summaryrefslogtreecommitdiff
path: root/accel-pppd/ctrl/sstp
AgeCommit message (Collapse)Author
2018-10-26sstp: fix build w/o opensslVladislav Grishenko
2018-10-26sstp: fix build with openssl 1.1.0-1.1.0gVladislav Grishenko
2018-10-25sstp: disable ciphers renegotiation (CVE-2009-3555)Vladislav Grishenko
2018-10-25sstp: improve openssl 1.1.x compatibilityVladislav Grishenko
2018-06-05sstp: add ECDSA certs support and ssl-ecdh-curve option for ECDHE ciphersVladislav Grishenko
2018-06-05sstp: add ssl-dhparam option for DHE ciphersVladislav Grishenko
2018-06-03sstp: use generic HTTP/1.0 error codes for better compatibilityVladislav Grishenko
2018-06-03sstp: add disconnection reason loggingVladislav Grishenko
2018-06-03sstp: implement Compound MAC validationVladislav Grishenko
2018-06-03sstp: add snmp supportVladislav Grishenko
2018-06-03sstp: add session events & stat supportVladislav Grishenko
2018-06-02sstp: drop port from calling_station_id/called_station_idVladislav Grishenko
2018-06-01sstp: fix proxy proto v1 over ipv6Vladislav Grishenko
2018-06-01sstp: implement configurable http error response incl. redirectVladislav Grishenko
2018-06-01sstp: http: add verbose response loggingVladislav Grishenko
2018-04-19sstp: fix connection drop with global mppe=required optionVladislav Grishenko
2018-04-19sstp: fix coexistance of host-name= & port= optionsVladislav Grishenko
2018-02-28sstp: http: improve http detectionVladislav Grishenko
no need to wait until timeout for non-http data (i.e https)
2018-02-28sstp: http: change method error from 501 to 405Vladislav Grishenko
2018-02-28sstp: fix proxy-protocol support in ssl modeVladislav Grishenko
2018-02-27sstp: allow access to unix socket to anyoneVladislav Grishenko
almost the same as ipv4/ipv6 is accessible by anyone for easier access under multiple proxy effective users.
2018-02-27sstp: fix crash with no any accept option specifiedVladislav Grishenko
2018-02-27sstp: unlink stray unix socket on init/bind errorVladislav Grishenko
2018-02-27sstp: implement proxy-protocol 1 & 2 supportVladislav Grishenko
2018-02-27sstp: implement ipv6 & unix socket supportVladislav Grishenko
following bind option formats are valid: bind=x.x.x.x bind=2001:db8::1 bind=unix:/var/run/sstp.socket bind=unix:@sstp port option is meaningful for ipv4 and ipv6 only
2018-02-27sstp: implement accept list optionVladislav Grishenko
currently the only ssl value is supported
2018-01-10sstp: drop unnecessary ssl reinitializationVladislav Grishenko
2018-01-06sstp: reuse general logging frameworkVladislav Grishenko
2018-01-05sstp: possible sync ppp mode fixVladislav Grishenko
2018-01-05sstp: fix default max mtu to fit standard 1500 mediaVladislav Grishenko
2017-12-30sstp: add generic base for parsing http header values, improve host-name ↵Vladislav Grishenko
checking
2017-12-30sstp: log current SSL mode for referenceVladislav Grishenko
2017-12-30sstp: optimize SSL context & config reload handlingVladislav Grishenko
2017-12-30sstp: fix obsolete contexts leakVladislav Grishenko
2017-12-30sstp: rework certificate load, fix build issue with some openssl versionVladislav Grishenko
2017-12-30sstp: fix va_start/va_end usage on x64 platformsVladislav Grishenko
2017-12-30sstp: http: protect against oversized headers and improve parsingVladislav Grishenko
2017-12-30sstp: implement HTTP host header and TLS SNI checkingVladislav Grishenko
2017-12-30sstp: drop ssl_mode_auto_retry, not required afer ↵Vladislav Grishenko
7945857927b4cedab365ba86934d771281eeb213
2017-12-30sstp: use HTTP status code 510 for HTTP method errorsVladislav Grishenko
2017-12-30sstp: http: get rid of static reply bufferVladislav Grishenko
2017-12-30sstp: fix eof result of ssl read/write ops although no harm was really happenedVladislav Grishenko
2017-12-30sstp: allow colons in cert-hash-* hex valuesVladislav Grishenko
Simplify copy-pasting from openssl x509 -fingerprint output: Examples: openssl x509 -in cert.pem -noout -fingerprint -sha1 openssl x509 -in cert.pem -noout -fingerprint -sha256
2017-12-30sstp: use ssl-keyfile option for certificate private keyVladislav Grishenko
if not set, fallback to private key in the same ssl-pemfile
2017-12-30sstp: treat SSL errors as EIOVladislav Grishenko
2017-12-30sstp: keep default ssl ciphers for better compatibilityVladislav Grishenko
2017-12-30sstp: allow to prefer server ciphers with ssl-prefer-server-ciphers optionVladislav Grishenko
2017-12-30sstp: implement Crypto Binding's Certificate hash & proto checking per 3.3.5.2.3Vladislav Grishenko
Warning: config options are changed aligned with general accel-ppp style. Following cases, including no-openssl build are supported: ssl | ssl-pemfile | behavior 1 set get both sha1 & sha256 from the certificate 0 set get both sha1 & sha256 from the certificate 0 unset use cert-hash-sha1 and/or cert-hash-sha256 hex options no-openssl use cert-hash-sha1 and/or cert-hash-sha256 hex options cert-hash-sha1 and/or cert-hash-sha256 hex options override certificate's, so it's possible to turn certficate hash verification off with just empty values (default).
2017-12-30sstp: implement Crypto Binding attr & nonce checking per 3.3.5.2.3Vladislav Grishenko
2017-12-30sstp: fix thread crash on certificate-error diconnectVladislav Grishenko
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-28 12:07:07 +0000