Mailinglist Archive: opensuse-commit (1903 mails)

< Previous Next >
commit ocserv for openSUSE:Factory
Hello community,

here is the log from the commit of package ocserv for openSUSE:Factory checked
in at 2019-04-26 22:54:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ocserv (Old)
and /work/SRC/openSUSE:Factory/.ocserv.new.5536 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ocserv"

Fri Apr 26 22:54:40 2019 rev:10 rq:697985 version:0.12.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes 2019-01-25
22:45:38.191060617 +0100
+++ /work/SRC/openSUSE:Factory/.ocserv.new.5536/ocserv.changes 2019-04-26
22:54:41.921305525 +0200
@@ -1,0 +2,11 @@
+Tue Apr 23 09:08:03 UTC 2019 - Michael Du <duyizhaozj321@xxxxxxxxx>
+
+- Update to version 0.12.3:
+ * Fixed crash when no DTLS ciphersuite is negotiated.
+ * Fixed crash happening arbitrarily depending on handled string
+ sizes (#197).
+ * Fixed compatibility issue with GnuTLS 3.3.x (#201).
+ * occtl: print the TLS session information, even if the DTLS
+ channel is not established.
+
+-------------------------------------------------------------------

Old:
----
ocserv-0.12.2.tar.xz

New:
----
ocserv-0.12.3.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ocserv.spec ++++++
--- /var/tmp/diff_new_pack.ZgqHTY/_old 2019-04-26 22:54:42.469305173 +0200
+++ /var/tmp/diff_new_pack.ZgqHTY/_new 2019-04-26 22:54:42.473305170 +0200
@@ -17,7 +17,7 @@


Name: ocserv
-Version: 0.12.2
+Version: 0.12.3
Release: 0
Summary: OpenConnect VPN Server
License: GPL-2.0-only

++++++ ocserv-0.12.2.tar.xz -> ocserv-0.12.3.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/ChangeLog new/ocserv-0.12.3/ChangeLog
--- old/ocserv-0.12.2/ChangeLog 2019-01-10 20:02:17.000000000 +0100
+++ new/ocserv-0.12.3/ChangeLog 2019-03-12 21:16:19.000000000 +0100
@@ -1,3 +1,129 @@
+2019-03-12 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * NEWS: NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos
<nmav@xxxxxxxxxx>
+
+2019-03-12 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * NEWS, configure.ac: released 0.12.3 Signed-off-by: Nikos
Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+2019-03-12 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * : commit 6cac2252033081de8ab3a8e078d0bc115e740080 Author: Nikos
+ Mavrogiannopoulos <nmav@xxxxxxxxxx> Date: Tue Mar 12 15:32:21 2019
+ +0100
+
+2019-03-12 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * src/worker-http.c: worker: workarounds string is made applicable
+ for gnutls 3.3 The %NO_SESSION_HASH priority string does not work with
gnutls 3.3.
+ This fix does not include it into the priority string. Resolves: #201
Signed-off-by: Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+2019-02-22 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos
<nmav@xxxxxxxxxx>
+
+2019-02-22 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos
<nmav@xxxxxxxxxx>
+
+2019-02-22 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * : commit d3cb2e8f53eb36ae007c6dd5cfa6a8455d741b5e Author: Frank
+ Huang <chuang213@xxxxxxxxx> Date: Sun Feb 17 08:12:42 2019 +0000
+
+2019-01-31 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * src/main.c: main: removed unused code Signed-off-by: Nikos
Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+2019-01-30 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * : commit 383c25e239a482b212699b9ccab72f94c9f84d5b Author: Nikos
+ Mavrogiannopoulos <nmav@xxxxxxxxxx> Date: Wed Jan 30 19:23:05 2019
+ +0100
+
+2019-01-30 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * README.md: README.md: updated URIs for new gitlab group
Signed-off-by: Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+2019-01-30 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * : commit 385af4e8312118fef44299c6846a1b305e370fe6 Author: Nikos
+ Mavrogiannopoulos <nmav@xxxxxxxxxx> Date: Sun Jan 20 06:44:29 2019
+ +0100
+
+2019-01-20 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * .gitlab-ci.yml, tests/common.sh,
+ tests/data/multiple-routes.config, tests/data/test-ban.config,
+ tests/data/test-cert-opt-pass.config,
+ tests/data/test-ciphers.config,
+ tests/data/test-compression-lz4.config,
+ tests/data/test-compression-lzs.config,
+ tests/data/test-cookie-invalidation.config,
+ tests/data/test-cookie-timeout-2.config,
+ tests/data/test-cookie-timeout.config,
+ tests/data/test-ed25519.config, tests/data/test-enc-key.config,
+ tests/data/test-enc-key2.config,
+ tests/data/test-explicit-ip.config,
+ tests/data/test-group-cert.config,
+ tests/data/test-group-pass.config,
+ tests/data/test-gssapi-local-map.config,
+ tests/data/test-gssapi-opt-cert.config,
+ tests/data/test-gssapi-opt-pass.config,
+ tests/data/test-gssapi.config, tests/data/test-haproxy-auth.config,
+ tests/data/test-haproxy-connect.config,
+ tests/data/test-iroute.config, tests/data/test-multi-cookie.config,
+ tests/data/test-otp-cert.config, tests/data/test-otp.config,
+ tests/data/test-pam-noauth.config, tests/data/test-pam.config,
+ tests/data/test-pass-opt-cert.config,
+ tests/data/test-pass-script.config, tests/data/test-rsa-pss.config,
+ tests/data/test-san-cert.config,
+ tests/data/test-sighup-key-change.config,
+ tests/data/test-sighup.config, tests/data/test-stress.config,
+ tests/data/test-traffic.config, tests/data/test-user-cert.config,
+ tests/data/test-user-config.config,
+ tests/data/test-user-group-cert-no-pass.config,
+ tests/data/test-user-group-cert.config,
+ tests/data/test-vhost-pass-cert.config, tests/data/test1.config,
+ tests/data/test3.config, tests/test-pass-cert: tests: consistently
+ disable isolate-workers in tests That is to prevent coverage reporting
in tests. Signed-off-by: Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+2019-01-19 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * : commit 8ba3987f4ca01d2590181fb33c161a0cc04b9d54 Author: Nikos
+ Mavrogiannopoulos <nmav@xxxxxxxxxx> Date: Sat Jan 19 20:09:50 2019
+ +0100
+
+2019-01-19 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * : commit e0f847b98478299da140b41fd2309afea387d240 Author: Nikos
+ Mavrogiannopoulos <nmav@xxxxxxxxxx> Date: Sat Jan 19 17:03:52 2019
+ +0100
+
+2019-01-19 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * src/worker-http.c: worker: allow negotiating AC-DTLS12 with
+ openconnect This doesn't have the anyconnect client bug with parsing
the server
+ hello. Signed-off-by: Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+2019-01-19 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * tests/Makefile.am, tests/ac-aes128-gcm-cipher,
+ tests/ac-aes256-gcm-cipher, tests/cipher-common.sh,
+ tests/{aes128-gcm-cipher => oc-aes128-gcm-cipher},
+ tests/{aes256-gcm-cipher => oc-aes256-gcm-cipher}: tests: added
+ tests for anyconnect's DTLS1.2 support Signed-off-by: Nikos
Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+2019-01-19 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * tests/test-cookie-timeout: test-cookie-timeout: updated for new
+ openconnect kill semantics Signed-off-by: Nikos Mavrogiannopoulos
<nmav@xxxxxxxxxx>
+
+2019-01-19 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>
+
+ * tests/test-cookie-timeout: test-cookie-timeout: updated for new
+ openconnect kill semantics Signed-off-by: Nikos Mavrogiannopoulos
<nmav@xxxxxxxxxx>
+
2019-01-10 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx>

* NEWS: corrected typo Signed-off-by: Nikos Mavrogiannopoulos
<nmav@xxxxxxxxxx>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/NEWS new/ocserv-0.12.3/NEWS
--- old/ocserv-0.12.2/NEWS 2019-01-10 20:01:52.000000000 +0100
+++ new/ocserv-0.12.3/NEWS 2019-03-12 21:15:44.000000000 +0100
@@ -1,3 +1,12 @@
+* Version 0.12.3 (released 2019-03-12)
+- Fixed crash when no DTLS ciphersuite is negotiated.
+- Fixed crash happening arbitrarily depending on handled string
+ sizes (#197).
+- Fixed compatibility issue with GnuTLS 3.3.x (#201).
+- occtl: print the TLS session information, even if the DTLS channel
+ is not established.
+
+
* Version 0.12.2 (released 2019-01-10)
- Added support for AES256-SHA legacy cipher. This allows the anyconnect
clients to use AES256.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/README.md new/ocserv-0.12.3/README.md
--- old/ocserv-0.12.2/README.md 2019-01-06 20:10:58.000000000 +0100
+++ new/ocserv-0.12.3/README.md 2019-01-31 07:57:22.000000000 +0100
@@ -1,5 +1,5 @@
-[![Build
status](https://gitlab.com/ocserv/ocserv/badges/master/build.svg)](https://gitlab.com/ocserv/ocserv/commits/master)
-[![coverage
report](https://gitlab.com/ocserv/ocserv/badges/master/coverage.svg)](https://ocserv.gitlab.io/ocserv/coverage/)
+[![Build
status](https://gitlab.com/openconnect/ocserv/badges/master/build.svg)](https://gitlab.com/openconnect/ocserv/commits/master)
+[![coverage
report](https://gitlab.com/openconnect/ocserv/badges/master/coverage.svg)](https://openconnect.gitlab.io/ocserv/coverage/)

# About

@@ -130,7 +130,7 @@
We utilize the gitlab-ci continuous integration system. It is used to test
most of the Linux systems (see .gitlab-ci.yml),and is split in two phases,
build image creation and compilation/test. The build image creation is done
-at the ocserv/build-images subproject and uploads the image at the gitlab.com
+at the openconnect/build-images subproject and uploads the image at the
gitlab.com
container registry. The compilation/test phase is on every commit to project.


diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/configure new/ocserv-0.12.3/configure
--- old/ocserv-0.12.2/configure 2019-01-06 19:05:17.000000000 +0100
+++ new/ocserv-0.12.3/configure 2019-03-12 21:14:37.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ocserv 0.12.2.
+# Generated by GNU Autoconf 2.69 for ocserv 0.12.3.
#
# Report bugs to <openconnect-devel@xxxxxxxxxxxxxxxxxxx>.
#
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='ocserv'
PACKAGE_TARNAME='ocserv'
-PACKAGE_VERSION='0.12.2'
-PACKAGE_STRING='ocserv 0.12.2'
+PACKAGE_VERSION='0.12.3'
+PACKAGE_STRING='ocserv 0.12.3'
PACKAGE_BUGREPORT='openconnect-devel@xxxxxxxxxxxxxxxxxxx'
PACKAGE_URL=''

@@ -2023,7 +2023,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures ocserv 0.12.2 to adapt to many kinds of systems.
+\`configure' configures ocserv 0.12.3 to adapt to many kinds of systems.

Usage: $0 [OPTION]... [VAR=VALUE]...

@@ -2094,7 +2094,7 @@

if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of ocserv 0.12.2:";;
+ short | recursive ) echo "Configuration of ocserv 0.12.3:";;
esac
cat <<\_ACEOF

@@ -2303,7 +2303,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-ocserv configure 0.12.2
+ocserv configure 0.12.3
generated by GNU Autoconf 2.69

Copyright (C) 2012 Free Software Foundation, Inc.
@@ -3012,7 +3012,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

-It was created by ocserv $as_me 0.12.2, which was
+It was created by ocserv $as_me 0.12.3, which was
generated by GNU Autoconf 2.69. Invocation command line was

$ $0 $@
@@ -4015,7 +4015,7 @@

# Define the identity of the package.
PACKAGE='ocserv'
- VERSION='0.12.2'
+ VERSION='0.12.3'


cat >>confdefs.h <<_ACEOF
@@ -23619,7 +23619,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by ocserv $as_me 0.12.2, which was
+This file was extended by ocserv $as_me 0.12.3, which was
generated by GNU Autoconf 2.69. Invocation command line was

CONFIG_FILES = $CONFIG_FILES
@@ -23685,7 +23685,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-ocserv config.status 0.12.2
+ocserv config.status 0.12.3
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/configure.ac
new/ocserv-0.12.3/configure.ac
--- old/ocserv-0.12.2/configure.ac 2018-11-18 19:39:43.000000000 +0100
+++ new/ocserv-0.12.3/configure.ac 2019-03-12 21:14:21.000000000 +0100
@@ -1,5 +1,5 @@
AC_PREREQ(2.61)
-AC_INIT([ocserv], [0.12.2], [openconnect-devel@xxxxxxxxxxxxxxxxxxx])
+AC_INIT([ocserv], [0.12.3], [openconnect-devel@xxxxxxxxxxxxxxxxxxx])
PKG_PROG_PKG_CONFIG
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/src/main.c new/ocserv-0.12.3/src/main.c
--- old/ocserv-0.12.2/src/main.c 2018-11-18 19:39:43.000000000 +0100
+++ new/ocserv-0.12.3/src/main.c 2019-01-31 07:57:37.000000000 +0100
@@ -566,29 +566,6 @@
mslog(s, NULL, LOG_ERR, "cannot enforce NPROC limit: %s\n",
strerror(e));
}
-
-#if 0
- rl.rlim_cur = 0;
- rl.rlim_max = 0;
- ret = setrlimit(RLIMIT_FSIZE, &rl);
- if (ret < 0) {
- e = errno;
- mslog(s, NULL, LOG_ERR, "cannot enforce FSIZE limit: %s\n",
- strerror(e));
- }
-
-#define MAX_WORKER_MEM (16*1024*1024)
- if (GETPCONFIG(s)->debug == 0) {
- rl.rlim_cur = MAX_WORKER_MEM;
- rl.rlim_max = MAX_WORKER_MEM;
- ret = setrlimit(RLIMIT_AS, &rl);
- if (ret < 0) {
- e = errno;
- mslog(s, NULL, LOG_ERR, "cannot enforce AS limit: %s\n",
- strerror(e));
- }
- }
-#endif
}

/* clears the server listen_list and proc_list. To be used after fork().
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/src/str.c new/ocserv-0.12.3/src/str.c
--- old/ocserv-0.12.2/src/str.c 2018-04-14 21:30:37.000000000 +0200
+++ new/ocserv-0.12.3/src/str.c 2019-03-12 21:13:35.000000000 +0100
@@ -103,9 +103,9 @@
*/
int str_append_data(str_st * dest, const void *data, size_t data_size)
{
-int ret;
+ int ret;

- ret = str_append_size(dest, data_size);
+ ret = str_append_size(dest, data_size+1);
if (ret < 0)
return ret;

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/src/version.inc
new/ocserv-0.12.3/src/version.inc
--- old/ocserv-0.12.2/src/version.inc 2019-01-10 19:54:30.000000000 +0100
+++ new/ocserv-0.12.3/src/version.inc 2019-03-12 21:14:48.000000000 +0100
@@ -1 +1 @@
-version = "0.12.2";
+version = "0.12.3";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/src/worker-http.c
new/ocserv-0.12.3/src/worker-http.c
--- old/ocserv-0.12.2/src/worker-http.c 2019-01-10 19:47:15.000000000 +0100
+++ new/ocserv-0.12.3/src/worker-http.c 2019-03-12 21:13:35.000000000 +0100
@@ -84,7 +84,11 @@
* extension to avoid interop issues. Furthermore gnutls does seem to
* be sending the renegotiation extension which openssl doesn't like (see
#193) */

-#define WORKAROUND_STR "%NO_SESSION_HASH:%DISABLE_SAFE_RENEGOTIATION"
+#if GNUTLS_VERSION_NUMBER >= 0x030400
+# define WORKAROUND_STR "%NO_SESSION_HASH:%DISABLE_SAFE_RENEGOTIATION"
+#else
+# define WORKAROUND_STR "%DISABLE_SAFE_RENEGOTIATION"
+#endif

/* Consider switching to gperf when this table grows significantly.
* These tables are used for the custom DTLS cipher negotiation via
@@ -432,7 +436,6 @@
req->selected_ciphersuite = cand;

break;
-
case HEADER_DTLS12_CIPHERSUITE:
if (req->use_psk || !WSCONFIG(ws)->dtls_legacy)
break;
@@ -441,8 +444,9 @@
* anyconnect's openssl fail:
https://gitlab.com/gnutls/gnutls/merge_requests/868
*/
#ifdef gnutls_check_version_numeric
- if (!gnutls_check_version_numeric(3,6,6) &&
- (!gnutls_check_version_numeric(3,3,0) ||
gnutls_check_version_numeric(3,6,0))) {
+ if (req->user_agent_type != AGENT_OPENCONNECT &&
+ (!gnutls_check_version_numeric(3,6,6) &&
+ (!gnutls_check_version_numeric(3,3,0) ||
gnutls_check_version_numeric(3,6,0)))) {
break;
}
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/src/worker-vpn.c
new/ocserv-0.12.3/src/worker-vpn.c
--- old/ocserv-0.12.2/src/worker-vpn.c 2019-01-10 19:08:32.000000000 +0100
+++ new/ocserv-0.12.3/src/worker-vpn.c 2019-01-20 06:01:59.000000000 +0100
@@ -226,18 +226,18 @@

gnutls_psk_set_server_credentials_function(WSCREDS(ws)->pskcred,
get_psk_key);

- if (ws->session && WSCONFIG(ws)->match_dtls_and_tls) {
+ if (!ws->session) {
+ oclog(ws, LOG_ERR, "cannot setup PSK keys without an encrypted
CSTP channel");
+ return -1;
+ }
+
+ if (WSCONFIG(ws)->match_dtls_and_tls) {
cipher = gnutls_cipher_get(ws->session);
mac = gnutls_mac_get(ws->session);

snprintf(prio_string, sizeof(prio_string),
"%s:"VERS_STRING":-CIPHER-ALL:-MAC-ALL:-KX-ALL:+PSK:+VERS-DTLS-ALL:+%s:+%s",
WSCONFIG(ws)->priorities, gnutls_mac_get_name(mac),
gnutls_cipher_get_name(cipher));
} else {
- if (WSCONFIG(ws)->match_dtls_and_tls) {
- oclog(ws, LOG_ERR, "cannot determine ciphersuite from
CSTP channel (unset match-tls-dtls-ciphers)");
- return -1;
- }
-
/* if we haven't an associated session, enable all ciphers we
would have enabled
* otherwise for TLS. */
snprintf(prio_string, sizeof(prio_string),
"%s:"VERS_STRING":-KX-ALL:+PSK:+VERS-DTLS-ALL",
@@ -801,6 +801,8 @@
oclog(ws, LOG_DEBUG, "Accepted unix connection");
}

+ ws->session = session;
+
session_info_send(ws);

memset(&settings, 0, sizeof(settings));
@@ -823,7 +825,6 @@
oclog(ws, LOG_DEBUG, "proxy-hdr: peer is %s\n",
ws->remote_ip_str);
}

- ws->session = session;
ws->parser = &parser;

restart:
@@ -1751,7 +1752,7 @@
gnutls_cipher_get(ws->session),
gnutls_mac_get(ws->session));
}
- } else {
+ } else if (ws->req.selected_ciphersuite) {
ws->dtls_crypto_overhead =
tls_get_overhead(ws->req.

selected_ciphersuite->gnutls_version,
@@ -2199,7 +2200,7 @@
oclog(ws, LOG_INFO, "DTLS ciphersuite:
"DTLS_PROTO_INDICATOR);
ret =
cstp_printf(ws, "X-DTLS-CipherSuite:
"DTLS_PROTO_INDICATOR"\r\n");
- } else {
+ } else if (ws->req.selected_ciphersuite) {
ret =
cstp_printf(ws, "X-DTLS-Session-ID: %s\r\n",
ws->buffer);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/Makefile.am
new/ocserv-0.12.3/tests/Makefile.am
--- old/ocserv-0.12.2/tests/Makefile.am 2019-01-06 20:07:53.000000000 +0100
+++ new/ocserv-0.12.3/tests/Makefile.am 2019-01-20 06:42:02.000000000 +0100
@@ -58,8 +58,9 @@
#other tests requiring nuttcp for traffic
if ENABLE_NUTTCP_TESTS
dist_check_SCRIPTS += traffic lz4-compression lzs-compression \
- aes256-cipher aes128-cipher aes256-gcm-cipher aes128-gcm-cipher \
- test-config-per-group
+ aes256-cipher aes128-cipher oc-aes256-gcm-cipher oc-aes128-gcm-cipher \
+ test-config-per-group ac-aes128-gcm-cipher ac-aes256-gcm-cipher \
+ no-dtls-cipher
endif

endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/Makefile.in
new/ocserv-0.12.3/tests/Makefile.in
--- old/ocserv-0.12.2/tests/Makefile.in 2019-01-10 19:47:40.000000000 +0100
+++ new/ocserv-0.12.3/tests/Makefile.in 2019-03-12 21:14:38.000000000 +0100
@@ -107,8 +107,9 @@

#other tests requiring nuttcp for traffic
@ENABLE_NUTTCP_TESTS_TRUE@@ENABLE_ROOT_TESTS_TRUE@am__append_7 = traffic
lz4-compression lzs-compression \
-@ENABLE_NUTTCP_TESTS_TRUE@@ENABLE_ROOT_TESTS_TRUE@ aes256-cipher
aes128-cipher aes256-gcm-cipher aes128-gcm-cipher \
-@ENABLE_NUTTCP_TESTS_TRUE@@ENABLE_ROOT_TESTS_TRUE@ test-config-per-group
+@ENABLE_NUTTCP_TESTS_TRUE@@ENABLE_ROOT_TESTS_TRUE@ aes256-cipher
aes128-cipher oc-aes256-gcm-cipher oc-aes128-gcm-cipher \
+@ENABLE_NUTTCP_TESTS_TRUE@@ENABLE_ROOT_TESTS_TRUE@ test-config-per-group
ac-aes128-gcm-cipher ac-aes256-gcm-cipher \
+@ENABLE_NUTTCP_TESTS_TRUE@@ENABLE_ROOT_TESTS_TRUE@ no-dtls-cipher

@HAVE_CWRAP_ALL_TRUE@@HAVE_CWRAP_TRUE@am__append_8 = test-vhost
@HAVE_CWRAP_TRUE@am__append_9 = test-pass test-pass-cert test-cert
test-group-pass \
@@ -233,14 +234,15 @@
test-cookie-invalidation test-user-config test-append-routes \
test-ban multiple-routes haproxy-connect traffic \
lz4-compression lzs-compression aes256-cipher aes128-cipher \
- aes256-gcm-cipher aes128-gcm-cipher test-config-per-group \
- test-vhost test-pass test-pass-cert test-cert test-group-pass \
- test-pass-group-cert test-pass-group-cert-no-pass test-sighup \
- test-enc-key test-sighup-key-change test-get-cert \
- test-san-cert test-gssapi test-pass-opt-cert \
- test-cert-opt-pass test-gssapi-opt-pass test-gssapi-opt-cert \
- haproxy-auth test-maintenance test-pam test-pam-noauth \
- test-otp-cert test-otp
+ oc-aes256-gcm-cipher oc-aes128-gcm-cipher \
+ test-config-per-group ac-aes128-gcm-cipher \
+ ac-aes256-gcm-cipher no-dtls-cipher test-vhost test-pass \
+ test-pass-cert test-cert test-group-pass test-pass-group-cert \
+ test-pass-group-cert-no-pass test-sighup test-enc-key \
+ test-sighup-key-change test-get-cert test-san-cert test-gssapi \
+ test-pass-opt-cert test-cert-opt-pass test-gssapi-opt-pass \
+ test-gssapi-opt-cert haproxy-auth test-maintenance test-pam \
+ test-pam-noauth test-otp-cert test-otp
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -1981,16 +1983,16 @@
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS)
-- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
-aes256-gcm-cipher.log: aes256-gcm-cipher
- @p='aes256-gcm-cipher'; \
- b='aes256-gcm-cipher'; \
+oc-aes256-gcm-cipher.log: oc-aes256-gcm-cipher
+ @p='oc-aes256-gcm-cipher'; \
+ b='oc-aes256-gcm-cipher'; \
$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS)
-- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
-aes128-gcm-cipher.log: aes128-gcm-cipher
- @p='aes128-gcm-cipher'; \
- b='aes128-gcm-cipher'; \
+oc-aes128-gcm-cipher.log: oc-aes128-gcm-cipher
+ @p='oc-aes128-gcm-cipher'; \
+ b='oc-aes128-gcm-cipher'; \
$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS)
-- $(LOG_COMPILE) \
@@ -2001,6 +2003,27 @@
$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS)
-- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+ac-aes128-gcm-cipher.log: ac-aes128-gcm-cipher
+ @p='ac-aes128-gcm-cipher'; \
+ b='ac-aes128-gcm-cipher'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS)
-- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+ac-aes256-gcm-cipher.log: ac-aes256-gcm-cipher
+ @p='ac-aes256-gcm-cipher'; \
+ b='ac-aes256-gcm-cipher'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS)
-- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+no-dtls-cipher.log: no-dtls-cipher
+ @p='no-dtls-cipher'; \
+ b='no-dtls-cipher'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS)
-- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
test-vhost.log: test-vhost
@p='test-vhost'; \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/ac-aes128-gcm-cipher
new/ocserv-0.12.3/tests/ac-aes128-gcm-cipher
--- old/ocserv-0.12.2/tests/ac-aes128-gcm-cipher 1970-01-01
01:00:00.000000000 +0100
+++ new/ocserv-0.12.3/tests/ac-aes128-gcm-cipher 2019-01-19
19:47:50.000000000 +0100
@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# Copyright (C) 2019 Nikos Mavrogiannopoulos
+#
+# This file is part of ocserv.
+#
+# ocserv is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at
+# your option) any later version.
+#
+# ocserv is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# This tests support for anyconnect's DTLS1.2 support
+
+PKG_CONFIG="${PKG_CONFIG:-/usr/bin/pkg-config}"
+CIPHER12_NAME="AES128-GCM-SHA256"
+GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-128-GCM)"
+
+${PKG_CONFIG} --atleast-version=8.02 openconnect
+test $? != 0 && exit 77
+
+. cipher-common.sh
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/ac-aes256-gcm-cipher
new/ocserv-0.12.3/tests/ac-aes256-gcm-cipher
--- old/ocserv-0.12.2/tests/ac-aes256-gcm-cipher 1970-01-01
01:00:00.000000000 +0100
+++ new/ocserv-0.12.3/tests/ac-aes256-gcm-cipher 2019-01-19
19:47:50.000000000 +0100
@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Copyright (C) 2019 Nikos Mavrogiannopoulos
+#
+# This file is part of ocserv.
+#
+# ocserv is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at
+# your option) any later version.
+#
+# ocserv is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# This tests support for anyconnect's DTLS1.2 support
+
+PKG_CONFIG="${PKG_CONFIG:-/usr/bin/pkg-config}"
+CIPHER12_NAME="AES256-GCM-SHA384"
+GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-256-GCM)"
+
+# There is a bug preventing AES256-GCM-SHA384 to work in openconnect
+# 8.02.
+${PKG_CONFIG} --atleast-version=8.03 openconnect
+test $? != 0 && exit 77
+
+. cipher-common.sh
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/aes128-gcm-cipher
new/ocserv-0.12.3/tests/aes128-gcm-cipher
--- old/ocserv-0.12.2/tests/aes128-gcm-cipher 2018-11-18 19:39:43.000000000
+0100
+++ new/ocserv-0.12.3/tests/aes128-gcm-cipher 1970-01-01 01:00:00.000000000
+0100
@@ -1,27 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2018 Nikos Mavrogiannopoulos
-#
-# This file is part of ocserv.
-#
-# ocserv is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at
-# your option) any later version.
-#
-# ocserv is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-# This tests operation/traffic under compression (lzs or lz4).
-
-CIPHER_NAME="OC-DTLS1_2-AES128-GCM"
-GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-128-GCM)"
-
-. cipher-common.sh
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/aes256-gcm-cipher
new/ocserv-0.12.3/tests/aes256-gcm-cipher
--- old/ocserv-0.12.2/tests/aes256-gcm-cipher 2018-11-18 19:39:43.000000000
+0100
+++ new/ocserv-0.12.3/tests/aes256-gcm-cipher 1970-01-01 01:00:00.000000000
+0100
@@ -1,27 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2018 Nikos Mavrogiannopoulos
-#
-# This file is part of ocserv.
-#
-# ocserv is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at
-# your option) any later version.
-#
-# ocserv is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-# This tests operation/traffic under compression (lzs or lz4).
-
-CIPHER_NAME="OC-DTLS1_2-AES256-GCM"
-GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-256-GCM)"
-
-. cipher-common.sh
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/cipher-common.sh
new/ocserv-0.12.3/tests/cipher-common.sh
--- old/ocserv-0.12.2/tests/cipher-common.sh 2018-11-18 19:39:43.000000000
+0100
+++ new/ocserv-0.12.3/tests/cipher-common.sh 2019-03-12 21:13:35.000000000
+0100
@@ -78,16 +78,22 @@

sleep 4

+if test -n "${CIPHER12_NAME}";then
+ CSTR="--dtls12-ciphers ${CIPHER12_NAME} --dtls-ciphers UNKNOWN"
+else
+ CSTR="--dtls-ciphers ${CIPHER_NAME}"
+fi
+
# Run clients
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME}
--servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
--dtls-ciphers=${CIPHER_NAME} --cookieonly )
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME}
--servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 ${CSTR} --cookieonly )
if test $? != 0;then
echo "Could not get cookie from server"
exit 1
fi

echo " * Connecting to ${ADDRESS}:${PORT}..."
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME}
--servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
--dtls-ciphers=${CIPHER_NAME} -s ${srcdir}/scripts/vpnc-script
--pid-file=${CLIPID} --passwd-on-stdin -b )
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME}
--servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 ${CSTR} -s
${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
if test $? != 0;then
echo "Could not connect to server"
exit 1
@@ -110,7 +116,7 @@

${CMDNS2} nuttcp -1

-${CMDNS1} ping -c 3 ${VPNADDR6}
+${CMDNS1} ping -6 -c 3 ${VPNADDR6}

echo " * Receiving with nuttcp"

@@ -131,21 +137,37 @@
exit 1
fi

-grep "Username: ${USERNAME}" ${OUTFILE}
+grep "Username: ${USERNAME}" ${OUTFILE} >/dev/null
if test $? != 0;then
${OCCTL} -s ${OCCTL_SOCKET} show user ${USERNAME}
echo "occtl show user didn't find connected user!"
exit 1
fi

-grep "DTLS cipher: ${GNUTLS_NAME}" ${OUTFILE}
+if test -z "${GNUTLS_NAME}";then
+ grep "DTLS cipher:" ${OUTFILE} >/dev/null
+ if test $? = 0;then
+ ${OCCTL} -s ${OCCTL_SOCKET} show user ${USERNAME}
+ echo "occtl show user did show a cipher!"
+ exit 1
+ fi
+else
+ grep "DTLS cipher: ${GNUTLS_NAME}" ${OUTFILE} >/dev/null
+ if test $? != 0;then
+ ${OCCTL} -s ${OCCTL_SOCKET} show user ${USERNAME}
+ echo "occtl show user didn't show cipher!"
+ exit 1
+ fi
+fi
+
+grep -E '[[:space:]]+TLS ciphersuite:' ${OUTFILE} >/dev/null
if test $? != 0;then
${OCCTL} -s ${OCCTL_SOCKET} show user ${USERNAME}
- echo "occtl show user didn't show cipher!"
+ echo "occtl show user did not show a TLS cipher!"
exit 1
fi

-grep ${CLI_ADDRESS} ${OUTFILE}
+grep ${CLI_ADDRESS} ${OUTFILE} >/dev/null
if test $? != 0;then
${OCCTL} -s ${OCCTL_SOCKET} show user ${USERNAME}
echo "occtl show user didn't find client address!"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/common.sh
new/ocserv-0.12.3/tests/common.sh
--- old/ocserv-0.12.2/tests/common.sh 2019-01-06 18:53:51.000000000 +0100
+++ new/ocserv-0.12.3/tests/common.sh 2019-01-30 19:01:35.000000000 +0100
@@ -49,10 +49,20 @@
file=$1
username=$(whoami)
group=$(groups|cut -f 1 -d ' ')
+
+ if test -z "${ISOLATE_WORKERS}";then
+ if test "${COVERAGE}" = "1";then
+ ISOLATE_WORKERS=false
+ else
+ ISOLATE_WORKERS=true
+ fi
+ fi
+
cp "${srcdir}/data/${file}" "$file.$$.tmp"
sed -i -e 's|@USERNAME@|'${username}'|g' "$file.$$.tmp" \
-e 's|@GROUP@|'${group}'|g' "$file.$$.tmp" \
-e 's|@SRCDIR@|'${srcdir}'|g' "$file.$$.tmp" \
+ -e 's|@ISOLATE_WORKERS@|'${ISOLATE_WORKERS}'|g' "$file.$$.tmp" \
-e 's|@OTP_FILE@|'${OTP_FILE}'|g' "$file.$$.tmp" \
-e 's|@CRLNAME@|'${CRLNAME}'|g' "$file.$$.tmp" \
-e 's|@PORT@|'${PORT}'|g' "$file.$$.tmp" \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/multiple-routes.config
new/ocserv-0.12.3/tests/data/multiple-routes.config
--- old/ocserv-0.12.2/tests/data/multiple-routes.config 2018-04-14
09:52:35.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/multiple-routes.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
#auth = "plain[./data/test1.passwd]"
#auth = "pam"

+isolate-workers = false
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-ban.config
new/ocserv-0.12.3/tests/data/test-ban.config
--- old/ocserv-0.12.2/tests/data/test-ban.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-ban.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[./data/test1.passwd]"
#auth = "pam"

+isolate-workers = false
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-cert-opt-pass.config
new/ocserv-0.12.3/tests/data/test-cert-opt-pass.config
--- old/ocserv-0.12.2/tests/data/test-cert-opt-pass.config 2018-04-14
09:52:35.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-cert-opt-pass.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
enable-auth = "plain[passwd=@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-ciphers.config
new/ocserv-0.12.3/tests/data/test-ciphers.config
--- old/ocserv-0.12.2/tests/data/test-ciphers.config 2018-11-18
19:39:43.000000000 +0100
+++ new/ocserv-0.12.3/tests/data/test-ciphers.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,7 +5,7 @@
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

-isolate-workers = false
+isolate-workers = @ISOLATE_WORKERS@

max-ban-score = 0

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-compression-lz4.config
new/ocserv-0.12.3/tests/data/test-compression-lz4.config
--- old/ocserv-0.12.2/tests/data/test-compression-lz4.config 2018-04-15
21:13:39.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-compression-lz4.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,7 +5,7 @@
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

-isolate-workers = false
+isolate-workers = @ISOLATE_WORKERS@

max-ban-score = 0

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-compression-lzs.config
new/ocserv-0.12.3/tests/data/test-compression-lzs.config
--- old/ocserv-0.12.2/tests/data/test-compression-lzs.config 2018-04-15
21:13:39.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-compression-lzs.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,7 +5,7 @@
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

-isolate-workers = false
+isolate-workers = @ISOLATE_WORKERS@

max-ban-score = 0

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ocserv-0.12.2/tests/data/test-cookie-invalidation.config
new/ocserv-0.12.3/tests/data/test-cookie-invalidation.config
--- old/ocserv-0.12.2/tests/data/test-cookie-invalidation.config
2017-09-09 10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-cookie-invalidation.config
2019-01-30 19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[./data/test1.passwd]"
#auth = "pam"

+isolate-workers = false
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ocserv-0.12.2/tests/data/test-cookie-timeout-2.config
new/ocserv-0.12.3/tests/data/test-cookie-timeout-2.config
--- old/ocserv-0.12.2/tests/data/test-cookie-timeout-2.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-cookie-timeout-2.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[./data/test1.passwd]"
#auth = "pam"

+isolate-workers = false
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-cookie-timeout.config
new/ocserv-0.12.3/tests/data/test-cookie-timeout.config
--- old/ocserv-0.12.2/tests/data/test-cookie-timeout.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-cookie-timeout.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[./data/test1.passwd]"
#auth = "pam"

+isolate-workers = false
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-ed25519.config
new/ocserv-0.12.3/tests/data/test-ed25519.config
--- old/ocserv-0.12.2/tests/data/test-ed25519.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-ed25519.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
max-ban-score = 0

# A banner to be displayed on clients
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-enc-key.config
new/ocserv-0.12.3/tests/data/test-enc-key.config
--- old/ocserv-0.12.2/tests/data/test-enc-key.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-enc-key.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-enc-key2.config
new/ocserv-0.12.3/tests/data/test-enc-key2.config
--- old/ocserv-0.12.2/tests/data/test-enc-key2.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-enc-key2.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-explicit-ip.config
new/ocserv-0.12.3/tests/data/test-explicit-ip.config
--- old/ocserv-0.12.2/tests/data/test-explicit-ip.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-explicit-ip.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[./data/test1.passwd]"
#auth = "pam"

+isolate-workers = false
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-group-pass.config
new/ocserv-0.12.3/tests/data/test-group-pass.config
--- old/ocserv-0.12.2/tests/data/test-group-pass.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-group-pass.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[@SRCDIR@/data/test-group.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ocserv-0.12.2/tests/data/test-gssapi-local-map.config
new/ocserv-0.12.3/tests/data/test-gssapi-local-map.config
--- old/ocserv-0.12.2/tests/data/test-gssapi-local-map.config 2017-09-09
11:26:28.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-gssapi-local-map.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
#auth = "plain[./data/test1.passwd]"
auth = "gssapi"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-gssapi-opt-cert.config
new/ocserv-0.12.3/tests/data/test-gssapi-opt-cert.config
--- old/ocserv-0.12.2/tests/data/test-gssapi-opt-cert.config 2018-04-14
09:52:35.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-gssapi-opt-cert.config 2019-01-30
19:01:35.000000000 +0100
@@ -6,6 +6,8 @@
auth = "gssapi[require-local-user-map=false]"
enable-auth = certificate

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-gssapi-opt-pass.config
new/ocserv-0.12.3/tests/data/test-gssapi-opt-pass.config
--- old/ocserv-0.12.2/tests/data/test-gssapi-opt-pass.config 2018-04-14
09:52:35.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-gssapi-opt-pass.config 2019-01-30
19:01:35.000000000 +0100
@@ -6,6 +6,8 @@
auth = "gssapi[require-local-user-map=false]"
enable-auth = "plain[passwd=@SRCDIR@/data/test1.passwd]"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-gssapi.config
new/ocserv-0.12.3/tests/data/test-gssapi.config
--- old/ocserv-0.12.2/tests/data/test-gssapi.config 2018-04-14
21:29:16.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-gssapi.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
#auth = "plain[./data/test1.passwd]"
auth = "gssapi[require-local-user-map=false]"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-haproxy-auth.config
new/ocserv-0.12.3/tests/data/test-haproxy-auth.config
--- old/ocserv-0.12.2/tests/data/test-haproxy-auth.config 2018-04-14
09:52:35.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-haproxy-auth.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
max-ban-score = 0

# A banner to be displayed on clients
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-haproxy-connect.config
new/ocserv-0.12.3/tests/data/test-haproxy-connect.config
--- old/ocserv-0.12.2/tests/data/test-haproxy-connect.config 2018-04-14
09:52:35.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-haproxy-connect.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,7 +5,7 @@
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

-isolate-workers = false
+isolate-workers = @ISOLATE_WORKERS@

max-ban-score = 0

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-iroute.config
new/ocserv-0.12.3/tests/data/test-iroute.config
--- old/ocserv-0.12.2/tests/data/test-iroute.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-iroute.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
#auth = "plain[./data/test1.passwd]"
#auth = "pam"

+isolate-workers = false
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-multi-cookie.config
new/ocserv-0.12.3/tests/data/test-multi-cookie.config
--- old/ocserv-0.12.2/tests/data/test-multi-cookie.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-multi-cookie.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[./data/test1.passwd]"
#auth = "pam"

+isolate-workers = false
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-otp-cert.config
new/ocserv-0.12.3/tests/data/test-otp-cert.config
--- old/ocserv-0.12.2/tests/data/test-otp-cert.config 2018-03-03
15:03:55.000000000 +0100
+++ new/ocserv-0.12.3/tests/data/test-otp-cert.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[passwd=@SRCDIR@/data/test-otp.passwd,otp=@OTP_FILE@]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-otp.config
new/ocserv-0.12.3/tests/data/test-otp.config
--- old/ocserv-0.12.2/tests/data/test-otp.config 2018-03-03
15:04:03.000000000 +0100
+++ new/ocserv-0.12.3/tests/data/test-otp.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[passwd=@SRCDIR@/data/test-otp.passwd,otp=@OTP_FILE@]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-pam-noauth.config
new/ocserv-0.12.3/tests/data/test-pam-noauth.config
--- old/ocserv-0.12.2/tests/data/test-pam-noauth.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-pam-noauth.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[@SRCDIR@/data/test-pam.passwd]"
acct = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-pam.config
new/ocserv-0.12.3/tests/data/test-pam.config
--- old/ocserv-0.12.2/tests/data/test-pam.config 2018-09-22
21:11:07.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-pam.config 2019-01-30
19:01:35.000000000 +0100
@@ -4,6 +4,8 @@
#auth = "certificate"
auth = "pam[gid-min=1000]"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-pass-opt-cert.config
new/ocserv-0.12.3/tests/data/test-pass-opt-cert.config
--- old/ocserv-0.12.2/tests/data/test-pass-opt-cert.config 2018-04-14
09:52:35.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-pass-opt-cert.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
enable-auth = "certificate"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-pass-script.config
new/ocserv-0.12.3/tests/data/test-pass-script.config
--- old/ocserv-0.12.2/tests/data/test-pass-script.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-pass-script.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[./data/test1.passwd]"
#auth = "pam"

+isolate-workers = false
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-rsa-pss.config
new/ocserv-0.12.3/tests/data/test-rsa-pss.config
--- old/ocserv-0.12.2/tests/data/test-rsa-pss.config 2018-04-13
22:49:23.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-rsa-pss.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
max-ban-score = 0

# A banner to be displayed on clients
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-san-cert.config
new/ocserv-0.12.3/tests/data/test-san-cert.config
--- old/ocserv-0.12.2/tests/data/test-san-cert.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-san-cert.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
#auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ocserv-0.12.2/tests/data/test-sighup-key-change.config
new/ocserv-0.12.3/tests/data/test-sighup-key-change.config
--- old/ocserv-0.12.2/tests/data/test-sighup-key-change.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-sighup-key-change.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
#auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-sighup.config
new/ocserv-0.12.3/tests/data/test-sighup.config
--- old/ocserv-0.12.2/tests/data/test-sighup.config 2018-04-15
17:25:24.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-sighup.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
#auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-stress.config
new/ocserv-0.12.3/tests/data/test-stress.config
--- old/ocserv-0.12.2/tests/data/test-stress.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-stress.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[./data/test1.passwd]"
#auth = "pam"

+isolate-workers = false
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-traffic.config
new/ocserv-0.12.3/tests/data/test-traffic.config
--- old/ocserv-0.12.2/tests/data/test-traffic.config 2018-04-14
09:52:35.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-traffic.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,7 +5,7 @@
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

-isolate-workers = false
+isolate-workers = @ISOLATE_WORKERS@

max-ban-score = 0

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-user-cert.config
new/ocserv-0.12.3/tests/data/test-user-cert.config
--- old/ocserv-0.12.2/tests/data/test-user-cert.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-user-cert.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-user-config.config
new/ocserv-0.12.3/tests/data/test-user-config.config
--- old/ocserv-0.12.2/tests/data/test-user-config.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-user-config.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
#auth = "plain[./data/test1.passwd]"
#auth = "pam"

+isolate-workers = false
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ocserv-0.12.2/tests/data/test-user-group-cert-no-pass.config
new/ocserv-0.12.3/tests/data/test-user-group-cert-no-pass.config
--- old/ocserv-0.12.2/tests/data/test-user-group-cert-no-pass.config
2017-09-09 10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-user-group-cert-no-pass.config
2019-01-30 19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
#auth = "plain[@SRCDIR@/data/test-group.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
select-group = group1
select-group = group2

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-user-group-cert.config
new/ocserv-0.12.3/tests/data/test-user-group-cert.config
--- old/ocserv-0.12.2/tests/data/test-user-group-cert.config 2017-09-09
10:34:02.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-user-group-cert.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[@SRCDIR@/data/test-group.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
select-group = group1
select-group = group2

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-vhost-pass-cert.config
new/ocserv-0.12.3/tests/data/test-vhost-pass-cert.config
--- old/ocserv-0.12.2/tests/data/test-vhost-pass-cert.config 2018-04-14
09:52:35.000000000 +0200
+++ new/ocserv-0.12.3/tests/data/test-vhost-pass-cert.config 2019-01-30
19:01:35.000000000 +0100
@@ -5,6 +5,8 @@
auth = "plain[passwd=@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test1.config
new/ocserv-0.12.3/tests/data/test1.config
--- old/ocserv-0.12.2/tests/data/test1.config 2018-11-18 19:39:43.000000000
+0100
+++ new/ocserv-0.12.3/tests/data/test1.config 2019-01-30 19:01:35.000000000
+0100
@@ -5,6 +5,8 @@
auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
max-ban-score = 0

# A banner to be displayed on clients
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test3.config
new/ocserv-0.12.3/tests/data/test3.config
--- old/ocserv-0.12.2/tests/data/test3.config 2017-09-09 10:34:02.000000000
+0200
+++ new/ocserv-0.12.3/tests/data/test3.config 2019-01-30 19:01:35.000000000
+0100
@@ -5,6 +5,8 @@
#auth = "plain[@SRCDIR@/data/test1.passwd]"
#auth = "pam"

+isolate-workers = @ISOLATE_WORKERS@
+
# A banner to be displayed on clients
#banner = "Welcome"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/lz4-compression
new/ocserv-0.12.3/tests/lz4-compression
--- old/ocserv-0.12.2/tests/lz4-compression 2018-04-15 21:13:39.000000000
+0200
+++ new/ocserv-0.12.3/tests/lz4-compression 2019-03-12 21:13:35.000000000
+0100
@@ -110,7 +110,7 @@

${CMDNS2} nuttcp -1

-${CMDNS1} ping -c 3 ${VPNADDR6}
+${CMDNS1} ping -6 -c 3 ${VPNADDR6}

echo " * Receiving with nuttcp"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/lzs-compression
new/ocserv-0.12.3/tests/lzs-compression
--- old/ocserv-0.12.2/tests/lzs-compression 2018-04-15 21:13:39.000000000
+0200
+++ new/ocserv-0.12.3/tests/lzs-compression 2019-03-12 21:13:35.000000000
+0100
@@ -110,7 +110,7 @@

${CMDNS2} nuttcp -1

-${CMDNS1} ping -c 3 ${VPNADDR6}
+${CMDNS1} ping -6 -c 3 ${VPNADDR6}

echo " * Receiving with nuttcp"

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/no-dtls-cipher
new/ocserv-0.12.3/tests/no-dtls-cipher
--- old/ocserv-0.12.2/tests/no-dtls-cipher 1970-01-01 01:00:00.000000000
+0100
+++ new/ocserv-0.12.3/tests/no-dtls-cipher 2019-01-19 19:47:50.000000000
+0100
@@ -0,0 +1,28 @@
+#!/bin/bash
+#
+# Copyright (C) 2019 Nikos Mavrogiannopoulos
+#
+# This file is part of ocserv.
+#
+# ocserv is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at
+# your option) any later version.
+#
+# ocserv is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# This tests support for anyconnect's DTLS1.2 support
+
+PKG_CONFIG="${PKG_CONFIG:-/usr/bin/pkg-config}"
+CIPHER_NAME="UNKNOWN"
+GNUTLS_NAME=""
+
+. cipher-common.sh
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/oc-aes128-gcm-cipher
new/ocserv-0.12.3/tests/oc-aes128-gcm-cipher
--- old/ocserv-0.12.2/tests/oc-aes128-gcm-cipher 1970-01-01
01:00:00.000000000 +0100
+++ new/ocserv-0.12.3/tests/oc-aes128-gcm-cipher 2019-01-19
19:47:50.000000000 +0100
@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Copyright (C) 2018 Nikos Mavrogiannopoulos
+#
+# This file is part of ocserv.
+#
+# ocserv is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at
+# your option) any later version.
+#
+# ocserv is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# This tests operation/traffic under compression (lzs or lz4).
+
+CIPHER_NAME="OC-DTLS1_2-AES128-GCM"
+GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-128-GCM)"
+
+. cipher-common.sh
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/oc-aes256-gcm-cipher
new/ocserv-0.12.3/tests/oc-aes256-gcm-cipher
--- old/ocserv-0.12.2/tests/oc-aes256-gcm-cipher 1970-01-01
01:00:00.000000000 +0100
+++ new/ocserv-0.12.3/tests/oc-aes256-gcm-cipher 2019-01-19
19:47:50.000000000 +0100
@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Copyright (C) 2018 Nikos Mavrogiannopoulos
+#
+# This file is part of ocserv.
+#
+# ocserv is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at
+# your option) any later version.
+#
+# ocserv is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# This tests operation/traffic under compression (lzs or lz4).
+
+CIPHER_NAME="OC-DTLS1_2-AES256-GCM"
+GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-256-GCM)"
+
+. cipher-common.sh
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/test-config-per-group
new/ocserv-0.12.3/tests/test-config-per-group
--- old/ocserv-0.12.2/tests/test-config-per-group 2019-01-06
18:53:51.000000000 +0100
+++ new/ocserv-0.12.3/tests/test-config-per-group 2019-03-12
21:13:35.000000000 +0100
@@ -89,7 +89,7 @@
set -e
${CMDNS1} ping -c 3 ${VPNADDR} >/dev/null 2>&1

-${CMDNS1} ping -c 3 ${VPNADDR6} >/dev/null 2>&1
+${CMDNS1} ping -6 -c 3 ${VPNADDR6} >/dev/null 2>&1
set +e

${OCCTL} -s ${OCCTL_SOCKET} show users|grep ${USERNAME}
@@ -137,7 +137,7 @@
set -e
${CMDNS1} ping -c 3 ${VPNADDR} >/dev/null 2>&1

-${CMDNS1} ping -c 3 ${VPNADDR6} >/dev/null 2>&1
+${CMDNS1} ping -6 -c 3 ${VPNADDR6} >/dev/null 2>&1
set +e

${OCCTL} -s ${OCCTL_SOCKET} show users|grep ${USERNAME}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/test-cookie-timeout
new/ocserv-0.12.3/tests/test-cookie-timeout
--- old/ocserv-0.12.2/tests/test-cookie-timeout 2018-01-06 08:54:46.000000000
+0100
+++ new/ocserv-0.12.3/tests/test-cookie-timeout 2019-01-19 13:42:35.000000000
+0100
@@ -51,7 +51,7 @@
fi

CPID=`cat "${PIDFILE}"`
-kill $CPID
+kill -9 $CPID
rm -f "${PIDFILE}"

sleep 16
@@ -81,7 +81,7 @@
fi

CPID=`cat "${PIDFILE}"`
-kill $CPID
+kill -9 $CPID
rm -f "${PIDFILE}"


diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/test-pass-cert
new/ocserv-0.12.3/tests/test-pass-cert
--- old/ocserv-0.12.2/tests/test-pass-cert 2017-09-09 10:34:02.000000000
+0200
+++ new/ocserv-0.12.3/tests/test-pass-cert 2019-01-30 19:01:35.000000000
+0100
@@ -22,6 +22,7 @@
srcdir=${srcdir:-.}
NO_NEED_ROOT=1
PORT=4445
+ISOLATE_WORKERS=false

. `dirname $0`/common.sh

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ocserv-0.12.2/tests/traffic
new/ocserv-0.12.3/tests/traffic
--- old/ocserv-0.12.2/tests/traffic 2018-04-14 09:52:35.000000000 +0200
+++ new/ocserv-0.12.3/tests/traffic 2019-03-12 21:13:35.000000000 +0100
@@ -108,7 +108,7 @@

${CMDNS2} nuttcp -1

-${CMDNS1} ping -c 3 ${VPNADDR6}
+${CMDNS1} ping -6 -c 3 ${VPNADDR6}

echo " * Receiving with nuttcp"



< Previous Next >
This Thread
  • No further messages