging
	information on the received HTTP headers

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: 
	mtu discovery via DPD is optional

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, configure.ac, doc/ocserv.1, src/Makefile.am,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/version.def.in: Added version.def.in

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: updated
	bug report address

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-gdbm.c, src/cookies-hash.c, src/main-auth.c: when
	restoring a cookie connection, extend the lifetime of the cookie.

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, doc/sample.config, src/tlslib.c, src/worker-vpn.c,
	src/worker.h: Added some kind of path MTU discovery using DPD.

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: simplified messages

2013-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c, src/main-resume.c: better log messages

2013-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c, src/main-resume.c, src/tlslib.h: Enable
	maintainance when maximum TLS sessions have been reached. Set more
	sane defaults for max sessions.

2013-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c, src/main.c, src/main.h: When the cookie DB is
	full enforce maintainance.

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/tun.c: simplified (and corrected) TUN device
	creation and re-use

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: postpone usage of cork and uncork

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: corrected typo

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: simplified main loop

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c: reduced the default hash table size.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: Added missing ioctl().

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: Allow NULL PAM auth token. This would allow to have
	password authentication on certain users that have a certificate.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/ocserv.1, doc/scripts/ocserv-down,
	doc/scripts/ocserv-up, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: Added example scripts and updated documentation.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/sample.config: Added missing files

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/main-auth.c, src/main-user.c,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: Simplify
	script calling by using the environment

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: quit if no TCP port is available.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/main.h, src/tlslib.c: write the
	correct PID in pid file

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/config.c, src/cookies.h, src/ipc.h,
	src/main-auth.c, src/main-misc.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/pam.c, src/pam.h,
	src/vpn.h, src/worker-auth.c: Use PAM account management and added
	support for user groups.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README, configure.ac, src/config.c, src/log.c,
	src/main.c, src/main.h, src/tlslib.c, src/tlslib.h, src/vpn.h,
	src/worker-tun.c, src/worker-vpn.c: HUP signal reloads configuration

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config: Updated documentation

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use common function to exit

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/tun.h, src/worker-auth.c, src/worker-tun.c,
	src/worker-vpn.c: small updates

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/Makefile.am, src/worker-privs.c,
	src/worker-vpn.c, src/worker.h: Added support for seccomp (untested)

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c, src/main.h, src/worker-misc.c: 
	connect occurs before sending the fd to worker.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: set time to entry only when writing the WTMP file

2013-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: corrected definition

2013-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c: DTLS-Rekey time is set to be
	the 2/3 of cookie validity

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-gdbm.c, src/main.c: fork moved to gdbm backend
	expiration

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath: added missing file

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: better set socket options

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: Write wtmp file if possible.

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c, src/main-misc.c, src/main.c: increased cookie
	hash table size and better cleanup resources on errors

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-gdbm.c, src/cookies-hash.c, src/cookies.c,
	src/cookies.h, src/main.c, src/sample.config: erase cookie data
	before forking to unprivileged process.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: when expiring stuff, do it on the main process unless
	we use gdbm.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-auth.c, src/main-misc.c, src/main.h,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/sample.config, src/vpn.h: enforce maximum number of same clients

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: Set a default config file.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config: Added PID file

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main-resume.c, src/ocserv-args.c,
	src/ocserv-args.h, src/worker-misc.c, src/worker-vpn.c,
	src/worker.h: small reorganization

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: Added OID examples

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: ignore certificate in DTLS session

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: more explicit debug messages.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: do not require certificate on DTLS session

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main.c: simplified logging in debug mode

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, aclocal.m4, config.h.in, configure.ac,
	m4/lib-link.m4, src/config.c, src/log.c, src/main-auth.c,
	src/main-user.c, src/main.c, src/pam.c, src/tlslib.c, src/tun.c: 
	Several changes to compile on old linux kernels, and in constrained
	libgnutls libraries

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: kick out the peer if non DPD
	packets are received for 3x the DPD time

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Ignore non-fatal DTLS errors.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/setproctitle.c, src/setproctitle.h: Use a compatible with
	BSD's setproctitle.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: changes in debugging messages

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: Added wait_fd state in UDP channel

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/setproctitle.c, src/setproctitle.h: used a more
	sane setproctitle

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/main.c, src/setproctitle.c,
	src/setproctitle.h: set process title

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* COPYING: added license

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/ipc.h, src/main-auth.c, src/main-misc.c,
	src/main.h, src/worker-auth.c, src/worker-misc.c, src/worker-tun.c,
	src/worker-vpn.c, src/worker.h: MTU is now set via the main server

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config, src/vpn.h, src/worker-vpn.c: 
	Added configurable DPD

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-vpn.c: explicitly close the logging
	subsystem

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/worker-tun.c, src/worker-vpn.c, src/worker.h: 
	separated tun handling code from main worker code.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: correctly send termination signal to peer

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-vpn.c: added a more graceful termination of
	workers.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-gdbm.c, src/cookies-hash.c, src/cookies.h,
	src/main-auth.c, src/main.c, src/main.h, src/worker-vpn.c: several
	updates in cookies, and tun handling.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: fixes for newer gnutls

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: set tun device MTU based on minimum MTU of DTLS
	and TLS.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sample.config: sample config uses cookie DB

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.h, src/tlslib.c, src/tlslib.h,
	src/worker-auth.c, src/worker-vpn.c: use gnutls cork() and uncork()
	when available

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/main.h, src/ocserv-args.def, src/sample.config,
	src/tlslib.c, src/tlslib.h, src/vpn.h, src/worker.h: cleaned up TLS
	code which was moved to tlslib

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: mtu cleanups

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/Makefile.am, src/config.c,
	src/cookies-gdbm.c, src/cookies-hash.c, src/cookies.c,
	src/cookies.h, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/vpn.h: gdbm was re-added and made optional.

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, src/sample.config: updated readme

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : updated

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h, src/worker-vpn.c, src/worker.h: Honour client's MTU
	choice.

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: removed warning

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : Added a description of the server

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, src/config.c, src/ipc.h, src/log.c, src/main-auth.c,
	src/main-resume.c, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/tun.c, src/tun.h, src/vpn.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: Use a single UDP port in the server.  Several modifications to use a single UDP port in the server. This
	is currently done using a hack, i.e., pass the UDP socket to worker,
	close it on the main server and then re-open it (using REUSEADDR).  Also several updates in TUN handling to allow more than one clients
	connecting.

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: removed unneeded warning

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/config.c, src/cookies.c,
	src/cookies.h, src/main-auth.c, src/main.c, src/main.h,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/sample.config, src/tlslib.c, src/tlslib.h, src/vpn.h: dropped
	dependency on gdbm. Cookies are stored in a hash.

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: corrected issue in utmp

2013-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed uneeded text

2013-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/main-auth.c,
	src/main-script.c, src/main-user.c, src/main.c, src/main.h,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/sample.config, src/vpn.h: Added explicit logging to UTMP file.

2013-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, gl/Makefile.am, gl/hash-pjw-bare.c,
	gl/hash-pjw-bare.h, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	src/Makefile.am, src/ccan/build_assert/build_assert.h,
	src/ccan/check_type/check_type.h,
	src/ccan/container_of/container_of.h, src/ccan/hash/hash.c,
	src/ccan/hash/hash.h, src/ccan/htable/htable.c,
	src/ccan/htable/htable.h, src/ccan/htable/htable_type.h,
	src/ccan/licenses/BSD-MIT, src/ccan/licenses/CC0,
	src/ccan/licenses/LGPL-2.1, src/ccan/list/list.c,
	src/ccan/list/list.h, src/hash.h, src/hashtable.h, src/list.h,
	src/main-auth.c, src/main-resume.c, src/main-script.c, src/main.c,
	src/main.h, src/tlslib.c, src/tlslib.h, src/tun.c, src/tun.h: Use
	CCAN hashes and lists.

2013-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: added fixme

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/log.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/vpn.h, src/worker-auth.c, src/worker-vpn.c: 
	corrected DTLS packet handling.

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.h, src/log.c, src/main.c, src/main.h, src/tlslib.h,
	src/vpn.h, src/worker-resume.c, src/worker.h: reorganized headers

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.h, src/ipc.h, src/main-auth.c, src/main-script.c,
	src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config, src/worker-auth.c: store
	hostname of the user, and pass it to scripts.

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: reply to the correct interface

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config, src/vpn.h, src/worker-vpn.c: 
	changes to enable VPN functionality.

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: be less verbose about children dying

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-script.c, src/main.h: call connect
	script with explicit lease

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h, src/worker-vpn.c: Send X-CSTP-Version and read
	hostname.

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/tlslib.c, src/tlslib.h, src/tun.h: deinitialize
	the TLS cache prior to fork

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: depend on the correct gnutls version

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing files

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/cookies.h, src/ipc.h, src/main.c: simplified
	call to expire cookies

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, TODO, aclocal.m4, config.h.in: updated

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Check for root permissions after parsing command line

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-script.c, src/main.c, src/tun.c: use close-on-exec flag
	on fds

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/cloexec.c, gl/cloexec.h, gl/close.c,
	gl/dup2.c, gl/fcntl.c, gl/fcntl.in.h, gl/fd-hook.c, gl/fd-hook.h,
	gl/getdtablesize.c, gl/m4/close.m4, gl/m4/dup2.m4,
	gl/m4/fcntl-o.m4, gl/m4/fcntl.m4, gl/m4/fcntl_h.m4,
	gl/m4/getdtablesize.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/off_t.m4, gl/m4/ssize_t.m4, gl/m4/stdbool.m4,
	gl/m4/sys_types_h.m4, gl/m4/unistd_h.m4, gl/msvc-inval.c,
	gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
	gl/stdbool.in.h, gl/sys_types.in.h, gl/unistd.c, gl/unistd.in.h: 
	added cloexec module

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-script.c, src/main.c, src/main.h: clear all fds and mem
	prior to exec

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/main-auth.c,
	src/main-script.c, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/vpn.h: Added connect and disconnect scripts

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: handle disconnections

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: print the pid of dying processes

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-resume.c: removed debugging info

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-resume.c, src/main.c, src/main.h, src/sample.config,
	src/tlslib.c, src/tlslib.h, src/worker-vpn.c: Added automatic TLS
	session expiration.

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-resume.c, src/worker-resume.c: reduce
	the number of data exchanged during a resumption.

2013-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Added missing file

2013-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, gl/Makefile.am, gl/hash-pjw-bare.c,
	gl/hash-pjw-bare.h, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/stdint.in.h, gl/sys_time.in.h, src/Makefile.am, src/hash.h,
	src/hashtable.h, src/ipc.h, src/list.h, src/main-auth.c,
	src/main-resume.c, src/main.c, src/main.h, src/tlslib.c,
	src/tlslib.h, src/vpn.h, src/worker-auth.c, src/worker-auth.h,
	src/worker-resume.c, src/worker-vpn.c, src/worker.h: Added session
	resumption to TLS server.

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: updated

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: updated config.h.in

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: use the full certificate DN if no username is
	set

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/vpn.h, src/worker-vpn.c: Added some primitive
	mtu handling

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/gettime.c, gl/gettimeofday.c, gl/m4/clock_time.m4,
	gl/m4/extern-inline.m4, gl/m4/gettime.m4, gl/m4/gettimeofday.m4,
	gl/m4/sys_socket_h.m4, gl/m4/sys_time_h.m4, gl/m4/time_h.m4,
	gl/m4/timespec.m4, gl/sys_time.in.h, gl/time.in.h, gl/timespec.c,
	gl/timespec.h: Added missing files

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/cookies.c, src/vpn.h: better name for db_file

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.h, src/main-auth.c, src/vpn.h, src/worker-auth.c,
	src/worker-auth.h: master secret doesn't need to be generated by the
	server

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/sample.config, src/vpn.h: set a
	maximum number of clients

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/sample.config: set a default priority string if
	not set.

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, src/worker-vpn.c: cleanups

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, aclocal.m4, gl/Makefile.am, gl/dummy.c,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, src/config.c,
	src/cookies.h, src/main-auth.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/vpn.h, src/worker-auth.c, src/worker-auth.h, src/worker-vpn.c: 
	Fixed UDP side.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-vpn.c: Allow a graceful shutdown.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.h, src/worker-vpn.c: Allow worker to received
	asynchronous commands from main.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/sample.config: chroot worker process

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing file

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: Added todo

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/Makefile.am, src/main-auth.c,
	src/pam.c, src/pam.h: Added PAM authentication.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/cookies.c, src/cookies.h,
	src/log.c, src/main-auth.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/tun.c, src/vpn.h, src/worker-auth.c, src/worker-auth.h,
	src/worker-vpn.c: several updates and fixes in auth

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/cookies.h, src/http_auth.c,
	src/http_auth.h, src/main.c, src/tun.c, src/vpn.c, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c: better file structure

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: silence background operation

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: notify that root access is required

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: daemonize

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config: small updates. Added sample
	configuration.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main.c, src/vpn.c: Associate a gnutls session with
	the worker state ptr.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h: Read
	configuration file

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.c: make local option work

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, build-aux/compile: Added compile

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, Makefile.am, aclocal.m4, config.h.in, configure.ac,
	libopts/COPYING.gplv3, libopts/COPYING.lgplv3,
	libopts/COPYING.mbsd, libopts/MakeDefs.inc, libopts/Makefile.am,
	libopts/README, libopts/ag-char-map.h, libopts/alias.c,
	libopts/ao-strs.c, libopts/ao-strs.h, libopts/autoopts.c,
	libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/project.h, libopts/autoopts/usage-txt.h,
	libopts/boolean.c, libopts/check.c, libopts/compat/compat.h,
	libopts/compat/pathfind.c, libopts/compat/snprintf.c,
	libopts/compat/strchr.c, libopts/compat/strdup.c,
	libopts/compat/windows-config.h, libopts/configfile.c,
	libopts/cook.c, libopts/enum.c, libopts/env.c, libopts/file.c,
	libopts/find.c, libopts/genshell.c, libopts/genshell.h,
	libopts/libopts.c, libopts/load.c, libopts/m4/libopts.m4,
	libopts/m4/liboptschk.m4, libopts/makeshell.c, libopts/nested.c,
	libopts/numeric.c, libopts/parse-duration.c,
	libopts/parse-duration.h, libopts/pgusage.c, libopts/proto.h,
	libopts/putshell.c, libopts/reset.c, libopts/restore.c,
	libopts/save.c, libopts/sort.c, libopts/stack.c,
	libopts/streqvcmp.c, libopts/text_mmap.c, libopts/time.c,
	libopts/tokenize.c, libopts/usage.c, libopts/value-type.c,
	libopts/value-type.h, libopts/version.c, libopts/xat-attribute.c,
	libopts/xat-attribute.h, src/Makefile.am, src/config.c, src/main.c,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/vpn.h: use autogen for command line options

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/http_auth.c, src/main.c, src/vpn.c, src/vpn.h: better notation

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.c: Allow a certain number of requests to the HTTP server

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/cookies.h, src/http_auth.c, src/http_auth.h,
	src/log.c, src/main.c, src/vpn.c, src/vpn.h: server_st -> worker_st

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: bring up tun interface

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: initialize memory

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/http_auth.c, src/main.c, src/tun.c,
	src/tun.h, src/vpn.c, src/vpn.h: Provide client with normal leased
	IPs.

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main.c, src/tun.c, src/tun.h, src/vpn.h: use const

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/vpn.c, src/vpn.h: main server keeps list of client
	IPs

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* main.c, src/http_auth.c, src/main.c, src/tun.c, src/tun.h,
	src/vpn.c, src/vpn.h: updated

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/main.c, src/tun.c, src/tun.h: separated tun
	code from main

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, build-aux/snippet/arg-nonnull.h,
	build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h: Added
	missing files

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/auth.c, src/auth.h,
	src/http_auth.c, src/http_auth.h, src/main.c, src/vpn.c, src/vpn.h: 
	updated server.

2013-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* main.c: Added missing file

2013-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* root/index.xml, root/login.xml, src/auth.c, src/auth.h, src/vpn.c: 
	Fixed connection issue with new openconnect client.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, src/main.c, src/vpn.c: small fixes

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/main.c, src/vpn.h: Allow dropping privileges

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/vpn.c: set configured addresses to tun device.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth.c, src/tlslib.h, src/vpn.c: tls_print -> tls_puts to
	distinguish from printf

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth.c, src/auth.h, src/main.c, src/vpn.c, src/vpn.h: 
	preliminary configuration for networks.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/auth.c, src/common.h, src/cookies.c,
	src/log.c, src/main.c, src/tlslib.c, src/vpn.c, src/vpn.h: Added
	internal logging subsystem.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, AUTHORS, COPYING, ChangeLog, INSTALL, Makefile,
	Makefile.am, NEWS, README, aclocal.m4, build-aux/depcomp,
	build-aux/install-sh, build-aux/missing, config.h.in, configure.ac,
	gl/Makefile.am, gl/dummy.c, gl/m4/00gnulib.m4, gl/m4/extensions.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/include_next.m4,
	gl/m4/longlong.m4, gl/m4/memchr.m4, gl/m4/memmem.m4,
	gl/m4/mmap-anon.m4, gl/m4/multiarch.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/string_h.m4, gl/m4/warn-on-use.m4,
	gl/m4/wchar_t.m4, gl/memchr.c, gl/memchr.valgrind, gl/memmem.c,
	gl/stddef.in.h, gl/stdint.in.h, gl/str-two-way.h, gl/string.in.h,
	src/Makefile.am, src/auth.c, src/cookies.c, src/main.c,
	src/tlslib.c, src/vpn.c: Added automake/autoconf system

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* auth.c, auth.h, common.h, cookies.c, cookies.h,
	http-parser/http_parser.c, http-parser/http_parser.h, list.h,
	main.c, src/auth.c, src/auth.h, src/common.h, src/cookies.c,
	src/cookies.h, src/http-parser/http_parser.c,
	src/http-parser/http_parser.h, src/list.h, src/main.c,
	src/tlslib.c, src/tlslib.h, src/vpn.c, src/vpn.h, tlslib.c,
	tlslib.h, vpn.c, vpn.h: Moved sources

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* vpn.c, vpn.h: better handling of headers.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* auth.c, cookies.h, main.c, vpn.h: extract username from
	certificate.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* vpn.c: removed unused code

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile, auth.c, auth.h, common.h, cookies.c, cookies.h,
	http-parser/http_parser.c, http-parser/http_parser.h, list.h,
	main.c, root/index.xml, root/login.xml, server.c, tlslib.c,
	tlslib.h, vpn.c, vpn.h: updated server

2013-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile: a.out -> server Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile, server.c: updated for gnutls Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-01-04  David Woodhouse <David.Woodhouse@intel.com>

	* Initial import of test hack Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

