*.p12 -text
*.der -text
-# SoftHSM objects
+# SoftHSM and SwTPM objects
*.object -text
+tests/softhsm/*/generation -text
+swtpm*.state -text
$(GMP_BUILD)/Makefile: $(TOOLCHAIN_BUILT) $(GMP_SRC)/configure
mkdir -p $(GMP_BUILD)
- cd $(GMP_BUILD) && ../../$(GMP_SRC)/configure $(CONFIGURE_ARGS)
+ cd $(GMP_BUILD) && ../../$(GMP_SRC)/configure $(CONFIGURE_ARGS)
$(GMP_BUILD)/libgmp.la: $(GMP_BUILD)/Makefile
mkdir -p $1
fi
cp -f $SRCS "$1"
-
Igor Gnatenko
Haïkel Guémar
Tobias Waldekranz
-Patrick Donnelly
+Patrick Donnelly
Wilmer van der Gaast
Jin Wei
François Cartegnie
Matthijs Boelstra
Richard Selneck
-
settings.mem_free = default_free;
json_value_free_ex (&settings, value);
}
-
} json_type;
extern const struct _json_value json_value_none;
-
+
typedef struct _json_object_entry
{
json_char * name;
unsigned int name_length;
-
+
struct _json_value * value;
-
+
} json_object_entry;
typedef struct _json_value
}
inline const struct _json_value &operator [] (const char * index) const
- {
+ {
if (type != json_object)
return json_value_none;
}
inline operator const char * () const
- {
+ {
switch (type)
{
case json_string:
}
inline operator json_int_t () const
- {
+ {
switch (type)
{
case json_integer:
}
inline operator bool () const
- {
+ {
if (type != json_boolean)
return false;
}
inline operator double () const
- {
+ {
switch (type)
{
case json_integer:
#endif
} json_value;
-
+
json_value * json_parse (const json_char * json,
size_t length);
#endif
#endif
-
-
. I HOST
and optionally the
.I PORT
-number and the login
+number and the login
.I GROUP
or realm.
#always-require-cert = false
compression = false
-
# User authentication method. Could be set multiple times and in that case
# all should succeed.
-# Options: certificate, pam.
+# Options: certificate, pam.
auth = "certificate"
auth = "plain[@abs_top_srcdir@/tests/configs/test1.passwd]"
#auth = "pam"
#max-clients = 1024
max-clients = 16
-# Limit the number of client connections to one every X milliseconds
+# Limit the number of client connections to one every X milliseconds
# (X is the provided value). Set to zero for no limit.
#rate-limit-ms = 100
try-mtu-discovery = false
# The key and the certificates of the server
-# The key may be a file, or any URL supported by GnuTLS (e.g.,
+# The key may be a file, or any URL supported by GnuTLS (e.g.,
# tpmkey:uuid=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx;storage=user
# or pkcs11:object=my-vpn-key;object-type=private)
#
# The object identifier that will be used to read the user ID in the client certificate.
# The object identifier should be part of the certificate's DN
-# Useful OIDs are:
+# Useful OIDs are:
# CN = 2.5.4.3, UID = 0.9.2342.19200300.100.1.1
cert-user-oid = 0.9.2342.19200300.100.1.1
-# The object identifier that will be used to read the user group in the client
+# The object identifier that will be used to read the user group in the client
# certificate. The object identifier should be part of the certificate's DN
-# Useful OIDs are:
-# OU (organizational unit) = 2.5.4.11
+# Useful OIDs are:
+# OU (organizational unit) = 2.5.4.11
#cert-group-oid = 2.5.4.11
# A revocation list of ca-cert is set
# to authentication
auth-timeout = 40
-# The time (in seconds) that a client is not allowed to reconnect after
+# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
-# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
+# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
# may be "connect" or "disconnect".
# The NBNS server (if any)
#ipv4-nbns = 192.168.2.3
-#ipv6-address =
-#ipv6-mask =
-#ipv6-dns =
+#ipv6-address =
+#ipv6-mask =
+#ipv6-dns =
# Prior to leasing any IP from the pool ping it to verify that
# it is not in use by another (unrelated to this server) host.
ping-leases = false
# Leave empty to assign the default MTU of the device
-# mtu =
+# mtu =
route = 192.168.1.0/255.255.255.0
#route = 192.168.5.0/255.255.255.0
#
-# The following options are for (experimental) AnyConnect client
-# compatibility. They are only available if the server is built
+# The following options are for (experimental) AnyConnect client
+# compatibility. They are only available if the server is built
# with --enable-anyconnect
#
# Client profile xml. A sample file exists in doc/profile.xml.
-# This file must be accessible from inside the worker's chroot.
+# This file must be accessible from inside the worker's chroot.
# The profile is ignored by the openconnect client.
#user-profile = profile.xml
# cookie. Legacy CISCO clients do not do that, and thus this option
# should be set for them.
cisco-client-compat = true
-
# User authentication method. Could be set multiple times and in that case
# all should succeed.
-# Options: certificate, pam.
+# Options: certificate, pam.
#auth = "certificate"
auth = "plain[@abs_top_srcdir@/tests/configs/test1.passwd]"
#auth = "pam"
#max-clients = 1024
max-clients = 16
-# Limit the number of client connections to one every X milliseconds
+# Limit the number of client connections to one every X milliseconds
# (X is the provided value). Set to zero for no limit.
rate-limit-ms = 0
try-mtu-discovery = false
# The key and the certificates of the server
-# The key may be a file, or any URL supported by GnuTLS (e.g.,
+# The key may be a file, or any URL supported by GnuTLS (e.g.,
# tpmkey:uuid=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx;storage=user
# or pkcs11:object=my-vpn-key;object-type=private)
#
# The object identifier that will be used to read the user ID in the client certificate.
# The object identifier should be part of the certificate's DN
-# Useful OIDs are:
+# Useful OIDs are:
# CN = 2.5.4.3, UID = 0.9.2342.19200300.100.1.1
cert-user-oid = 0.9.2342.19200300.100.1.1
-# The object identifier that will be used to read the user group in the client
+# The object identifier that will be used to read the user group in the client
# certificate. The object identifier should be part of the certificate's DN
-# Useful OIDs are:
-# OU (organizational unit) = 2.5.4.11
+# Useful OIDs are:
+# OU (organizational unit) = 2.5.4.11
#cert-group-oid = 2.5.4.11
# A revocation list of ca-cert is set
# to authentication
auth-timeout = 40
-# The time (in seconds) that a client is not allowed to reconnect after
+# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
-# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
+# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
# may be "connect" or "disconnect".
# The NBNS server (if any)
#ipv4-nbns = 192.168.2.3
-#ipv6-address =
-#ipv6-mask =
-#ipv6-dns =
+#ipv6-address =
+#ipv6-mask =
+#ipv6-dns =
# Prior to leasing any IP from the pool ping it to verify that
# it is not in use by another (unrelated to this server) host.
ping-leases = false
# Leave empty to assign the default MTU of the device
-# mtu =
+# mtu =
route = 192.168.1.0/255.255.255.0
#route = 192.168.5.0/255.255.255.0
#
-# The following options are for (experimental) AnyConnect client
-# compatibility. They are only available if the server is built
+# The following options are for (experimental) AnyConnect client
+# compatibility. They are only available if the server is built
# with --enable-anyconnect
#
# Client profile xml. A sample file exists in doc/profile.xml.
-# This file must be accessible from inside the worker's chroot.
+# This file must be accessible from inside the worker's chroot.
# The profile is ignored by the openconnect client.
#user-profile = profile.xml
# cookie. Legacy CISCO clients do not do that, and thus this option
# should be set for them.
cisco-client-compat = true
-
<VAR match="VAR_SEL_ANYCONNECT" replace="selected" />
<PARSE file="menu1.xml" />
<PARSE file="menu2-protocols.xml" />
-
+
<INCLUDE file="inc/content.tmpl" />
<h1>Cisco AnyConnect</h1>
<VAR match="VAR_SEL_CONTRIBUTE" replace="selected" />
<PARSE file="menu1.xml" />
-
+
<INCLUDE file="inc/content.tmpl" />
<h1>Contributing to OpenConnect</h1>
<VAR match="VAR_SEL_DOWNLOAD" replace="selected" />
<PARSE file="menu1.xml" />
<PARSE file="menu2.xml" />
-
+
<INCLUDE file="inc/content.tmpl" />
<h1>Download</h1>
imagesdir = $(htmldir)/images
dist_images_DATA = $(srcdir)/*.png $(srcdir)/*.svg
-
tmpldatadir = $(htmldir)/inc
dist_tmpldata_DATA = $(srcdir)/*.tmpl
-
<link href="VAR_ORIGINstyles/main.css" rel="styleSheet" type="text/css" />
<link href='http://fonts.googleapis.com/css?family=Raleway' rel='stylesheet' type='text/css' />
</head>
-
+
<body>
- <div id="logo" align="right">
+ <div id="logo" align="right">
<img src="VAR_ORIGINimages/openconnect.png" height="96px" alt="OpenConnect" />
</div>
<div id="main">
-
<VAR match="VAR_SEL_JUNIPER" replace="selected" />
<PARSE file="menu1.xml" />
<PARSE file="menu2-protocols.xml" />
-
+
<INCLUDE file="inc/content.tmpl" />
<h1>Juniper SSL VPN / Pulse Connect Secure</h1>
<VAR match="VAR_SEL_MAIL" replace="selected" />
<PARSE file="menu1.xml" />
-
+
<INCLUDE file="inc/content.tmpl" />
<h1>Getting help</h1>
<VAR match="VAR_SEL_MANUAL" replace="selected" />
<PARSE file="menu1.xml" />
<PARSE file="menu2-started.xml" />
-
+
<INCLUDE file="inc/content.tmpl" />
<INCLUDE file="openconnect.8.inc" />
<INCLUDE file="inc/footer.tmpl" />
</PAGE>
-
-
-
This should produce output including something like the following:
<table border="1"><tr><td><pre>
Token 7:
- URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=108421384210c3f5;token=PIV_II%20%28PIV%20Card%20Holder%20pin%29
+ URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=108421384210c3f5;token=PIV_II%20%28PIV%20Card%20Holder%20pin%29
Label: PIV_II (PIV Card Holder pin)
Type: Hardware token
Manufacturer: piv_II
option. You can look for them by using the <tt>--list-privkeys</tt> option to <tt>p11tool</tt>. You will almost certainly want to use the <tt>--login</tt> option too:</p>
<ul><li><tt>p11tool --list-privkeys --login pkcs11:manufacturer=piv_II</tt></li></ul>
<table border="1"><tr><td><pre>Token 'PIV_II (PIV Card Holder pin)' with URL 'pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=108421384210c3f5;token=PIV_II%20%28PIV%20Card%20Holder%20pin%29' requires user PIN
-Enter PIN:
+Enter PIN:
Object 0:
URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=108421384210c3f5;token=PIV_II%20%28PIV%20Card%20Holder%20pin%29;id=%01;object=PIV%20AUTH%20key;object-type=private
Type: Private key
Label: PIV AUTH key
- Flags: CKA_WRAP/UNWRAP; CKA_PRIVATE; CKA_SENSITIVE;
+ Flags: CKA_WRAP/UNWRAP; CKA_PRIVATE; CKA_SENSITIVE;
ID: 01
Object 1:
URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=108421384210c3f5;token=PIV_II%20%28PIV%20Card%20Holder%20pin%29;id=%02;object=SIGN%20key;object-type=private
Type: Private key
Label: SIGN key
- Flags: CKA_PRIVATE; CKA_SENSITIVE;
+ Flags: CKA_PRIVATE; CKA_SENSITIVE;
ID: 02
Object 2:
URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=108421384210c3f5;token=PIV_II%20%28PIV%20Card%20Holder%20pin%29;id=%03;object=KEY%20MAN%20key;object-type=private
Type: Private key
Label: KEY MAN key
- Flags: CKA_WRAP/UNWRAP; CKA_PRIVATE; CKA_SENSITIVE;
+ Flags: CKA_WRAP/UNWRAP; CKA_PRIVATE; CKA_SENSITIVE;
ID: 03
Object 3:
URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=108421384210c3f5;token=PIV_II%20%28PIV%20Card%20Holder%20pin%29;id=%04;object=CARD%20AUTH%20key;object-type=private
Type: Private key
Label: CARD AUTH key
- Flags: CKA_SENSITIVE;
+ Flags: CKA_SENSITIVE;
ID: 04
</pre></td></tr></table>
<p>
<VAR match="VAR_SEL_PULSE" replace="selected" />
<PARSE file="menu1.xml" />
<PARSE file="menu2-protocols.xml" />
-
+
<INCLUDE file="inc/content.tmpl" />
<h1>Pulse Connect Secure</h1>
stylesdatadir = $(htmldir)/styles
dist_stylesdata_DATA = main.css
-
border-left-style: double;
border-bottom-style: double;
border-color: #1414a6;
- border-left-width: 5px;
+ border-left-width: 5px;
border-bottom-width: 5px;
min-width: 70em;
}
height: 2.3em;
border-bottom-style: solid;
border-color: #1414a6;
- border-bottom-width: 1px;
+ border-bottom-width: 1px;
}
#menu2 .nonsel a {
margin-bottom: 20px;
margin-right: 20px;
margin-top: 20px;
- padding-top: 20px;
+ padding-top: 20px;
padding-left: 20px;
- padding-right: 120px;
- padding-bottom: 20px;
+ padding-right: 120px;
+ padding-bottom: 20px;
font-size: 14px;
}
projects / users / dwmw2 / openconnect.git / commitdiff