2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.7

2014-10-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: use 3des-pkcs12 in the documentation for the
	generation of PKCS #12 structures That format seems to be compatible with more clients (e.g.
	Anyconnect).

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: disable SSL 3.0 on the
	default priorities

2014-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: disabled session control by default in
	sample.config

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: only enable session control when a username/password
	authentication is used

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: Added sanity checks into sec-mod That prevents a crash when certificate authentication is used but
	session control is enabled. Reported by George Panda.

2014-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: enable non-blocking DTLS timers

2014-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: removed no longer relevant todo entries

2014-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: corrected typo

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: changes for non-blocking sockets

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main.c, src/tlslib.c,
	src/worker-misc.c, src/worker-vpn.c: use non-blocking sockets in
	worker process

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main.c: added set_non_block()

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: corrected typo

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: released 0.8.6

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.h: simplified FATAL_ERR_CMD()

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/tlslib.c, src/tlslib.h: added
	recv_timeout() to replace force_read_timeout() in socket reading

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/worker-vpn.c: cleanup of cstp_recv() and
	cstp_recv_nb()

2014-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/Makefile.am, libopts/ag-char-map.h, libopts/ao-strs.c,
	libopts/ao-strs.h, libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/usage-txt.h, libopts/compat/_Noreturn.h,
	libopts/genshell.c, libopts/genshell.h, libopts/intprops.h,
	libopts/m4/libopts.m4, libopts/m4/stdnoreturn.m4,
	libopts/option-value-type.c, libopts/option-value-type.h,
	libopts/option-xat-attribute.c, libopts/option-xat-attribute.h,
	libopts/parse-duration.c, libopts/proto.h,
	libopts/stdnoreturn.in.h, libopts/version.c: updated to libopts
	5.18.4

2014-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.5

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/tun.c: eliminated last uses of force_close()

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.h, src/main-ctl-unix.c, src/main-misc.c, src/main.c: 
	Revert "use force_close() on server to avoid descriptor leaks" This reverts commit f622f6696c3b3a5fc8ffc39c4d5db2322c78c7c2.

2014-09-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.def,
	tests/docker-ocserv/ocserv-unix.conf: listen-file ->
	listen-clear-file

2014-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.def,
	tests/docker-ocserv/ocserv-unix.conf: unix-conn-file -> listen-file

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c, src/main.h, src/sec-mod-auth.c,
	src/sec-mod.c, src/sec-mod.h: use more reasonable names to open and
	close a session

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: override the user's group prior to opening the
	group configuration file That prevented opening group configuration for users that had their
	group in a certificate. Reported by Norbert Paschedag.

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/ocserv-args.def, tests/Makefile.am,
	tests/test-pass-opt-cert.config: optional-certificate was renamed to
	certificate[optional]

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: allow positive values to waitpid

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: increased the verbosity of shutdown messages

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-pass-opt-cert,
	tests/test-pass-opt-cert.config, tests/user-config-opt/test: Added
	self-tests for optional certificate authentication

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ipc.proto, src/main-auth.c,
	src/ocserv-args.def, src/sec-mod-auth.c, src/sec-mod.h,
	src/sup-config/file.c, src/vpn.h, src/worker-auth.c, src/worker.h: 
	added new authentication mode optional-certificate That mode allows having only specific group of users that are
	required to present a certificate.

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vasprintf.c: replaced vasprintf() with correct variant

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* COPYING, src/auth/pam.c, src/auth/plain.c, src/common.c,
	src/config.c, src/cookies.c, src/html.c, src/icmp-ping.c,
	src/ip-lease.c, src/log.c, src/main-auth.c, src/main-ctl-dbus.c,
	src/main-ctl-unix.c, src/main-misc.c, src/main-resume.c,
	src/main-sup-config.c, src/main-user.c, src/main.c,
	src/occtl-args.def, src/occtl-cache.c, src/occtl-dbus.c,
	src/occtl-nl.c, src/occtl-pager.c, src/occtl-unix.c, src/occtl.c,
	src/ocpasswd-args.def, src/ocpasswd.c, src/ocserv-args.def,
	src/route-add.c, src/sec-mod-auth.c, src/sec-mod-ban.c,
	src/sec-mod-db.c, src/sec-mod.c, src/setproctitle.c,
	src/sup-config/file.c, src/system.c, src/tlslib.c, src/tun.c,
	src/worker-auth.c, src/worker-bandwidth.c, src/worker-extras.c,
	src/worker-misc.c, src/worker-privs.c, src/worker-resume.c,
	src/worker-vpn.c: Revert "license upgraded to GPLv3" This reverts commit 213f9a63ee60192c5bb086c3c970c4644e55f459.  Conflicts: 	configure.ac

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/docker-ocserv/Dockerfile,
	tests/docker-ocserv/Dockerfile-tcp,
	tests/docker-ocserv/Dockerfile-unix,
	tests/docker-ocserv/Makefile.am, tests/docker-ocserv/combo.pem,
	tests/docker-ocserv/haproxy.cfg,
	tests/docker-ocserv/ocserv-unix.conf, tests/full-test,
	tests/unix-test: added test for unix socket operation

2014-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Allow disabling the TCP port completely

2014-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/ocserv-args.def: doc update

2014-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: do not allow the combination of
	AUTH_TYPE_CERTIFICATE and unix-conn-file

2014-09-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: allow the group owner of the connection socket to
	access it

2014-09-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/main.c, src/main.h,
	src/ocserv-args.def, src/tlslib.c, src/tlslib.h, src/vpn.h,
	src/worker-auth.c, src/worker-extras.c, src/worker-vpn.c,
	src/worker.h: Allow the CSTP layer to operate without TLS That also introduces a unix domain socket under which connections to
	the server can occur.

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: corrected tun device closing order for BSD systems

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h, src/main-ctl-unix.c, src/main-misc.c, src/main.c: 
	use force_close() on server to avoid descriptor leaks

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.h, src/tun.c: ensure that in all cases
	the tun fd is closed

2014-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: when a UDP packet error occurs print the IP of the
	packet

2014-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: fail when a tun device has no name

2014-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: updated comment

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c: reduced the severity of debug messages

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c: added more debugging messages in pam module

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c: pam messages made more specific

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-auth.c, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c, src/worker-vpn.c: send the IPv6 netmask in a
	compatible with cisco servers way

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: In IPv6 send the prefix instead of the netmask That allows vpnc-script in windows to apply the correct settings.

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: TODO: updated

2014-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: modified rx test to an occtl test

2014-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl-unix.c,
	src/worker-vpn.c: Revert "print the per-user RX and TX bytes from
	occtl" This reverts commit ecd6e316a9f447a6766af6174d632e43a557e237.

2014-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/docker-ocserv/Dockerfile,
	tests/docker-ocserv/ocserv.conf, tests/full-test: updated full-test

2014-09-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/full-test: added test for RX data

2014-09-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl-unix.c,
	src/worker-vpn.c: print the per-user RX and TX bytes from occtl

2014-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c: sec-mod-auth: don't print misleading message
	on session control

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test: full_test: requires building on debian due to
	gnutls symbol differences

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-pass-group-cert: tests: added check for the DEFAULT
	group in test-pass-group-cert

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: when the default group is selected, don't treat
	it as no selection

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: made the comparison for XML fiels case
	insensitive Suggested by sskaje, based on an issue with the Anyconnect iOS
	client.

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/fcntl.in.h, gl/getdtablesize.c, gl/getpass.c,
	gl/m4/dup2.m4, gl/m4/extern-inline.m4, gl/m4/fcntl.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/strcase.m4, gl/m4/strcasestr.m4,
	gl/m4/strings_h.m4, gl/stdint.in.h, gl/strcasecmp.c,
	gl/strcasestr.c, gl/strings.in.h, gl/strncasecmp.c,
	gl/sys_types.in.h, gl/time.in.h, gl/unistd.in.h: gnulib: added
	strcasestr

2014-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/docker-ocserv/Dockerfile, tests/full-test: full-test: do not
	require --without-protobuf

2014-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: avoid calling gnutls_record_get_discarded() when
	a DTLS session isn't available

2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/full-test: full-test: require the --without-protobuf option

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/protobuf/protobuf-c/protobuf-c.c,
	src/protobuf/protobuf-c/protobuf-c.h: updated to protobuf 1.0.1

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/autoopts.h: check for stdnoreturn.h presence

2014-08-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am,
	src/protobuf/google/protobuf-c/protobuf-c.c,
	src/protobuf/google/protobuf-c/protobuf-c.h,
	src/protobuf/protobuf-c/protobuf-c.c,
	src/protobuf/protobuf-c/protobuf-c.h: corrected included protobuf's
	path, to align with protobuf 1.0.0

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: corrected typo

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/docker-ocserv/Makefile.am: 
	include the docker test into distribution

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.3

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: added work-around for infinite loop if the UDP
	descriptor becomes invalid

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-user.c, src/main.c, src/main.h: after fork restore the
	default signal mask

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-misc.c: worker: when the UDP socket is updated, update
	the DTLS session

2014-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/system.c: updated bsd's getpeereid() check to match the Linux
	behavior

2014-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: worker: call sigprocmask() prior to entering
	main loop

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/protobuf/google/protobuf-c/protobuf-c.c,
	src/protobuf/google/protobuf-c/protobuf-c.h: protobuf-c: upgraded to
	1.0.0

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: only consider DTLS pending data if the UDP port
	is in active state That may address a possibility for an infinite loop.

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO, src/ipc.proto, src/main-auth.c, src/ocserv-args.def,
	src/sup-config/file.c, src/vpn.h, src/worker-auth.c: user-profile is
	now allowed in per-user configuration

2014-07-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README: removed text on seccomp

2014-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/COPYING.gplv3, libopts/COPYING.lgplv3, libopts/README,
	libopts/ag-char-map.h, libopts/alias.c, libopts/ao-strs.c,
	libopts/ao-strs.h, libopts/autoopts.c, libopts/autoopts.h,
	libopts/autoopts/options.h, libopts/autoopts/project.h,
	libopts/autoopts/usage-txt.h, libopts/boolean.c, libopts/check.c,
	libopts/compat/compat.h, libopts/compat/windows-config.h,
	libopts/configfile.c, libopts/cook.c, libopts/enum.c,
	libopts/env.c, libopts/file.c, libopts/find.c, libopts/genshell.c,
	libopts/genshell.h, libopts/gettext.h, libopts/init.c,
	libopts/load.c, libopts/m4/libopts.m4, libopts/m4/liboptschk.m4,
	libopts/makeshell.c, libopts/nested.c, libopts/numeric.c,
	libopts/option-value-type.c, libopts/option-value-type.h,
	libopts/option-xat-attribute.c, libopts/option-xat-attribute.h,
	libopts/parse-duration.c, libopts/parse-duration.h,
	libopts/pgusage.c, libopts/proto.h, libopts/putshell.c,
	libopts/reset.c, libopts/restore.c, libopts/save.c, libopts/sort.c,
	libopts/stack.c, libopts/streqvcmp.c, libopts/text_mmap.c,
	libopts/time.c, libopts/tokenize.c, libopts/usage.c,
	libopts/version.c: updated libopts to 5.18.3

2014-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: /profiles request allows partial match

2014-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: better error messages when certificate username
	limit is reached

2014-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2014-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/sup-config/file.c: made macro usage safer That solves an issue where the pid_file would be overwritten on a
	configuration file reload.

2014-07-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: updated todo list

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc: do not explicitly set serial number in
	generated certificate That would allow certtool to use a random one.

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c: pam: deinitialize co-routine when session is open
	to save memory

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth/pam.c: pam: reduced default stack size

2014-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.1

2014-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/str.c: initialize str to null

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: fix typo

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: ocserv: corrected debug message

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: ocserv: print the correct message when only
	selecting a group.

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/str.c, src/str.h,
	src/vasprintf.c, src/vasprintf.h, src/worker-auth.c: introduced
	str_append_printf()

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/common.sh: tests: Increased the server start wait time

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-pass-group-cert-no-pass,
	tests/test-user-group-cert-no-pass.config: tests: Added check for
	certificate-only client with groups

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/worker-auth.c: ocserv: prompt the user for
	group selection even if only certificate authentication is used.

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: document how to convert key to pkcs12 file

2014-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: search for group_list in addition to
	group%5flist That allows to read the group from AnyConnect clients.

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker-misc.c: Set the applicable DNS and
	NBNS servers in complete_vpn_info().

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c, src/vpn.h: Eliminated the MAX_ROUTES requirement.

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker.h: Forward the appropriate DNS and
	NBNS values when using a per-user/group config.

2014-06-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/ocpasswd-test: tests: Added check for the
	basic commands of ocpasswd.

2014-06-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def: Use a more terse, but with more
	dynamic information version string.

2014-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocpasswd.c: Avoid using snprintf() and simply use strcpy().

2014-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Ignore the return code of snprintf(); it is
	useless.

2014-06-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/worker-auth.c, src/worker.h: When renegotiating,
	verify that any certificate received from the client contains the
	same username.

2014-06-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config: doc update

2014-06-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-vpn.c: Seccomp is now compiled in by default, and can be
	enabled at run-time.

2014-06-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-12  Hexchain Tong <i@hexchain.org>

	* src/html.c: Fix array subscription in unescape_url Passwords with url escaped characters were parsed incorrectly. The
	variable used for iterating over `url` should be `i`, not `pos`.
	This patch fixes the problem.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-db.c: removed debugging message

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod.c: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/sec-mod.c: Reload the configuration of the
	security module as well, on main process reload.

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* : Added sequence diagram describing the session control operation.

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/common.c, src/config.c, src/ipc.proto,
	src/main-auth.c, src/main-ctl-unix.c, src/main-misc.c, src/main.c,
	src/main.h, src/ocserv-args.def, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/sec-mod-ban.c, src/sec-mod-db.c,
	src/sec-mod.c, src/sec-mod.h, src/system.c, src/system.h, src/vpn.h: 
	Added support for session control (relevant for PAM for now) That in effect will utilize the pam_open_session() and
	pam_close_session().  It is disabled by default as it requires more
	resources from the security module.

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-auth.c, src/main.h, src/ocserv-args.def,
	src/sec-mod-auth.c, src/vpn.h: Include the SID into the cookie and
	store it in proc_st.

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/vpn.h, src/worker-auth.c, src/worker-vpn.c, src/worker.h: 
	Added work-around for openconnect v3.20 That version of openconnect requires some strict format on the XML
	messages. Thus we send it, what it expects.

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto: removed unused protobuf variable

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-pass, tests/test-pass-script, tests/test1.passwd: 
	tests: check for special characters into username in addition to
	password

2014-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Send the server version string to client.

2014-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: TODO: removed completed item

2014-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: removed dbus from the dependencies

2014-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.def, src/ocpasswd.c: ocpasswd: added parameter
	to delete a user.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac: bumped version

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-args.def: doc update

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: No longer install d-bus or systemd files.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-02  Brian Chu <cynix@cynix.org>

	* src/tun.c: Fix tun IPv6 on platforms that use SIOCAIFADDR_IN6.  Also remove a redundant call to SIOCDIFADDR. A freshly cloned tun
	interface should not have existing aliases.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: removed double header inclusion

2014-06-02  Brian Chu <cynix@cynix.org>

	* src/tun.c: Fix insufficient arguments in an error message.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: Avoid warning due to unused variables.

2014-06-02  Brian Chu <cynix@cynix.org>

	* src/main-misc.c, src/main.h, src/tun.c: Fix tun device usage on
	*BSD.  SIOCSIFADDR is deprecated on *BSD. Instead, use SIOCAIFADDR to add
	an alias. Also destroy the tun device with SIOCIFDESTROY when the
	client disconnects.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: doc update

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: SID is no longer being randomized in main.  This was unecessary as it is now being set (and generated) by
	sec-mod.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c, src/worker-misc.c, src/worker-vpn.c: reduced
	the severity on several worker log messages.

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/plain.c: corrected string comparison

2014-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h, src/worker-misc.c, src/worker-vpn.c: Do a more graceful
	termination of the client if main server closes the CMD fd.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-unix.c, src/occtl-unix.c, src/sec-mod.c: Always use
	the native endianness.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: autogenerate args files if version.inc is update.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed no longer applicable message

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.0

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/kill-parent.sh, tests/test-iroute,
	tests/test-pass-script: use a more portable way to kill the
	openconnect process.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: full-test: be more resilient to docker errors.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: corrected compilation with local protobuf

2014-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: doc update

2014-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Listed previous releases.

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c: main: correct hashing of cookie

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: more debug messages

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/main.h: main: removed the inactive ban_list.

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: main: deactivate the cookie when releasing proc.

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: worker: only check for friendly names, if there
	are any

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: increased the maintainance time to 15 mins

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h: inline revive_cookie()

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c: No need for safe_memset() of the cookie hash.

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/main.h: Limit the number of TLS resumption
	requests to one.

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/main-auth.c, src/main.h: Store a hash of the
	client's cookie instead of the cookie itself.  That ensures that the cookies cannot be leaked from the server.  On
	a hash collision, the IP of the other cookie in use will be
	hijacked.

2014-05-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: zeroize cookies and TLS session data after read.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config, src/ocserv-args.def: doc update

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-resume.c, src/tlslib.h, src/worker-vpn.c: TLS sessions
	expire the at cookie timeout.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/system.c: better printing of module name.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ctl.proto, src/main-ctl-unix.c, src/occtl-unix.c: Report the
	number of active cookies and TLS resumed sessions to occtl

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/cookies.c, src/cookies.h, src/main-auth.c,
	src/main-misc.c, src/main.c, src/main.h, src/ocserv-args.def,
	src/sec-mod-auth.c, src/vpn.h, src/worker-auth.c: Keep track of
	cookies internally.  That allows to restrict the cookie validity time to the absolutely
	minimum required to establish and reconnect a recently disconnected
	session.  That deprecates the cookie-validity option and introduces
	the cookie-timeout option.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-resume.c: corrected safe_memset() of expired sessions.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.h: Allow memset of zero

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-resume.c, src/main.c, src/main.h, src/tlslib.c,
	src/tlslib.h, src/vpn.h: Simplified the TLS hash table
	initialization.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-resume.c: Overwrite TLS session data prior to release.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: use macros for reason messages

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: require the certificate being present on the
	sec-mod session initialization.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Better HTTP error messages.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-05-26  Joerg Mayer <jmayer@loplof.de>

	* src/Makefile.am: ocserv: Fix out of tree builds Signed-off-by: Joerg Mayer <jmayer@loplof.de>

2014-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test3.config: enable cisco-client-compat in cert test

2014-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: do not deny roaming by default

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Return 401 error on cookie authentication
	failure.

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/main-auth.c,
	src/main-misc.c, src/ocserv-args.def, src/sup-config/file.c,
	src/vpn.h: Added the configuration option deny-roaming.  That required moving the read of the group configuration during the
	cookie authentication phase.

2014-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.8.0pre0

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/auth/pam.c, src/config.c,
	src/ocserv-args.def, src/sec-mod-auth.c, src/vpn.h: Added auto group
	listing on PAM authentication as well.  In addition a configuration option to print group IDs over a certain
	number was added.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/plain.c: ensure that the group table isn't overflowed.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* COPYING, configure.ac, src/auth/pam.c, src/auth/plain.c,
	src/common.c, src/config.c, src/cookies.c, src/html.c,
	src/icmp-ping.c, src/ip-lease.c, src/log.c, src/main-auth.c,
	src/main-ctl-dbus.c, src/main-ctl-unix.c, src/main-misc.c,
	src/main-resume.c, src/main-sup-config.c, src/main-user.c,
	src/main.c, src/occtl-args.def, src/occtl-cache.c,
	src/occtl-dbus.c, src/occtl-nl.c, src/occtl-pager.c,
	src/occtl-unix.c, src/occtl.c, src/ocpasswd-args.def,
	src/ocpasswd.c, src/ocserv-args.def, src/route-add.c,
	src/sec-mod-auth.c, src/sec-mod-ban.c, src/sec-mod-db.c,
	src/sec-mod.c, src/setproctitle.c, src/sup-config/file.c,
	src/system.c, src/tlslib.c, src/tun.c, src/worker-auth.c,
	src/worker-bandwidth.c, src/worker-extras.c, src/worker-misc.c,
	src/worker-privs.c, src/worker-resume.c, src/worker-vpn.c: license
	upgraded to GPLv3

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-pam: test-pam: better messages

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: remove const from temp variables.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/auth/plain.c, src/sec-mod-auth.c: Better auth
	log messages.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/route-add.c: re-use the string replace API for route add/del
	replacements.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/main.h, src/ocserv-args.def,
	src/route-add.c, src/str.c: re-use the string replace API for route
	add/del replacements.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def, src/worker-vpn.c: The
	replaced keywords were put into brackets.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: check for allocation error in custom header
	replacement.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/sample.config: doc update

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def, src/worker-vpn.c: The custom header options
	allows %U and %G.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ipc.proto, src/main-auth.c,
	src/ocserv-args.def, src/str.c, src/str.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c: Added the proxy-url option to
	allow sending a proxy URL.  This corresponds to the X-CSTP-MSIE-Proxy-Pac-URL CSTP header.

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: limit the cookie validity
	time to 3 hours in the configuration examples.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-auth.c, src/sec-mod-auth.c: Restrict
	cookies to a single IP address.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/ipc.proto, src/main-auth.c,
	src/main.h, src/sec-mod-auth.c, src/sec-mod.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: Cookies are packed using protocol
	buffers to reduce their size.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Do not call close() twice. Issue spotted by
	coverity.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Correctly check for network name. Issue spotted
	using coverity.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Corrected check for group list sending to
	client.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: Allow an empty friendly_group_list (in
	auto-select-group).

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: Make pid-file an array to avoid issues with memory
	allocation.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: corrected filename

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: When a client has already selected a group,
	re-order our group selection form.  This is required by some Anyconnect clients and the openconnect
	android app.

2014-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-auth.c: Allow aliases to group names.

2014-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod-auth.c, src/worker.h: more precise usage of MAX_*_SIZE
	definitions.

2014-05-20  Kevin Cernekee <cernekee@gmail.com>

	* src/sec-mod.h: Add missing GnuTLS header file sec-mod.h now uses gnutls_privkey_t, so include <gnutls/abstract.h>
	to fix this error:       CC       main-misc.o     In file included from main-misc.c:43:0:     ./sec-mod.h:31:2: error: unknown type name
	      ‘gnutls_privkey_t’ gnutls_privkey_t *key;       ^

2014-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: mention the occtl tool instead of who -u

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: Corrected certificate generation
	instructions.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-auth.c: fixed unescape code.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-group-cert,
	tests/test-group-cert.config, tests/test-group-pass,
	tests/test-group-pass.config, tests/test-pass-group-cert,
	tests/test-user-group-cert.config, tests/user-group-cert.pem,
	tests/user-group-key.pem: Added test for group selection when having
	a certificate.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-group-pass,
	tests/test-group-pass.config, tests/test-group.passwd,
	tests/test-pam, tests/test-pam.config, tests/test1.passwd: Added
	tests for group authentication using passwords and PAM.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/auth/plain.c, src/ipc.proto,
	src/sec-mod-auth.c, src/worker-auth.c, src/worker.h: Allow multiple
	groups to be present in a client certificate.  In that case the user will be prompted to select a group.

2014-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.def, src/vpn.h,
	src/worker-auth.c: Added the default-select-group directive.

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Corrected filename in Makefile.

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, doc/sample.passwd, src/auth/pam.c,
	src/auth/plain.c, src/config.c, src/ipc.proto, src/main.c,
	src/main.h, src/ocserv-args.def, src/sec-mod-auth.c,
	src/sec-mod-auth.h, src/vpn.h, src/worker-auth.c, src/worker.h: 
	Added the select-group and auto-select-group config options.  These options allow to prompt the user for a group prior to login.
	That in addition enhances the password file format and multiple
	groups can be specified on a comma separated list, as:
	user:group1,group2,group3:$5$encodedpassword

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/config.c, src/ocserv-args.def, src/worker-auth.c,
	src/worker-misc.c, src/worker-vpn.c, src/worker.h: The route
	configuration directive accepts the keyword 'default' In that case it will return a default route irrespective of any
	other route directives. That allows overriding existing routes with
	a default route for specific users and groups.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: sample.config: comment out the
	occtl-socket-file.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/cookies.h, src/main-misc.c, src/main.c,
	src/main.h, src/sec-mod-auth.c, src/sec-mod.c, src/sec-mod.h: memory
	reorganization in sec-mod.  It no longer relies on main pool, it uses it's own pool.  In
	addition the DEBUG_LEAKS definition was added to allow debugging
	leaks.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: define HAVE_LIBTALLOC when libtalloc is being used.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main-misc.c, src/main.c, src/main.h,
	src/sec-mod-ban.c, src/sec-mod-db.c, src/sec-mod.c, src/sec-mod.h,
	src/worker-vpn.c, src/worker.h: Clean-up all memory on
	deinitialization of sec-mod and worker.  That will allow to easier spot any unintentional memory leaks.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: corrected issue in talloc detection.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c, src/worker-privs.c: Add the clock_gettime()
	syscall on the list of allowed in seccomp.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/kill-parent.sh, tests/test-iroute,
	tests/test-pass-script: Force full connection after cookie when a
	script is involved.  That is because in the new design of ocserv, the cookie is being
	provided prior to any script being run or evaluated.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/auth/pam.c, src/auth/pam.h, src/auth/plain.h,
	src/main-auth.c, src/main-auth.h, src/main.c, src/sec-mod-auth.c,
	src/sec-mod-auth.h: Renamed main-auth.h.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/group-config.c, src/main-misc.c,
	src/main-sup-config.c, src/main-sup-config.h, src/main.c,
	src/main.h, src/sup-config/file.c, src/sup-config/file.h: 
	Supplementary group/user configuration is now modular.  That will ease the addition of other backends that can be used to
	read the user/group configuration. The only backend supported now is
	file.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/group-config.c: use safe_memset() when overwritting the group
	configuration

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: cleanup the inclusion of protobuf sources.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/sec-mod-auth.c: Added sanity checks in state transitions.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* : Updated authentication state and design figures.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/auth/pam.c, src/auth/pam.h,
	src/auth/plain.c, src/auth/plain.h, src/main-auth.c,
	src/main-misc.c, src/main.c, src/pam.c, src/pam.h, src/plain.c,
	src/plain.h, src/sec-mod-auth.c: Authentication modules were moved
	to subdirectory auth/

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/main-misc.c,
	src/ocserv-args.def, src/vpn.h: Added default-user-config and
	default-group-config configuration options.  These allow setting a configuration file that will be loaded if a
	user-specific or group-specific configuration file isn't found.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/sec-mod-auth.c, src/vpn.h: 
	Allow for random and for predictable IP assignment.

2014-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO, src/Makefile.am, src/common.c, src/cookies.c,
	src/cookies.h, src/ip-lease.c, src/ipc.proto, src/main-auth.c,
	src/main-ctl-dbus.c, src/main-ctl-unix.c, src/main-misc.c,
	src/main.c, src/main.h, src/sec-mod-auth.c, src/sec-mod-ban.c,
	src/sec-mod-db.c, src/sec-mod.c, src/sec-mod.h, src/system.c,
	src/tlslib.c, src/vpn.h, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: Password authentication is now delegated to sec-mod.  That prevents any memory from the authentication modules to be
	leaked to a worker process. As a result, the status zombie and dead
	no longer exists.

2014-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: include malloc.h when needed.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/main.c, src/main.h: Corrected the removal of
	socket files in chrooted environment.  In addition remove the occtl_socket_file.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/main.h: eliminate the need for a worker_pool
	variable in main_server_st.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/group-config.c, src/ipc.proto, src/main-auth.c,
	src/ocserv-args.def, src/vpn.h, src/worker-auth.c: Added no-udp
	group configuration option.  That options allows disabling UDP for specific users or groups.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pam.c: corrected PAM module and its usage of malloc.

2014-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/sec-mod.c, src/system.c: Allow the main process to
	connect to sec-module.  That allows gnutls' to verify the key validity during
	initialization.

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated sample.config

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-unix.c, src/occtl.c: occtl: propagate error codes on
	error conditions.

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ctl.h, src/main-ctl-unix.c, src/occtl-args.def,
	src/occtl-dbus.c, src/occtl-unix.c, src/occtl.c, src/occtl.h,
	src/ocserv-args.def, src/vpn.h: Allow modifying the default occtl
	socket file.

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: use safe_memset() when overwriting the TLS cache
	entries.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-dbus.c, src/occtl-unix.c, src/occtl.h: use common
	definition for date-time format.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ctl.proto, src/main-ctl-unix.c, src/main.c, src/main.h,
	src/occtl-unix.c: status cmd will report the server uptime

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Added missing files.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use safe_memset() where needed.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h, src/plain.c: Use a static buffer to read the
	password file entries from.  That allows easier overwrite of the parameters read.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: do not separately allocate buffer,
	but place it instead into worker structure.

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: corrected function prototype.

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/main.c: use malloc_trim() to return memory to OS
	after fork().

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/occtl-cache.c, src/occtl-unix.c,
	src/occtl.c, src/occtl.h: Fixes in talloc usage in occtl in
	combination with readline.

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: better interplay between use-dbus and use-occtl.

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: When deinitializing the IP-leases table disable
	the lease destructor.

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile, tests/full-test: updated docker
	test.

2014-05-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/common.c, src/common.h,
	src/config.c, src/group-config.c, src/html.c, src/html.h,
	src/ip-lease.c, src/ip-lease.h, src/main-auth.c, src/main-auth.h,
	src/main-ctl-dbus.c, src/main-ctl-unix.c, src/main-misc.c,
	src/main-resume.c, src/main.c, src/main.h, src/occtl-cache.c,
	src/occtl-dbus.c, src/occtl-unix.c, src/occtl.c, src/occtl.h,
	src/pam.c, src/plain.c, src/script-list.h, src/str.c, src/str.h,
	src/tlslib.c, src/tlslib.h, src/worker-auth.c, src/worker-resume.c,
	src/worker-vpn.c, src/worker.h: Use talloc() for all allocations to
	reduce the possibility of memory leaks.

2014-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2014-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/config.c, src/main-ctl-unix.c, src/ocserv-args.def,
	src/vpn.h: Support for the unix socket is now configurable.

2014-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Added configure option --without-pam

2014-05-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, configure.ac, src/Makefile.am, src/common.c,
	src/config.c, src/ctl.h, src/ctl.proto, src/main-ctl-dbus.c,
	src/main-ctl-handler.c, src/main-ctl-unix.c, src/main-ctl.h,
	src/main.c, src/main.h, src/occtl-dbus.c, src/occtl-unix.c,
	src/occtl.c, src/occtl.h, src/sec-mod.c, src/system.c, src/system.h: 
	Added support for unix sockets for the occtl communication.  D-BUS support is left, but is not enabled by default.

2014-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/ccan/compiler/compiler.h,
	src/ccan/talloc/talloc.c, src/ccan/talloc/talloc.h,
	src/ccan/typesafe_cb/typesafe_cb.h: Added talloc.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.h, src/worker-vpn.c: Use exit_worker() or gnutls fatal
	errors instead of plain exit().  That solves issue with stats not being reported to the main process.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/scripts/ocserv-script, src/main-user.c,
	src/ocserv-args.def: Added the STATS_DURATION script environment
	variable.  This variable reports the duration of the session in seconds.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: sample config update

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: name the cli stats packet.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Resumed sessions are assigned the correct
	auth_state.

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.3.4

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: initialize values to avoid compiler warnings.

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/worker-misc.c: check for posix_memalign
	presence.

2014-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2014-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/scripts/ocserv-script: updated example script to account for
	STATS_BYTES variables.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/docker-ocserv/Dockerfile, tests/docker-ocserv/Makefile.am,
	tests/docker-ocserv/myscript, tests/docker-ocserv/ocserv.conf,
	tests/full-test: Test whether the statistics are exported to
	disconnect script.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO, src/ipc.proto, src/main-misc.c, src/main-user.c,
	src/main.h, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c,
	src/worker.h: Export TUN device statistics from the worker process.  When a worker process terminates in authenticated state, then export
	statistics from the tun device (currently bytes_in and bytes_out).
	These statistics are sent to main process using an informational
	message just prior to process exit. The statistics are also exported
	to the disconnect script using the STATS_BYTES_IN and
	STATS_BYTES_OUT environment variables.

2014-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-misc.c: Active session timeout was reduced to 30 secs.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-misc.c: corrected sigstack permissions.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: Avoid running test if our conditions are not met.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/system.c, src/worker-misc.c, src/worker-vpn.c,
	src/worker.h: Setup an alternative stack for signals on heap.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: Allow the worker signal handlers to operate
	under seccomp.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: Added sigprocmask to the list of seccomp
	allowed calls.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main.c, src/worker-misc.c: When receiving
	unexpected UDP packets, check if they match a known IP and forward
	them.  This will not work for many clients that come from a single IP but
	will work-around issues, when clients are behind a NAT that keeps
	their UDP port state for shorter time than DPD.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: changed the default DPD
	time to 90 seconds, to prevent UDP port from changing in several
	NATs.

2014-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: When a DTLS hello message is received, print the
	source address.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-cache.c, src/occtl-nl.c, src/occtl-pager.c,
	src/occtl.c, src/ocpasswd.c, src/pam.c, src/plain.c,
	src/route-add.c, src/sec-mod.c, src/setproctitle.c, src/str.c,
	src/system.c, src/tlslib.c, src/tun.c, src/worker-auth.c,
	src/worker-bandwidth.c, src/worker-extras.c, src/worker-misc.c,
	src/worker-privs.c, src/worker-resume.c, src/worker-vpn.c: corrected
	program name in license

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: Added note on enable-local-libopts for full-test

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/full-test: Modified full test for debian.

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, tests/Makefile.am, tests/docker-ocserv/Dockerfile,
	tests/docker-ocserv/Makefile.am, tests/docker-ocserv/cert.pem,
	tests/docker-ocserv/key.pem, tests/docker-ocserv/ocserv.conf,
	tests/docker-ocserv/passwd, tests/full-test: Added a full test
	between openconnect and ocserv based on docker.  That allows testing the establishment of a connection plus the
	transferring of packets.

2014-04-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, src/main-misc.c, src/main.h: Revert "Delay the
	cleanup of resources of a worker if a disconnect script is set." This reverts commit 7e0ee385c202807f7fb798564063c7c9a5fcfbb4.

2014-04-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-04-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/tlslib.c, src/tlslib.h: renamed function names for
	clarity.

2014-04-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/connect-script: do not require the device to be present in
	the connect script.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/worker-vpn.c: Do not use renegotiation in old
	clients.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: Revert "When a disconnect script is set, the main
	process will close the tun device on client exit." This reverts commit e50051b435ca54e6d7eac558e37b814d17fcb97e.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/ocpasswd.c, src/sec-mod.c, src/tlslib.c,
	src/worker-vpn.c: Corrected several coverity uncovered bugs.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c: use list_for_each_safe() when
	disconnecting a user.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: check the return value of socket()

2014-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/group-config.c, src/main-misc.c: Simplified group
	configuration file loading.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Correctly close tun lease descriptors prior to running
	worker.  That is, properly initialize them to -1, to avoid deinitializing an
	unrelated descriptor.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: corrected ipv6 netmask assignment.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Revert "close tun lease descriptors prior to running
	worker" This reverts commit 9496819a33d256d5bcf1588cbd1081a016a0ff15.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: correctly print message for no-ip.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: Avoid assigning broadcast address as either lip or
	rip.

2014-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/main-misc.c, src/occtl.c: send ID as
	signed integer over dbus.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: close tun lease descriptors prior to running worker

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c, src/main-misc.c, src/main.h: Delay the cleanup of
	resources of a worker if a disconnect script is set.  In that case use the intermediate state PS_AUTH_DEAD to delay the
	release of resources for few seconds. That would allow the
	disconnect script to gather any required statistics from the device,
	IPs etc.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/connect-script, tests/test-pass-script,
	tests/test-pass-script.config: Test whether the connect and
	disconnect scripts have been called.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/main-auth.c, src/main-misc.c, src/main.h,
	src/ocserv-args.def: The tun device will be closed only after the
	disconnect script has been called.  This allows gathering statistics from it. In addition, changed
	behavior of script calling, and now will always contain the IP
	information.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: When a disconnect script is set, the main process
	will close the tun device on client exit.  That allows the disconnect script to gather statistics from the
	client session.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: document new behavior in calling disconnect
	script.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main-user.c, src/ocserv-args.def: Execute
	disconnect script for user that their IP was hijacked by a cookie
	reconnection This will prevent having the script be called to initiate
	connections that are never disconnected. This patch also introduces
	IPV6_LOCAL and IPV6_REMOTE script environment variables that allow
	passing both addresses in case both IPv4 and IPv6 are assigned.

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: released 0.3.3

2014-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h: renamed function for consistency

2014-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: Revert "Try to read
	more than a single packet from the TUN device." This reverts commit 019126abfd5603971cc208b404ef8b2ee1980ccd.

2014-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/worker-vpn.c: Revert "corrected DTLS data
	sending." This reverts commit 374f8d52a90708f8bfe58f11d1313c8af843c794.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/worker-vpn.c: corrected DTLS data sending.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: Revert "check sockets for writability and use
	that information to discard packets rather than block." This reverts commit 449302afe2960dcf0f2edd717863c8be00f89b12.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: Try to read more
	than a single packet from the TUN device.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: check sockets for writability and use that
	information to discard packets rather than block.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: refactored worker main loop

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: corrected name of crl template

2014-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: updated comments

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-cert: better message

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/common.sh, tests/test-cert, tests/test3.config: Added test
	for CRL file support.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c, src/ocserv-args.def, src/tlslib.c, src/tlslib.h: 
	Updates in CRL handling.  Ensure reload on SIGHUP, and do print an appropriate error when an
	empty CRL file is encountered.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/setproctitle.c: avoid a totally empty function body.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c: small code improvements

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c: properly copy the username from a certificate

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/common.sh, tests/test-cert, tests/test-iroute,
	tests/test-multi-cookie, tests/test-pam, tests/test-pass,
	tests/test-pass-cert, tests/test-pass-script: simplified and
	corrected test execution

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-pass-cert,
	tests/test-user-cert.config, tests/test2.config,
	tests/user-cert-wrong.pem: Added check for connection with incorrect
	certificate

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* LICENSE: explicitly specify GPLv2+ (or later) in LICENSE.

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/route-add.c: Added sys/wait.h for WEXITSTATUS

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c, src/route-add.c: Added limits.h for
	POSIX_PATH_MAX

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c, src/main-misc.c, src/worker-misc.c: Added sys/uio.h

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: Added LIBGNUTLS_CFLAGS to ocserv's CFLAGS

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c: more verbose log message

2014-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: notify the peer when disabling the DTLS channel
	with a close alert.

2014-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: more cleanups in MTU calculation

2014-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: removed cast as it is not available on every readline
	version.

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: Use the Base-MTU for MTU
	calculations.

2014-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/route-add.c, src/str.c, src/str.h: removed unused functions

2014-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/setproctitle.c: doc update

2014-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* : Added diagram with authentication state machine.

2014-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: Do not set the
	output-buffer in the default configuration.

2014-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pam.c: updated comment

2014-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: The IP don't fragment bit is only set if
	try-mtu-discovery is true.

2014-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: better naming of variables.

2014-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: dropped support for Salsa20 and UMAC.  They are not supported by openconnect and the latest IETF drafts use
	Chacha20 with poly1305.

2014-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-vpn.c, src/worker.h: No longer send IPv6
	information to CISCO clients that may not be able to handle it.  Now IPv6 information is only forwarded if the client is openconnect,
	or if the client is unknown and has advertised full IPv6 support.

2014-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/ocserv-args.def: doc update

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: when printing link-local addresses do not include the
	zone info.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: fixed formatting of news

2014-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/http-parser/http_parser.c, src/http-parser/http_parser.h: 
	Updated the included http-parser

2014-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: Print a compact version of the DTLS ciphersuite.

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: Allow TUN_MTU command only in authenticated state

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: simplified handle_auth_res()

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.h, src/worker-vpn.c: Do not block in TLS and DTLS reads This prevents an issue where a client disconnects but the server is
	blocked on a DTLS read without being able to detect the
	disconnection.

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: check return value of tls_send()

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c, src/occtl.c: move bytes2human in occtl.c to allow
	compilation without libnl

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/occtl-nl.c, src/occtl.c, src/occtl.h: 
	provide the bandwidth limit through d-bus

2014-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2014-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/group-config.c, src/main-ctl-handler.c, src/occtl.c: 
	occtl will print the user's dns, nbns, routes, and iroutes.

2014-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: Warn when setting a default route the wrong way.

2014-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2014-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2014-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* INSTALL, configure.ac: Added options to explicitly disable
	checking for certain libraries

2014-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use remove_proc() instead of user_disconnected() when
	killing children.

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated sample

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Added the rekey-method config option.

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use RND_RANDOM for the generation of SID

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/vpn.h: when mobile-dpd and mobile-idle-timeout
	are not set, they get values from their non-mobile counterpart.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Added the mobile-idle-timeout config option.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pam.c: better messages from pam authentication module

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/plain.c: only print an authentication failure message if the
	maximum tries have been reached

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: send disconnect packet instead of server
	terminate when disconnecting a user.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c,
	src/worker.h: Implemented Idle timeout.  When set, a client that does not have any non-control traffic for
	that period is getting disconnected.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/vpn.h: modified priorities

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: added debug message in remove_proc

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h: Do not allow DPD to
	be disabled.  Doing so would prevent the server from dropping inactive
	connections. If the dpd values are not configured, set some
	reasonable defaults.

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config: doc update

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c,
	src/worker.h: Added the mobile-dpd configuration option.  This option allows setting a different DPD value for mobile clients
	to allow them going to sleep for longer time.

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/log.c, src/main.c, src/ocserv-args.def,
	src/tlslib.c, src/vpn.h, src/worker-vpn.c: Simplified debugging by
	allowing multiple levels.  'ocserv -d' now accepts a numeric option from 0 (no debugging) to 9
	(maximum verbosity).

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: better log names.

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, TODO: doc update

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: Added profile.xml to the distributed files

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-args.def: Added 'See Also' section in occtl.8

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: better wording

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-auth.c, src/main-ctl-handler.c,
	src/main-misc.c, src/main.c, src/main.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: simplified handling of CISCO
	reconnecting clients.  Instead of having a client use the initial SID over and over, re-set
	the SID cookie, during authentication when needed. That way we avoid
	having expensive checks to ensure uniqueness of SID.

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c: eliminated double [m]

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c: Indicate the main process in message logging, to
	distinguish from worker messages.

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c, src/plain.c: Better messages in password asking.

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: Allow a number of retries in plain password
	authentication.

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: set output buffer based on DTLS MTU, and ensure
	a minimum value

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: distribute test-stress

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.3.1

2014-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: check for auth context presence when locating a
	previous session

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: removed the periodic printing of TCP MSS

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: corrected typo

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: added example of IPv6 route

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/group-config.c: print errors when an invalid
	IPv6 prefix is found.

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/group-config.c, src/ipc.proto, src/main-auth.c,
	src/main-misc.c, src/vpn.h, src/worker-auth.c, src/worker-misc.c,
	src/worker-vpn.c, src/worker.h: Added support for the "new" type of
	IP6 support in AnyConnect.  If the client sends "X-CSTP-Full-IPv6-Capability: true", then we use
	     the headers: X-CSTP-Address-IP6: 2001:db8:1000:1000::1/64      X-CSTP-Split-Include-IP6: 2001:db8:1000:1001::/64      X-CSTP-Split-Include-IP6: 2001:db8:1000:1002::/64 (see corresponding openconnect change)

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: corrected typo

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/main.c: eliminate small leak

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/common.sh, tests/test-stress, tests/test-stress.config,
	tests/test1.passwd: Added stress test

2014-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: Do not enforce safe negotiation on the main TLS
	channel.  This is only set when in CISCO compatibility mode, as CISCO clients
	come from the past.

2014-02-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/plain.c: simplified type usage

2014-02-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/plain.c: switch to strtok_r() and other small fixes.

2014-02-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: when a user is rejected due to multiple
	connections set an appropriate status.

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: set a reasonable default rekey time

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: sample.conf update

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: removed exclamation mark

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: DTLS rekey time and method was aligned with
	CSTP.

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: Allow rehandshakes on the DTLS
	channel.

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Rekey time is now configurable and can be disabled.

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: removed unused label

2014-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: when the tcp channel is terminated attempt to
	close the DTLS channel as well.

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2014-02-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c: Use brackets in DEL macro

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-privs.c: seccomp will make the forbidden system
	calls to return an error.

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: reduced the number of allowed ioctl() to the
	ones used.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/ocserv-args.def: doc update

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Added the split-dns config option.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: 
	Added configuration option to send custom headers to client.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/group-config.c,
	src/ipc.proto, src/main-auth.c, src/main-misc.c,
	src/ocserv-args.def, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c, src/worker-vpn.c, src/worker.h,
	tests/test-iroute.config, tests/test-multi-cookie.config,
	tests/test-pam.config, tests/test-pass-script.config,
	tests/test1.config, tests/test2.config, tests/test3.config: Added
	support for multiple DNS and NBNS servers.  This patch also combines ipv4-dns and ipv6-dns options that are now
	handled as aliases to dns.  A side-effect of this patch is that the local keyword is no longer
	supported.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: Added untested code to set an IPv6 on FreeBSD.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: separated linux-specific code to allow easier
	portability fixes.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c, src/ip-lease.h, src/tun.c: on systems without IPv6
	support remove the IPv6 lease.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: if the loading of default config in the new location
	fails, try the old default file.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: use linux/types.h for __u32

2014-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/common.c, src/config.c, src/ipc.proto,
	src/log.c, src/main-auth.c, src/vpn.h, src/worker-auth.c,
	src/worker-misc.c, src/worker-tun.c, src/worker-vpn.c, src/worker.h: 
	The worker process receives the client's IPs from the main process.  That eliminates the need to read the IP address from the tun device
	(which can be quite tricky to implement in a clean portable way).

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: remove socket and pid files prior to waiting for kill.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c: Get real-time netlink information rather than
	using the cache.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c: updated netlink handling.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.def, src/ocpasswd.c: better error messages

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd.c: When not reading from a tty use getline().

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: use etc/ocserv as config directory

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocpasswd.c: Set a default password file if one
	is not specified in ocpasswd.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: ensure that our MTU discovery will not try an
	MTU smaller than the minimum.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: Take into account peer's MTU
	values after considering the overhead.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config: change default ipv6 to link-local

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: set IFF_RUNNING and fail if tun interfaces cannot be
	brought up.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-tun.c: 'guess' DST address in IPv6 links

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-tun.c: Corrected auto-detection of the address.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: simpler handling of IPv6 assignment

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/icmp-ping.c, src/icmp-ping.h: Revert "ping a single host in
	IPv6" This reverts commit b7a4a098a30390f2549be66deda513b6e2c05875.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: Revert "Lease a single IPv6." This reverts commit a3889c9053607bccde126e34bcef381c64e6e412.

2014-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/occtl.c: Revert "The D-BUS protocol
	transfers only a single IPv6." This reverts commit 1f08ebc70ad54ceadd565e03704db2d76c7b9278.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c: The D-BUS protocol transfers
	only a single IPv6.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: Lease a single IPv6.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c, src/icmp-ping.h: ping a single host in IPv6

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tun.c: Set both IPv4 and IPv6 addresses in Linux.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/vpn.h, src/worker-tun.c: corrected reading of IP addresses.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-tun.c: Use getifaddrs() to obtain the IPs of the tun
	device.  This is a waste of resources but it seems there is no other easy way
	to obtain to IPv6 address of a tun device.

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: use ffff instead of FFFF for IPv6 masks

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: doc update

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c, src/tun.c: Cleanups in IPv6 handling.

2014-01-29  Thomas Glanzmann <thomas@glanzmann.de>

	* doc/profile.xml: Allow Remote Desktop Users to establish
	AnyConnect connections Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: reduced log level

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: only install DBUS and systemd files if they don't
	exist.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/systemd/ocserv.service,
	doc/systemd/ocserv.socket,
	doc/systemd/socket-activated/ocserv.service,
	doc/systemd/socket-activated/ocserv.socket,
	doc/systemd/standalone/ocserv.service: Added two versions of systemd
	socket files, a standalone and a socket activate.  From the standalone is installed by default.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, doc/Makefile.am,
	doc/dbus/org.infradead.ocserv.service: No need to install the dbus
	service file.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: safer decoding of cookies.

2014-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: print info when a UDP connection is rejected due to
	time.

2014-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2014-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: print message when a SID cannot be decoded.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: IP -> Remote IP

2014-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd.c: only ask to verify password in interactive mode

2014-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-iroute.config, tests/test-multi-cookie.config,
	tests/test-pam.config, tests/test-pass-script.config,
	tests/test1.config, tests/test2.config, tests/test3.config: updated
	config files

2014-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed pre0

2014-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: indented file

2014-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/sec-mod.c: Added support for getpeereid

2014-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, README, src/worker-privs.c: updated seccomp rules.

2014-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: Do not rehandshake on the DTLS
	channel.

2014-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: better detect original readline

2014-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c, src/worker.h: protect the server from multiple
	rehandshakes.

2014-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tlslib.c, src/worker-vpn.c: when the client requests a
	rehandshake accept there request.

2014-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/occtl.c: When libreadline isn't
	available try editline.

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: better checking for readline

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am,
	src/google/protobuf-c/protobuf-c.c,
	src/google/protobuf-c/protobuf-c.h,
	src/protobuf/google/protobuf-c/protobuf-c.c,
	src/protobuf/google/protobuf-c/protobuf-c.h: Changes to avoid the
	embedded protobuf files being included when not needed.

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c, src/occtl.c: code cleanup

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: do not duplicate technical info

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README, configure.ac, src/Makefile.am,
	src/google/protobuf-c/protobuf-c.c,
	src/google/protobuf-c/protobuf-c.h: protocolbuf-c was made an
	optional dependency.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: more reasonable line wrapping

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: better order of options

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/base64.c, gl/base64.h, gl/gettimeofday.c,
	gl/m4/absolute-header.m4, gl/m4/base64.m4, gl/m4/gettimeofday.m4,
	gl/m4/sys_socket_h.m4, gl/m4/sys_time_h.m4, gl/sys_time.in.h: Added
	gnulib's missing files

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: simplified ciphersuite selection
	method and select ciphers based on server's desire.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h, src/vpn.h, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: better definition names.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: increased minimum maintainance time, and decreased log
	level of maintainance message.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath, build-aux/snippet/arg-nonnull.h,
	build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
	gl/Makefile.am, gl/c-ctype.c, gl/c-ctype.h, gl/c-strcase.h,
	gl/c-strcasecmp.c, gl/c-strncasecmp.c, gl/cloexec.c, gl/cloexec.h,
	gl/close.c, gl/dup2.c, gl/errno.in.h, gl/fcntl.c, gl/fcntl.in.h,
	gl/fd-hook.c, gl/fd-hook.h, gl/fseek.c, gl/fseeko.c, gl/fstat.c,
	gl/getdelim.c, gl/getdtablesize.c, gl/getline.c, gl/getpass.c,
	gl/getpass.h, gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/close.m4,
	gl/m4/dup2.m4, gl/m4/errno_h.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl.m4,
	gl/m4/fcntl_h.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fstat.m4,
	gl/m4/getdelim.m4, gl/m4/getdtablesize.m4, gl/m4/getline.m4,
	gl/m4/getpass.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/include_next.m4,
	gl/m4/largefile.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
	gl/m4/lib-prefix.m4, gl/m4/longlong.m4, gl/m4/lseek.m4,
	gl/m4/malloc.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4,
	gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/multiarch.m4, gl/m4/off_t.m4, gl/m4/realloc.m4,
	gl/m4/ssize_t.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
	gl/m4/strdup.m4, gl/m4/string_h.m4, gl/m4/sys_stat_h.m4,
	gl/m4/sys_types_h.m4, gl/m4/time_h.m4, gl/m4/unistd_h.m4,
	gl/m4/warn-on-use.m4, gl/m4/wchar_t.m4, gl/malloc.c, gl/memchr.c,
	gl/memmem.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h,
	gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/realloc.c,
	gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
	gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h, gl/strdup.c,
	gl/string.in.h, gl/sys_stat.in.h, gl/sys_types.in.h, gl/time.in.h,
	gl/unistd.in.h: updated gnulib

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/worker-misc.c: on unknown messages print the
	number of the message when cmd_request_to_str() is used.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c: evened out the level of some
	debug messages.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main-auth.c, src/main-resume.c, src/main.h: 
	mslog_hex() will allow printing values encoded in base64.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: better debug messge

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main.c, src/main.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: Use base64 to encode Cookies. That
	reduces the size of the cookie.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/main-misc.c, src/main.h: Added proc_st
	status PS_AUTH_FAILED to prevent users that failed authentication to
	leave a zombie proc_st.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use pselect() in worker process as well.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: better message when cannot reach server.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c: main-ctl-handler.c when disconnecting IDs and ID==-1 then continue looping until all
	zombies have been cleaned up.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: list users -> show users

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: remove zombie proc_st when its state has been
	'stolen'

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: reduce maintainance time to remove zombie processes
	sooner.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: when taking the state of a proc_st set its status
	to zombie.

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c: do not give information on zombie
	processes

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c, src/occtl-time.c, src/occtl.c: info printing
	updates

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: updated copyright date

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: updated authors

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-auth.c, src/main.c, src/main.h,
	src/vpn.h, src/worker-auth.c, src/worker-vpn.c, src/worker.h: 
	instead of using the TLS session ID as session identifier prior to
	authentication use the webvpncontext cookie.

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c: send auth reply failure when
	needed.

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto: Added sketch of authentication protocol between
	main and worker.

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/common.c, src/cookies.c, src/ipc.proto,
	src/main-auth.c, src/main-ctl-handler.c, src/main-misc.c,
	src/main-resume.c, src/main.c, src/main.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c, src/worker.h: enabling
	cisco-client-compat allows 'stealing' of processes.  This change puts a proc_st that its client has terminated to a
	"zombie" state. That state will allow a client that connects later
	using the same TLS session ID to reclaim it. That way clients that
	try to authenticate by sending their credentials in different
	sessions can still authenticate with ocserv. That however puts more
	trust to worker processes (as the main process has no way of telling
	whether a TLS session is certainly resumed).

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-auth.c, src/ocserv-args.def, src/tlslib.c,
	src/vpn.h, src/worker-auth.c: replace always-require-cert with
	cisco-client-compat.

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: added missing dependency

2014-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: documented all dependencies

2014-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure info update

2014-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl-nl.c: corrected prototype

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c: send empty array instead of nothing when a
	user or ID aren't found.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: print correct error when a user or ID are not found

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/occtl-nl.c, src/occtl.c,
	src/occtl.h: Added function to print network interface statistics.

2014-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: free the output of gnutls_session_get_desc

2014-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c, src/ocserv-args.def: export ID env variable

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h: print file name instead of function name

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/main-misc.c, src/main.h,
	src/worker-auth.c, src/worker-resume.c, src/worker.h: print textual
	name of messages exchanged.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.proto, src/main-ctl-handler.c, src/main-misc.c,
	src/main.h, src/occtl.c, src/vpn.h, src/worker-vpn.c, src/worker.h: 
	Store User-Agent information and send to occtl.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: unset needs_compact_auth if client changes its
	mind.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: use a common version message.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: use config-auth header in success message

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: removed vpn-client-pkg-version which didn't
	seem to affect anything.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: combined CSCOT URLs

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: Replaced the
	username cookie with a compact auth option.  That option performs authentication of username, password in a
	single go for clients that request Connection: Close.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: use config-auth XML format.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: corrected size calculation for CONFIG_MSG

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker.h: report the file name plus line instead of function
	name.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-auth.c: Indicate properly
	the status of TLS authentication when a client has reconnected.

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-auth.c, src/worker-vpn.c: updated
	copyrights

2014-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/html.c, src/html.h, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: Allow a client to reconnect and continue
	authentication.  That allows clients like CISCO anyconnect to resume authentication
	in a different session by keeping the username in a cookie. That
	works only when a single password is used.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Advertize a very low version of client.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: stricter check of acceptable states.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: more debug messages and be more strict when
	cannot read the password.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/html.c, src/worker-auth.c: Added more debugging messages.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c, src/vpn.h: increased maximum name size of DTLS cipher
	and other occtl cleanups.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main-ctl-handler.c, src/vpn.h: Added human_addr2()
	which will display port number only when requested.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: reduced space for IPs

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: corrected reporting of VPN IP addresses.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: better reporting of ciphersuite and group name.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: corrected default pager behavior

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h, src/vpn.h: increased sizes for ciphersuite name, and
	decreased maximum size for the DTLS ciphersuite (as we use openssl's
	short names)

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: removed dbus_message_iter_has_next() as it behaves
	differently on different versions.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c: more debugging info

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: ignore sigpipe and print (none) when no group is
	available.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/occtl-pager.c: Added configure option to specify
	the default pager for occtl.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main-user.c, src/worker-auth.c: Better error
	checking and cleaned up support for scripts.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: make sure that recvmsg() will continue after signal

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: use TUNSETPERSIST

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: systemd file installation is optional

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: corrected args file generation

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: combined EXTRA_DIST

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, configure.ac, src/main.c: use pselect only when available.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing file

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: Added SEE ALSO man section.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-ctl-handler.c, src/ocpasswd-args.def,
	src/ocserv-args.def: updated copyright notices

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, src/Makefile.am, src/occtl-args.def,
	src/occtl-cache.c, src/occtl-pager.c, src/occtl-time.c, src/occtl.c: 
	Added occtl.8

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: removed CISCO example policy

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: when used non-interactively return error codes to
	shell on failure.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: display proper error when server sends no reply on
	D-BUS.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in: removed auto-generated file

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/ocserv-args.def: Added more conservative
	priority strings.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/occtl-cache.c, src/occtl.c, src/occtl.h: Add
	usernames and session IDs to readline cache.  This allows auto-completion to show user, and show id, after list
	users is executed.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c: shorter names for states

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c, src/worker-vpn.c: The
	ciphersuite of the client is transferred from the D-BUS interface.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ipc.proto, src/main-misc.c, src/main.h, src/vpn.h,
	src/worker-vpn.c: worker will send information on the negotiated
	TLS/DTLS ciphersuites to main.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/occtl-pager.c: do not start pager when not on a
	tty.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: updated commands and descriptions.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: print the license in the interactive client.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/main-ctl-handler.c,
	src/ocserv-args.def, src/vpn.h: Added configuration option use-dbus
	to allow disabling D-BUS usage.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: unblock signals in children.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main-ctl-handler.c, src/main.c, src/main.h,
	src/tlslib.c, src/tlslib.h: Try to release as much memory as
	possible to be able to detect real memory leaks.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main-misc.c: eliminated memory leaks

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: block signals on the proper time.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: use c_strncasecmp() and c_strcasecmp() for matching.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl-time.c: doc update

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/occtl-time.c, src/occtl.c, src/occtl.h: print
	the connection time in a compact way

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: print brackets in IPs only when needed (IPv6+port)

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c: Added commands to obtain
	information on a user or an ID.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/occtl-pager.c, src/occtl.c, src/occtl.h: Use
	pager in list users command.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/main.c, src/main.h, src/occtl.c: Added
	reload and 'stop now' D-BUS commands.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: print help when arguments are missing

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: force kill if there are alive children after some time

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: force kill if not every process dies.

2014-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-ctl-handler.c, src/occtl.c: Simplified method handling.

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: SIGINT doesn't terminate occtl

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/occtl.c: better matching of higher level commands, and
	addition of the reset cmd.

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c: remove_proc() calls
	remove_from_script_list().  This will prevent a race in the case where a proc is deleted (i.e.,
	user is disconnected) but a running script terminates afterwards and
	tries to reference the deleted proc.

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: set sockets to non-blocking outside the loop.

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-ctl-handler.c, src/main.c, src/main.h: 
	better names to lists

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac: added subdir-objects

2014-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use pselect() instead of select()

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: terminate on EOF

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/occtl.c: interface improvements in occtl

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, doc/Makefile.am,
	doc/dbus/org.infradead.ocserv.conf,
	doc/dbus/org.infradead.ocserv.service: install D-BUS and systemd
	files.

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/Makefile.am, src/main-ctl-handler.c,
	src/occtl.c: Added occtl a D-BUS client to query and send commands
	to server.

2014-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-misc.c: when disconnecting a user make sure that no race
	conditions exist when killing the process.

2014-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in, configure.ac, src/Makefile.am,
	src/main-ctl-handler.c, src/main.c, src/main.h, src/vpn.h: Added
	support for control commands using D-BUS.

2014-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/log.c: do not print a port number if it is not available

2014-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/main.c: when using systemd socket activation the
	tcp-port option is optional.  Moreover the UDP and TCP ports are "discovered" from the provided
	file descriptors.

2014-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/systemd/ocserv.service,
	doc/systemd/ocserv.socket: Added example systemd socket and service
	files.

2014-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Detect protobuf-c in systems without pkg-config.

2014-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/main.h: store the time a client connected.

2014-01-01  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-vpn.c: Remove unnecessary AnyConnect /2/* files As long as all of our supported OSes are listed under /1/*, the /2/*
	files can be omitted.

2014-01-01  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-vpn.c: Add support for Mac AnyConnect client Populate the 0-byte /1/Darwin_i386 file to prevent the following
	error:     The AnyConnect package on the secure gateway could not be
	    located.  You may be experiencing network connectivity issues.
	    Please try connecting again.  Tested with AnyConnect 3.1.03103.

2014-01-01  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-extras.c: Fix auto-update regression on AnyConnect
	clients If /1/<OS> exists for every valid OS, then the client will never
	even try to request /2/binaries/update.txt.  Instead, it will
	request /1/binaries/update.txt, and then get very confused when the
	response looks like an XML document instead of a version string.

2014-01-01  Kevin Cernekee <cernekee@gmail.com>

	* README: README: Update dependencies

2013-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: set socket options in sockets received by systemd as
	well.

2013-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, config.h.in, configure.ac, src/Makefile.am, src/main.c: 
	Added support for systemd's socket activatable service.

2013-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c, src/worker-vpn.c: Added comments

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, configure.ac, src/Makefile.am, src/common.c,
	src/common.h, src/ipc.h, src/ipc.proto, src/log.c, src/main-auth.c,
	src/main-misc.c, src/main-resume.c, src/main.c, src/main.h,
	src/vpn.h, src/worker-auth.c, src/worker-extras.c,
	src/worker-misc.c, src/worker-resume.c, src/worker-tun.c,
	src/worker-vpn.c, src/worker.h: Converted IPC messaging to
	protocolbuffers-c That adds a dependency on protocolbuffers-c, but simplifies the
	worker-main communication protocol handling.

2013-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed dist-lzip

2013-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: moved length check to correct position

2013-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2013-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: Added text on generating the server
	certificate

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.2.3

2013-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: disabled limits that break the worker

2013-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, src/Makefile.am: generated files added to
	BUILT_SOURCES to fix parallel compilation

2013-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: avoid @AUTOGEN@

2013-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Added newline

2013-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2013-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libopts/m4/libopts.m4: the generation of makefile isn't
	conditional

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: updated

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/ip-lease.c, src/main-auth.c,
	src/main.h: reduced cookie size by only writing down the ipv4 seed.

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cookies.c, src/cookies.h, src/ip-lease.c, src/main-auth.c,
	src/main.h: Augmented cookie format to store the seeds used to
	generate IPv4 and IPv6 addresses.  This ensures that if the IP previously used by a user is free, it
	will be reassigned to him after a reconnection with the same cookie.

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: corrected typo

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: use IPV6_CHECKSUM only when available.

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-tun.c: reorder

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: corrected typo

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: include netinet/ip.h prior to ip_icmp.h to have
	struct ip defined.

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: define ICMP_DEST_UNREACH in systems where it is
	not available

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/icmp-ping.c: corrected typo

2013-12-10  Kevin Cernekee <cernekee@gmail.com>

	* src/main-auth.c: Fix multiple session disconnect when
	max-same-clients is 0 max-same-clients is used to limit the number of outstanding sessions (cookies).  If set to 0, it means an unlimited number of active
	cookies can be owned by each user.  But it doesn't mean that the
	same cookie can be reused for multiple CSTP connections with
	different IPs, as the protocol does not normally work this way.

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: more verbose messages.

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: updated debug messages.

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/config.c, src/group-config.c,
	src/main-misc.c, src/main.c, src/main.h, src/ocserv-args.def,
	src/vpn.h: Added support for cgroups

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/config.c, src/group-config.c: simplified reading the
	net-priority option

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/worker-vpn.c: corrected DPD sending in TLS. Reported by Kevin
	Cernekee.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/group-config.c,
	src/ocserv-args.def, src/vpn.h, src/worker-vpn.c: Allow setting
	directly the IP_TOS from net-priority.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: conditionally use SO_PRIORITY

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: do check the username validity only when a
	certificate is present.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: adjusted severity

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-tun.c, src/worker-vpn.c,
	src/worker.h: simplified setting of additional configuration in the
	worker process

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: corrected typo

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: do not require a certificate when authenticating
	with cookie and always-require-cert is set to false.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/worker-auth.c: Added more verbose logging

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in, configure.ac, src/sec-mod.c: sec-mod ensures that
	requests come from the correct user.

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocserv-args.def: doc update

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/sample.config, src/Makefile.am, src/config.c,
	src/group-config.c, src/main-auth.c, src/main-config.c,
	src/main-misc.c, src/ocserv-args.def, src/vpn.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: Added the net-priority configuration
	option.  That option allows setting the protocol-defined priority (via
	SO_PRIORITY) for the UDP and TCP sockets, per user/group or
	globally.

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main.c: enforce the RLIMIT_FSIZE and RLIMIT_AS

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in, configure.ac, src/icmp-ping.c: use iphdr only when
	available

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: doc update

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: do not return empty usernames

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-pam, tests/test-pam.config: Added
	test-pam (which is only run manually)

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cert, tests/test-iroute, tests/test-iroute.config,
	tests/test-multi-cookie, tests/test-multi-cookie.config,
	tests/test-pass, tests/test-pass-cert, tests/test-pass-script: 
	reduced fragility of the tests

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-iroute: store temp files in a fixed
	dir

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/main-auth.c, src/main-auth.h, src/pam.c, src/plain.c: 
	Allow PAM to update username

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: explicitly initialize module

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: removed newline from log messages

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ip-lease.c: Only add new leases to hash table (and print the
	assigned IPs).

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: print more details on certificate verification
	failure.

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/icmp-ping.c, src/tun.c: 
	Conditionally include system specific headers.

2013-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: if no udp port is set do not bother sending DTLS
	info to client.

2013-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: doc update

2013-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: removed unneeded include

2013-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/main.c: udp-port can now be unset, and
	that will disable listening to UDP.

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* TODO: doc update

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README: doc update

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/main-auth.c, src/main-misc.c, src/main.c, src/script-list.h: 
	initialize values prior to list_for_each() calls, to avoid static
	analysers complaints on garbage values.

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ccan/list/list.h: undefine LIST_HEAD and LIST_HEAD_INIT

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: bumped version

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* config.h.in, configure.ac, src/system.c, src/system.h: Use the
	correct sighandler definition on different systems.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-iroute: use regex for comparison

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/test-multi-cookie,
	tests/test-multi-cookie.config: Added test case for the
	disconnection due to cookie re-use case.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/ip-lease.c, src/main-auth.c, src/main-misc.c,
	src/main.h: When a new connection presents a cookie of an existing
	session the previous session is disconnected.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: fixed issue when compiling with -j

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pam.c: further increase the PAM stack size to allow for more
	complex PAM modules

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ip-lease.c: properly initialize rnd IP to avoid valgrind
	complaints

2013-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated todo

2013-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-30  Kevin Cernekee <cernekee@gmail.com>

	* README: README: Add info on build dependencies

2013-11-30  Kevin Cernekee <cernekee@gmail.com>

	* build-aux/.gitignore: Add build-aux/.gitignore

2013-11-30  Kevin Cernekee <cernekee@gmail.com>

	* build-aux/ar-lib, build-aux/compile, build-aux/depcomp,
	build-aux/install-sh, build-aux/missing, build-aux/test-driver: 
	Remove autogenerated scripts from git repo These get dirtied every time somebody runs autogen.sh.

2013-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-11-30  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-vpn.c: Add X-CSTP-License header for mobile client
	compatibility The Android AnyConnect client passes authentication but refuses to
	establish a VPN link if this header is missing.

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: updated title

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, gl/m4/extern-inline.m4: updated gnulib

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cert, tests/test-iroute, tests/test-iroute.config,
	tests/test-pass, tests/test-pass-cert, tests/test-pass-script,
	tests/test-pass-script.config, tests/test1.config,
	tests/test2.config, tests/test3.config: use different ports per test

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-iroute.config, tests/test-pass-script.config,
	tests/test1.config, tests/test2.config, tests/test3.config: daemon
	group is available in more systems. Use that for testing.

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: updated libopts detection

2013-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2013-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/common.sh: relicensed after all authors agreed.

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use definitions to avoid discrepancies.

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: corrected size of explicit nonce

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: The Salsa20 ciphersuites are used over DTLS 1.2,
	and their names follow the new encoding.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: be more precise in MTU calculation even without
	gnutls_est_record_overhead_size().

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Do not use an MTU that is bigger than the
	originally suggested one. Openconnect doesn't like that.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/worker-vpn.c: Better estimate the record
	overhead.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/log.c, src/main.c,
	src/ocserv-args.def, src/vpn.h, src/worker-auth.c,
	src/worker-extras.c, src/worker-vpn.c: Added the --http-debug option
	to ocserv to avoid printing full HTTP messages to normal debug mode.

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: more changes for the new
	ciphersuites

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Added ciphersuites OC-AES-GCM.

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h: corrected include to http-parser

2013-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-cert, tests/test-iroute, tests/test-pass,
	tests/test-pass-cert, tests/test-pass-script: relicensed files.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/worker-auth.c,
	src/worker-tun.c, src/worker-vpn.c: Check for local http_parser
	library. If found use it instead of the included one.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: test before copy

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac: Distribute the autogen'erated files as
	.bak and enable them only if local libopts is being used.

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: better phrasing.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/ocserv-script: remove usage of wondershaper

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-bandwidth.c, src/worker-bandwidth.h, src/worker-vpn.c: 
	reduce the calls to gettime().

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gettime.h: use CLOCK_REALTIME_COARSE if available.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: update

2013-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: separated auto-generated files into special
	libraries to allow compilation using make -jx, x>1

2013-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* LICENSE: mentioned the libopts license

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: print package version on initialization

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: added the srcdir prefix

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: delete libopts generated files if system libopts is
	being used

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: ensure that auto-generated files will be
	auto-generated during compilation.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: removed no longer relevant item

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/ag-char-map.h, libopts/ao-strs.c, libopts/ao-strs.h,
	libopts/autoopts/options.h, libopts/autoopts/usage-txt.h,
	libopts/compat/compat.h, libopts/compat/strchr.c,
	libopts/configfile.c, libopts/genshell.c, libopts/genshell.h,
	libopts/m4/libopts.m4, libopts/option-value-type.c,
	libopts/option-value-type.h, libopts/option-xat-attribute.c,
	libopts/option-xat-attribute.h, libopts/pgusage.c, libopts/proto.h,
	libopts/streqvcmp.c, libopts/text_mmap.c, libopts/usage.c: updated
	to libopts 5.18.2

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: updated

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/Makefile.am, libopts/ag-char-map.h, libopts/alias.c,
	libopts/ao-strs.c, libopts/ao-strs.h, libopts/autoopts.c,
	libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/project.h, libopts/autoopts/usage-txt.h,
	libopts/compat/pathfind.c, libopts/configfile.c, libopts/enum.c,
	libopts/find.c, libopts/genshell.c, libopts/genshell.h,
	libopts/gettext.h, libopts/init.c, libopts/load.c,
	libopts/m4/libopts.m4, libopts/makeshell.c,
	libopts/option-value-type.c, libopts/option-value-type.h,
	libopts/option-xat-attribute.c, libopts/option-xat-attribute.h,
	libopts/pgusage.c, libopts/proto.h, libopts/putshell.c,
	libopts/restore.c, libopts/save.c, libopts/stack.c,
	libopts/text_mmap.c, libopts/usage.c, libopts/version.c: updated
	libopts to 5.18

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.2.1

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/main-config.c,
	src/ocserv-args.def, src/worker-bandwidth.c, src/worker-bandwidth.h: 
	count bandwidth in kb/sec to avoid overflows on high bandwidth.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.c, src/ocpasswd-args.h, src/ocserv-args.c,
	src/ocserv-args.h: removed auto-generated files.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/ocpasswd.c, src/str.c, src/str.h,
	src/worker-vpn.c: updated code to avoid memory leaks.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/sec-mod.c: do not ignore errors from system calls

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: autogenerate changelog prior to release

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: call setgroups() after setgid() to avoid staying with
	an unexpected group set.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.def: Added pid-file command line
	option, that overrides the configured pid-file.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/ocpasswd-args.c, src/ocpasswd-args.h,
	src/ocserv-args.c, src/ocserv-args.h: reorganized file generation
	and removed auto-generated files.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: increased stack size for PAM coroutines to 64k.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac: link with libopts only if autogen is
	found. This avoids incompatibility issues with different
	autogen/libopts version.

2013-11-05  Mike Miller <mtmiller@ieee.org>

	* Makefile.am, configure.ac, src/Makefile.am: Allow linking with
	system libopts if installed

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am: removed unneeded check for gdbm

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Move ocserv to sbin

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, COPYING, src/common.c, src/common.h, src/config.c,
	src/cookies.c, src/cookies.h, src/gettime.h, src/html.c,
	src/html.h, src/icmp-ping.c, src/icmp-ping.h, src/ip-lease.c,
	src/ip-lease.h, src/ipc.h, src/log.c, src/main-auth.c,
	src/main-auth.h, src/main-config.c, src/main-misc.c,
	src/main-resume.c, src/main-user.c, src/main.c, src/main.h,
	src/ocpasswd.c, src/pam.c, src/pam.h, src/plain.c, src/plain.h,
	src/route-add.c, src/route-add.h, src/script-list.h, src/sec-mod.c,
	src/sec-mod.h, src/setproctitle.c, src/setproctitle.h, src/str.c,
	src/str.h, src/system.c, src/system.h, src/tlslib.c, src/tlslib.h,
	src/tun.c, src/tun.h, src/vpn.h, src/worker-auth.c,
	src/worker-bandwidth.c, src/worker-bandwidth.h,
	src/worker-extras.c, src/worker-misc.c, src/worker-privs.c,
	src/worker-resume.c, src/worker-tun.c, src/worker-vpn.c,
	src/worker.h: updated license information and authors

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, build-aux/config.rpath, config.h.in, configure.ac,
	gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/lib-ld.m4, gl/m4/lib-link.m4, gl/m4/lib-prefix.m4,
	m4/lib-link.m4: Added lib-link.m4 via gnulib.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/Makefile.am, src/config.c, src/gettime.h,
	src/main-auth.c, src/main-config.c, src/main-misc.c,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/str.c, src/str.h, src/vpn.h, src/worker-auth.c,
	src/worker-bandwidth.c, src/worker-bandwidth.h, src/worker-vpn.c,
	src/worker.h: Added directives to allow bandwidth limitation.

2013-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-config.c: do not fail if a configuration file is empty

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: reduced the severity of several messages.

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: more informative message

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: avoid multiple calls to time(0)

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-misc.c: added error message

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-pass-script,
	tests/test-pass-script.config: Added login-test when a connect or
	disconnect script is set.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.2.0

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/worker-auth.c: Avoid calling
	handle_script_exit() twice on user connect.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: return correct error code

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: corrected typo

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-resume.c, src/worker-auth.c, src/worker-resume.c: small
	updates

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c, src/vpn.h: Always terminate the
	worker unless he has already been dead.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.h, src/worker-misc.c: Corrected behavior on error during
	receiving a UDP fd.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/main-misc.c, src/main.c, src/main.h: Avoid forwarding
	the UDP fd within a minute. That is to avoid duplicate messages
	messing the worker session.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ccan/htable/htable.c, src/ip-lease.c, src/main.h,
	src/tlslib.c: updates in hash table usage.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-iroute, tests/test-iroute.config,
	tests/user-config/test: Added test to check the application of user
	routes.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/str.c, src/str.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c, src/worker.h: Avoid many system
	calls when sending serialized data.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.h, src/main-auth.c, src/worker-auth.c: Simplified
	auth_reply transfer from main to worker.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated todo list

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/route-add.c: increased level of spawn errors.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: updated

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: do not try load configuration on empty string
	groups

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: corrected bug

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-misc.c, src/worker-auth.c,
	src/worker-resume.c: Added more debugging information.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/dup2.c, gl/getdtablesize.c, gl/m4/dup2.m4,
	gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
	gl/m4/gnulib-comp.m4, gl/m4/unistd_h.m4, gl/stdio-impl.h,
	gl/stdio.in.h, gl/unistd.in.h: updated gnulib

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-resume.c: small update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: Corrected certificate authentication.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-cert, tests/test-pass,
	tests/test-pass-cert, tests/test3.config: Added test with only a
	certificate.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/main-config.c, src/main-misc.c,
	src/main.c, src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/route-add.c, src/route-add.h, src/tun.c,
	src/vpn.h: Added the 'iroute' directive to allow routes set on
	server.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/route-add.c,
	src/route-add.h, src/vpn.h: Added commands to add and remove a
	route.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-config.c, src/main-misc.c: relocated function

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/common.c, src/common.h,
	src/config.c, src/main-config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h: Added the ipv6-prefix
	configuration option

2013-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/common.c, src/common.h, src/ip-lease.c,
	src/ip-lease.h, src/ipc.h, src/main-auth.c, src/main-config.c,
	src/main-misc.c, src/main-resume.c, src/main-user.c, src/main.c,
	src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tun.c, src/tun.h, src/vpn.h,
	src/worker-auth.c, src/worker-tun.c, src/worker-vpn.c, src/worker.h: 
	Increased the number of directives allowed in group and user
	configurations.

2013-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/Makefile.am, src/common.c,
	src/common.h, src/config.c, src/ipc.h, src/main-auth.c,
	src/main-config.c, src/main-misc.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c, src/worker.h: Allow loading
	additional configuration files per user or per group.  The directives currently allowed are: ipv4/6_dns and route.

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, config.h.in, configure.ac: bumped version

2013-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c: Configuration file parsing was modified to
	allow detecting mispellings of directives and unknown options.

2013-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: 
	Added config options 'mtu' and 'output-buffer'.

2013-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc update

2013-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: Do not wait for
	socket to be ready when sending DTLS data.

2013-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-vpn.c: Reduce limit of output buffer on DTLS
	socket to reduce latency (following similar openconnect change).

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: corrected MTU suggestion when DTLS isn't used

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Suggest a single MTU value instead of two
	distinct for DTLS and CSTP.

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: better calculation of suggested to the peer MTU

2013-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: released 0.1.6

2013-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.def: doc update

2013-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-08-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.c, src/ocpasswd-args.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h: doc update

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/ag-char-map.h: Applied Bruce Korb's fix on unacceptable
	chars.

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/ag-char-map.h: Revert "Ignore non-ascii characters in
	configuration file." This reverts commit f7a938e5d7fd07144062ea64a6ab028cf43bb3e6.

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/ag-char-map.h: Ignore non-ascii characters in
	configuration file.  This is a quick fix for

	http://lists.infradead.org/pipermail/openconnect-devel/2013-July/001126.html

2013-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, src/Makefile.am, src/ocpasswd-args.c,
	src/ocpasswd-args.def, src/ocpasswd-args.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/version.def.in,
	src/version.inc.in: regenerate autogen'ed files when making a
	distribution.

2013-07-21  Mike Miller <mtmiller@ieee.org>

	* tests/test-pass, tests/test-pass-cert: Fix path to common.sh when
	tests run from another directory

2013-07-21  Mike Miller <mtmiller@ieee.org>

	* doc/Makefile.am: Add autogen search path to work when building out
	of the source tree

2013-07-21  Mike Miller <mtmiller@ieee.org>

	* src/ocpasswd-args.c, src/ocpasswd-args.def, src/ocpasswd-args.h: 
	Improve ocpasswd short description, re-run autogen

2013-07-21  Mike Miller <mtmiller@ieee.org>

	* src/main-resume.c, src/main.c, src/main.h: Fix typo maintainance
	-> maintenance

2013-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd.c: Ask the password twice to avoid mistakes.

2013-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.1.5

2013-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: removed debugging

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: use c_strcase in config file parsing

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/html.c: check for errors in sscanf

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, config.h.in, doc/sample.config, doc/sample.passwd,
	gl/Makefile.am, gl/c-ctype.h, gl/c-strcase.h, gl/c-strcasecmp.c,
	gl/c-strncasecmp.c, gl/fseeko.c, gl/m4/extern-inline.m4,
	gl/m4/fseeko.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/msvc-inval.c, src/Makefile.am, src/html.c, src/html.h,
	src/plain.c, src/worker-auth.c, tests/test-pass, tests/test1.passwd: 
	Added decoder for HTML-encoded and URL-encoded passwords and
	usernames.  This prevents special characters from not being recognized. Reported
	by P.H.Vos.  Also updated gnulib and added c-strncasecmp

2013-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-extras.c, src/worker-vpn.c, src/worker.h: Added
	additional handlers for requested files.

2013-07-07  Kevin Cernekee <cernekee@gmail.com>

	* src/worker-extras.c, src/worker-vpn.c, src/worker.h: bypass
	AnyConnect client auto-update mechanism

2013-07-07  Kevin Cernekee <cernekee@gmail.com>

	* src/tlslib.c: add missing GnuTLS version checks around >= v3.2.0
	features

2013-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: use existing files

2013-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/common.sh, tests/test-pass, tests/test-pass-cert: moved
	common tests to common.sh

2013-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test-pass, tests/test-pass-cert,
	tests/test1, tests/test2: renamed scripts and added additional test
	with wrong username.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, build-aux/depcomp, build-aux/test-driver,
	configure.ac, tests/Makefile.am, tests/ca-key.pem, tests/ca.pem,
	tests/common.sh, tests/server-cert.pem, tests/server-key.pem,
	tests/test1, tests/test1.config, tests/test1.passwd, tests/test2,
	tests/test2.config, tests/user-cert.pem, tests/user-key.pem: Added
	test suite that depends on openconnect.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c: common check for user and group match.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.h, src/main-misc.c, src/main.h, src/pam.c: Put a
	limit in the number of allowed authentication requests, and
	increased size of stack for co-routines.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: silence warnings

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/tlslib.c: more fixes

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: automate the clang static check of code.

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: avoid deinitializing garbage

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-user.c: corrected null pointer deferences

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/tun.c: corrected dead assignments

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/cookies.h, src/main-auth.c, src/main-misc.c,
	src/main.h: better function names and parameter order

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: print proper message when changing password in PAM.

2013-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: Allow session resumption database access, and
	allow more graceful cleanup on authentication failure.

2013-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pcl/pcl_config.h: Do not need the multi-threaded version of
	PCL.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.h, src/tun.c, src/tun.h, src/vpn.h: 
	leases belong to users as well. That way IPs are properly re-used.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: cookie-db no longer exists.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: Corrected plain passwd authentication to read group
	name when needed.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/plain.c: properly initialize group name in plain passwd.

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/worker-auth.c, src/worker-vpn.c,
	src/worker.h: allow cookie-only authentication (fixes previously
	introduced bug)

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: disallow mixing multiple username/password
	authentication methods

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/cookies-gdbm.c,
	src/cookies-hash.c, src/cookies.c, src/cookies.h, src/ipc.h,
	src/log.c, src/main-auth.c, src/main-misc.c, src/main.c,
	src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tun.c, src/tun.h, src/vpn.h: Cookies are no
	longer persistent

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: document way to force PFS

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, INSTALL, build-aux/ar-lib, build-aux/compile,
	build-aux/depcomp, build-aux/install-sh, build-aux/missing: updated
	auto-generated scripts.

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: enable ability to change password with PAM

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: removed debugging info

2013-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, config.h.in, configure.ac, src/Makefile.am,
	src/pcl/Makefile.am, src/pcl/pcl.c, src/pcl/pcl.h,
	src/pcl/pcl_config.h, src/pcl/pcl_private.c, src/pcl/pcl_private.h,
	src/pcl/pcl_version.c: Allow compilation without the PCL library

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ipc.h, src/main-auth.c, src/main-auth.h, src/main.h,
	src/pam.c, src/plain.c, src/worker-auth.c: small fixes to avoid
	relying on properly null-terminated strings.

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.h: described authentication process.

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: removed debugging message

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* INSTALL, build-aux/ar-lib, build-aux/compile, build-aux/depcomp,
	build-aux/install-sh, build-aux/missing, doc/sample.config: 
	autogen'ed files update

2013-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/ipc.h, src/main-auth.c,
	src/main-auth.h, src/main-misc.c, src/main.c, src/main.h,
	src/pam.c, src/pam.h, src/plain.c, src/plain.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c, src/worker.h: Advanced auth
	implemented

2013-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Revert "Use the new type of XML" This reverts commit 2163836ad8d3ff5974a69373cfac2d7c2463f2e4.

2013-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Revert "simplified opaque handling" This reverts commit 0af9c45e8c0bca97673f80f63ac73b77f8a23a13.

2013-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: simplified opaque handling

2013-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Use the new type of XML

2013-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/pam.c, src/pam.h: set PAM_RHOST variable
	using the clients's IP.

2013-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* INSTALL, NEWS, build-aux/ar-lib, build-aux/compile,
	build-aux/depcomp, build-aux/install-sh, build-aux/missing,
	configure.ac: bumped version

2013-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-vpn.c: ensure that the actual reads on DTLS are
	at maximum MTU-1.

2013-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: bumped version

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/tlslib.c, src/tlslib.h, src/worker-vpn.c: corrected
	values returned in X-CSTP-MTU and X-DTLS-MTU

2013-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/vpn.h, src/worker-extras.c,
	src/worker-vpn.c, src/worker.h: Removed ability to send binary
	files.

2013-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use X-SALSA20 to avoid any future conflicts

2013-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-extras.c: keep the connection alive

2013-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-extras.c: do not try to send binaries if no path is
	setup

2013-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def, src/worker-extras.c, src/worker-vpn.c,
	src/worker.h: reorganized compatibility layer

2013-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/Makefile.am, src/config.c,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/vpn.h, src/worker-extras.c, src/worker-vpn.c, src/worker.h: 
	Allow downloading raw files from 1/binaries

2013-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: use gnutls_privkey_sign_hash() when available.

2013-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: Check X-CSTP-Address-Type and
	don't send addresses that were not requested.

2013-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: Added gettimeofday in the list of syscalls

2013-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: updated seccomp code

2013-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: more verbose printing of signal deaths

2013-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: simplified seccomp check

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/str.c, src/worker-vpn.c: use strtok() to parse client provided
	string.

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: require gnutls 3.2.1 to enable salsa20

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/m4/libopts.m4: relax check on requirement on headers for
	libopts.

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/gettime.h: Added missing file

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: updated header

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* LICENSE: updated license information

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, src/main-user.c: emulate gettime

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/c-ctype.c, gl/c-ctype.h, gl/cloexec.c,
	gl/cloexec.h, gl/close.c, gl/dup2.c, gl/errno.in.h, gl/fcntl.c,
	gl/fcntl.in.h, gl/fd-hook.c, gl/fd-hook.h, gl/fseek.c, gl/fseeko.c,
	gl/fstat.c, gl/getdelim.c, gl/getdtablesize.c, gl/getline.c,
	gl/getpass.c, gl/getpass.h, gl/gettime.c, gl/gettimeofday.c,
	gl/lseek.c, gl/m4/clock_time.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/gettime.m4, gl/m4/gettimeofday.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/sys_socket_h.m4,
	gl/m4/sys_time_h.m4, gl/m4/timespec.m4, gl/malloc.c, gl/memchr.c,
	gl/memmem.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h,
	gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/realloc.c,
	gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
	gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h, gl/strdup.c,
	gl/string.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/sys_types.in.h, gl/time.in.h, gl/timespec.c, gl/timespec.h,
	gl/unistd.in.h: updated gnulib

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: doc fix

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: do not restrict worker's memory

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: estream ciphersuite was given priority

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: increased priority

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: print DTLS ciphersuite

2013-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, TODO: doc update

2013-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/str.c, src/str.h: added missing files.

2013-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/m4/libopts.m4: configure proceeds if regex library isn't
	found

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: corrected cipher names

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: Allow for a ciphersuite
	negotiation

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: small fixes

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/main.h, src/worker-vpn.c, src/worker.h: 
	reorganized HTTP header reading.

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: corrected typo

2013-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2013-05-16  Faidon Liambotis <paravoid@debian.org>

	* src/worker-privs.c, src/worker-vpn.c: Make seccomp failures
	non-fatal & lower log prio Building a binary with --enable-seccomp and then running it on a <
	3.5 kernel, results in seccomp_load() failing and ocserv's worker
	process aborting. This might be okay-ish for users who ./configure
	&& make install on their own systems but it's obviously non-ideal
	for e.g.  distributions that need to distribute binaries.  Unfortunately there doesn't seem to be a good way (that I could
	find) to check if the running kernel has seccomp -- uname/uts isn't
	a good solution as Ubuntu has backported it to 3.2, custom kernels
	might have CONFIG_SECCOMP=n etc.  So, this makes a tradeoff call and removes the exit_worker() call on
	seccomp failures, lowers the seccomp error logs to LOG_DEBUG from
	LOG_WARNING and the "could not disable system calls" to LOG_INFO
	from LOG_ERR.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-05-16  Faidon Liambotis <paravoid@debian.org>

	* src/worker-privs.c: Workaround libseccomp bug & fix error handling libseccomp has a bug where -EDOM is returned when seccomp_rule_add
	is called for pseudo system calls (i.e. < -99). This was triggered
	by adding the send() system call on my x86_64 machine. The bug seems
	to have been recently (May 7th, 2013) reported and fixed on
	libseccomp upstream but it will take a while to find its way to a
	release and distributions.  Additionally, there was a bug on how libseccomp calls were error
	handled: libseccomp functions don't actually set errno, but set
	errno values in their return value instead. This resulted in the
	seccomp_rule_add call above to print "could not add send to seccomp
	filter: Success".  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: fixed length checks

2013-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: check for children cleanup prior to checking for
	termination.  That allows to quickly terminate after the secmod death is detected.

2013-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated example

2013-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/http-parser/http_parser.c: use gnulib's ctype

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libopts/m4/libopts.m4: do not check for a working libregex if it
	is disabled

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac: bumped version

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: check for setproctitle

2013-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/c-ctype.c, gl/c-ctype.h: added missing files

2013-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : design update

2013-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: 
	Added X-CSTP-Default-Domain option.

2013-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/die.c, src/die.h, src/main-misc.c,
	src/main-resume.c, src/main-user.c, src/main.c, src/sec-mod.c,
	src/system.c, src/system.h, src/worker-vpn.c: Use sigaction() to
	have a consistent behavior across systems for signals.

2013-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated TODO

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, doc/profile.xml, doc/sample.config,
	gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/sys_time.in.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tlslib.c, src/worker-auth.c,
	src/worker-vpn.c: Updates for cisco's client.

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: corrected bug in anyconnect compat

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/icmp-ping.c: verify the ICMP IDs prior to checking response.

2013-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/icmp-ping.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h: Added config file
	option ping-leases.

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd.c: corrected bug which prevented ocpasswd adding more
	than a single user.

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/ocpasswd-args.c, src/ocpasswd-args.def,
	src/ocpasswd-args.h: updated ocpasswd doc

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: make ocpasswd manpage

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocpasswd-args.c, src/ocpasswd-args.def, src/ocpasswd-args.h,
	src/ocpasswd.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: Updated autogen generated files, and added more
	options to ocpasswd.  ocpasswd now accepts the --lock and --unlock options and accepts the
	username as the last argument.

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, libopts/COPYING.gplv3, libopts/COPYING.lgplv3,
	libopts/Makefile.am, libopts/README, libopts/ag-char-map.h,
	libopts/alias.c, libopts/ao-strs.c, libopts/ao-strs.h,
	libopts/autoopts.c, libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/project.h, libopts/autoopts/usage-txt.h,
	libopts/boolean.c, libopts/check.c, libopts/compat/compat.h,
	libopts/compat/pathfind.c, libopts/compat/snprintf.c,
	libopts/compat/strchr.c, libopts/compat/strdup.c,
	libopts/compat/windows-config.h, libopts/configfile.c,
	libopts/cook.c, libopts/enum.c, libopts/env.c, libopts/file.c,
	libopts/find.c, libopts/genshell.c, libopts/genshell.h,
	libopts/gettext.h, libopts/init.c, libopts/libopts.c,
	libopts/load.c, libopts/m4/libopts.m4, libopts/m4/liboptschk.m4,
	libopts/makeshell.c, libopts/nested.c, libopts/numeric.c,
	libopts/option-value-type.c, libopts/option-value-type.h,
	libopts/option-xat-attribute.c, libopts/option-xat-attribute.h,
	libopts/parse-duration.c, libopts/parse-duration.h,
	libopts/pgusage.c, libopts/proto.h, libopts/putshell.c,
	libopts/reset.c, libopts/restore.c, libopts/save.c, libopts/sort.c,
	libopts/stack.c, libopts/streqvcmp.c, libopts/text_mmap.c,
	libopts/time.c, libopts/tokenize.c, libopts/usage.c,
	libopts/version.c: updated libopts

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, config.h.in, configure.ac, src/Makefile.am,
	src/icmp-ping.c, src/icmp-ping.h, src/log.c, src/tun.c, src/vpn.h: 
	Prior to leasing an IPv4 ping it to check if it is already in use.

2013-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: read device name in FreeBSD

2013-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/Makefile.am, src/cookies-gdbm.c, src/cookies.c,
	src/die.c, src/die.h, src/main-misc.c, src/main-user.c, src/main.c,
	src/pam.c, src/setproctitle.c, src/setproctitle.h, src/tun.c,
	src/vpn.h: several updates to allow compilation on FreeBSD

2013-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: updated
	doc

2013-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* LICENSE, Makefile.am: Added license file

2013-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h, src/worker-vpn.c: removed session
	ticket support

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, TODO: doc update

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker.h: removed unused variable

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-vpn.c, src/worker.h: MTU discovery simplified

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: MTU handling updates

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c: clear any lists prior to running sec
	mod

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Revert "run sec mod earlier to save memory" This reverts commit a8152e8c59fb7007b9dee5718bcb46f55b3d0e68.

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: when debugging do not set memory limits

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: run sec mod earlier to save memory

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: deinitialize memory taken by configuration parser.

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: disable dh-params by default

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: 
	doc update

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: added dh-params option into sample file

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: make clear that anyconnect compat layer is
	experimental

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/main-resume.c, src/sec-mod.c, src/tlslib.c: 
	depend on gnutls 3.1.10

2013-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: updated
	doc

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: use quotes when printing password file

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: cookies are overwritten prior to fork

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: Added anyconnect options to sample config

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: updated

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: readjusted log levels

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: reduce MTU on mtu failure in a less steep way

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: changed level of messages

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/ocserv-args.c, src/ocserv-args.h: consider
	chroot environment when creating socket file.

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def, src/sec-mod.c: simplified umask

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c, src/sec-mod.c, src/sec-mod.h,
	src/tlslib.c: updates in unix socket creation

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing file

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: use pkcs11_reinit() only when defined.

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: adjust buffer size if needed.

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: consider TCP MSS in MTU
	calculations.

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: set certain limits on the worker process using
	setrlimit()

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c, src/plain.c: Added copyright headers

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ccan/list/list.c, src/http-parser/http_parser.c: include
	config.h in all files

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c: reinitialize PKCS #11 modules after fork

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sec-mod.c, src/tlslib.c: combine writes to a single system
	call.

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: updated syscall list in seccomp

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, TODO, configure.ac, doc/Makefile.am,
	doc/sample.config, doc/sample.passwd, src/Makefile.am,
	src/common.c, src/common.h, src/config.c, src/main-misc.c,
	src/main.c, src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sec-mod.c, src/sec-mod.h, src/tlslib.c,
	src/tlslib.h, src/vpn.h, src/worker-tun.c, src/worker-vpn.c: The TLS
	private keys are kept into a privileged process.  That process is called security-module (sec-mod) and communicates
	with the workers using a unix domain socket.

2013-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: Always send the provided password to PAM irrespective
	of the prompt.

2013-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, TODO, config.h.in, configure.ac,
	gl/Makefile.am, gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/getpass.c,
	gl/getpass.h, gl/lseek.c, gl/m4/fseek.m4, gl/m4/fseeko.m4,
	gl/m4/fstat.m4, gl/m4/getpass.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/largefile.m4, gl/m4/lseek.m4,
	gl/m4/minmax.m4, gl/m4/strdup.m4, gl/m4/sys_stat_h.m4,
	gl/m4/sys_types_h.m4, gl/malloc.c, gl/minmax.h, gl/stdio-impl.h,
	gl/strdup.c, gl/sys_stat.in.h, gl/unistd.in.h, src/Makefile.am,
	src/ocpasswd-args.c, src/ocpasswd-args.def, src/ocpasswd-args.h,
	src/ocpasswd.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/plain.c, src/vpn.h: crypt(3) is used in the
	plain password file.  In addition, ocpasswd program was added to generate password file
	entries.

2013-03-14  Nikos Mavrogiannopoulos <nikos@esat.kuleuven.be>

	* src/Makefile.am, src/ocpasswd.c, src/plain.c: Added ocpasswd

2013-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/sample.config, doc/scripts/ocserv-down,
	doc/scripts/ocserv-script, doc/scripts/ocserv-up: Updated sample
	script.

2013-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/log.c, src/main-auth.c, src/main-misc.c,
	src/main-user.c, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/script-list.h,
	src/tun.c, src/worker-auth.c: Do not let scripts block the server
	operation.

2013-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, build-aux/snippet/_Noreturn.h, config.h.in,
	doc/sample.config, gl/Makefile.am, gl/errno.in.h, gl/getdelim.c,
	gl/getline.c, gl/m4/errno_h.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/malloc.m4,
	gl/m4/realloc.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
	gl/realloc.c, gl/stdio.in.h, gl/stdlib.in.h, gl/unistd.in.h,
	src/Makefile.am, src/config.c, src/main-auth.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/plain.c, src/plain.h,
	src/vpn.h: Added plain password format

2013-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: small doc updates

2013-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/tlslib.c, src/tlslib.h, src/worker-vpn.c: enable session
	tickets.

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: manual page moved to section 8

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tlslib.c, src/vpn.h: Added ability to specify
	multiple certificate and key pairs.

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tlslib.c, src/tlslib.h, src/vpn.h: Allow
	setting DH parameters.

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: check the server certificate prior to initialization

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: Added sanity check on certificate and key reading.

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: Exit when mandatory configuration options are not
	present

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: rate-limit-ms is no longer mandatory to set

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: updated
	doc

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 0.0.2

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: updated text

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: seccomp is disabled by default

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/tlslib.c, src/vpn.h: Allow setting OCSP
	responses.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-tun.c: corrected advertized address

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: small optimizations

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: unified POST
	handlers, and auto-detect xml content

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: corrected check for banned entries

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Eliminated memory leaks on lists.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/sample.config, src/config.c, src/main-auth.c,
	src/main-misc.c, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h: Allow setting a
	reconnection delay time after a failed authentication attempt (added
	min-reauth-time option).

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Allow longer sleeps than a second.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : corrected typo

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/config.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h: Allow setting a
	rate limit on the number of connections.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated doc

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: do not link against 3.1.7 or 8 version of gnutls.

2013-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c: Anyconnect client compatibility
	is optional.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: simplified certificate request and require setting.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/worker-tun.c: fix the 'local' keyword in DNS server
	settings.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: corrected cert require rule

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/tlslib.c, src/vpn.h,
	src/worker-auth.c, src/worker.h: Added option to allow sending a
	cookie without the corresponding certificate.  This option is required for the cisco clients, that do not always
	use the client certificate. When this option is set to false it
	means that the cookie itself is sufficient for authentication. This
	is bad practice of smart cards are in use.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: use chdir prior to chroot.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/profile.xml, doc/sample.config,
	src/Makefile.am, src/config.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/tlslib.c, src/tlslib.h,
	src/vpn.h, src/worker-auth.c, src/worker-vpn.c: Several updates to
	handle URLs requested by the cisco client.

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: Send correct
	replies.

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: Added title into success message

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: always set max-age

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/vpn.h, src/worker-auth.c: include banner in the
	XML success message.

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: ocserv.1 built is optional

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: more verbose in client methods

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-02-26  Jason Cooper <jason@lakedaemon.net>

	* configure.ac, doc/Makefile.am, src/Makefile.am: warn if autogen
	isn't installed Signed-off-by: Jason Cooper <jason@lakedaemon.net>

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: Banner was made
	configurable.

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-resume.c: log message updates

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Added timeout to handshake().

2013-02-26  Jason Cooper <jason@lakedaemon.net>

	* .gitignore, doc/ocserv.1: doc/ocserv.1 is generated, don't track
	it Signed-off-by: Jason Cooper <jason@lakedaemon.net>

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: doc update

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: message updates

2013-02-26  Jason Cooper <jason@lakedaemon.net>

	* .gitignore, Makefile.am, configure.ac: add cscope/ctags make
	targets Newcomers to the code often use these tools to learn their way
	around.  Integrate them into the build so that we don't accidentally
	track their files.  Signed-off-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-02-26  Jason Cooper <jason@lakedaemon.net>

	* src/main.c: main: check return of daemon() Signed-off-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: remove Werror from automake flags

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/main.c: updated

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* autogen.sh: Added autogen file.

2013-02-25  Jason Cooper <jason@lakedaemon.net>

	* .gitignore, aclocal.m4: don't track aclocal.m4, it's a generated
	file Signed-off-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/Makefile.am, src/main.c: Added
	support for TCP wrappers (libwrap)

2013-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Added some more CSTP headers

2013-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: 
	Allow setting NBNS.

2013-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented update

2013-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated installation instructions

2013-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: depend on automake 1.11.3

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: more complete
	http body handling

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: better initialization of req.

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* aclocal.m4, build-aux/ar-lib, configure.ac: Added AM_PROG_AR to
	keep automake-1.12 happy. Reported by David Woodhouse.

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Corrected issue with openconnect <= 4.00.
	Reported by Mike Miller.

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Fix out-of-source tree build. Patch by Mike
	Miller.

2013-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, doc/ocserv.1, doc/sample.config, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h: doc update

2013-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: small update

2013-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: small update

2013-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: updated manual

2013-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: added news

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: updates in DPD handling When have not received DPD for long try sending instead of
	immediately failing.  Also treat any received message as DPD to
	prevent kicking an active client.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: DPD_TRIES was defined and increased to 5 from 3

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: small optimizations

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/sample.config: updated sample config

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: updated

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: print the DPD time.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/main.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/worker-misc.c: when receive a new UDP
	session, forward the fd and replace the old.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/tlslib.c: simplified TLS file load and reload.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/tlslib.h: Load PINs early.

2013-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/config.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/tlslib.c, src/vpn.h: 
	Added configuration options for PIN files.

2013-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c, src/worker.h: print debugging
	information on the received HTTP headers

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h, src/worker-vpn.c: 
	mtu discovery via DPD is optional

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, configure.ac, doc/ocserv.1, src/Makefile.am,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/version.def.in: Added version.def.in

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: doc update

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: updated
	bug report address

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: doc
	update

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-gdbm.c, src/cookies-hash.c, src/main-auth.c: when
	restoring a cookie connection, extend the lifetime of the cookie.

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, doc/sample.config, src/tlslib.c, src/worker-vpn.c,
	src/worker.h: Added some kind of path MTU discovery using DPD.

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c: simplified messages

2013-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c, src/main-resume.c: better log messages

2013-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c, src/main-resume.c, src/tlslib.h: Enable
	maintainance when maximum TLS sessions have been reached. Set more
	sane defaults for max sessions.

2013-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c, src/main.c, src/main.h: When the cookie DB is
	full enforce maintainance.

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/tun.c: simplified (and corrected) TUN device
	creation and re-use

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: postpone usage of cork and uncork

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: corrected typo

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: simplified main loop

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c: reduced the default hash table size.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-privs.c: Added missing ioctl().

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pam.c: Allow NULL PAM auth token. This would allow to have
	password authentication on certain users that have a certificate.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/ocserv.1, doc/scripts/ocserv-down,
	doc/scripts/ocserv-up, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h: Added example scripts and updated documentation.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/sample.config: Added missing files

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/main-auth.c, src/main-user.c,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h: Simplify
	script calling by using the environment

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: quit if no TCP port is available.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/main.h, src/tlslib.c: write the
	correct PID in pid file

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ocserv.1, src/config.c, src/cookies.h, src/ipc.h,
	src/main-auth.c, src/main-misc.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/pam.c, src/pam.h,
	src/vpn.h, src/worker-auth.c: Use PAM account management and added
	support for user groups.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README, configure.ac, src/config.c, src/log.c,
	src/main.c, src/main.h, src/tlslib.c, src/tlslib.h, src/vpn.h,
	src/worker-tun.c, src/worker-vpn.c: HUP signal reloads configuration

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config: Updated documentation

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: use common function to exit

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/tun.h, src/worker-auth.c, src/worker-tun.c,
	src/worker-vpn.c: small updates

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/Makefile.am, src/worker-privs.c,
	src/worker-vpn.c, src/worker.h: Added support for seccomp (untested)

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main.c, src/main.h, src/worker-misc.c: 
	connect occurs before sending the fd to worker.

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: set time to entry only when writing the WTMP file

2013-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: corrected definition

2013-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c, src/worker-vpn.c: DTLS-Rekey time is set to be
	the 2/3 of cookie validity

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-gdbm.c, src/main.c: fork moved to gdbm backend
	expiration

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath: added missing file

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: better set socket options

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: Write wtmp file if possible.

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-hash.c, src/main-misc.c, src/main.c: increased cookie
	hash table size and better cleanup resources on errors

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-gdbm.c, src/cookies-hash.c, src/cookies.c,
	src/cookies.h, src/main.c, src/sample.config: erase cookie data
	before forking to unprivileged process.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: when expiring stuff, do it on the main process unless
	we use gdbm.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main-auth.c, src/main-misc.c, src/main.h,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/sample.config, src/vpn.h: enforce maximum number of same clients

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c: Set a default config file.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config: Added PID file

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-misc.c, src/main-resume.c, src/ocserv-args.c,
	src/ocserv-args.h, src/worker-misc.c, src/worker-vpn.c,
	src/worker.h: small reorganization

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.def: Added OID examples

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: ignore certificate in DTLS session

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: more explicit debug messages.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: do not require certificate on DTLS session

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main.c: simplified logging in debug mode

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, aclocal.m4, config.h.in, configure.ac,
	m4/lib-link.m4, src/config.c, src/log.c, src/main-auth.c,
	src/main-user.c, src/main.c, src/pam.c, src/tlslib.c, src/tun.c: 
	Several changes to compile on old linux kernels, and in constrained
	libgnutls libraries

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: kick out the peer if non DPD
	packets are received for 3x the DPD time

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: Ignore non-fatal DTLS errors.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/setproctitle.c, src/setproctitle.h: Use a compatible with
	BSD's setproctitle.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: changes in debugging messages

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c, src/worker.h: Added wait_fd state in UDP channel

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/setproctitle.c, src/setproctitle.h: used a more
	sane setproctitle

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/main.c, src/setproctitle.c,
	src/setproctitle.h: set process title

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* COPYING: added license

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/ipc.h, src/main-auth.c, src/main-misc.c,
	src/main.h, src/worker-auth.c, src/worker-misc.c, src/worker-tun.c,
	src/worker-vpn.c, src/worker.h: MTU is now set via the main server

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config, src/vpn.h, src/worker-vpn.c: 
	Added configurable DPD

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-vpn.c: explicitly close the logging
	subsystem

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/worker-tun.c, src/worker-vpn.c, src/worker.h: 
	separated tun handling code from main worker code.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: correctly send termination signal to peer

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-vpn.c: added a more graceful termination of
	workers.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies-gdbm.c, src/cookies-hash.c, src/cookies.h,
	src/main-auth.c, src/main.c, src/main.h, src/worker-vpn.c: several
	updates in cookies, and tun handling.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c: fixes for newer gnutls

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: set tun device MTU based on minimum MTU of DTLS
	and TLS.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/sample.config: sample config uses cookie DB

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocserv-args.c, src/ocserv-args.h, src/tlslib.c, src/tlslib.h,
	src/worker-auth.c, src/worker-vpn.c: use gnutls cork() and uncork()
	when available

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/main.h, src/ocserv-args.def, src/sample.config,
	src/tlslib.c, src/tlslib.h, src/vpn.h, src/worker.h: cleaned up TLS
	code which was moved to tlslib

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: mtu cleanups

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/Makefile.am, src/config.c,
	src/cookies-gdbm.c, src/cookies-hash.c, src/cookies.c,
	src/cookies.h, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/vpn.h: gdbm was re-added and made optional.

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, src/sample.config: updated readme

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : updated

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h, src/worker-vpn.c, src/worker.h: Honour client's MTU
	choice.

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: removed warning

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : Added a description of the server

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, src/config.c, src/ipc.h, src/log.c, src/main-auth.c,
	src/main-resume.c, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/tun.c, src/tun.h, src/vpn.h, src/worker-auth.c,
	src/worker-vpn.c, src/worker.h: Use a single UDP port in the server.  Several modifications to use a single UDP port in the server. This
	is currently done using a hack, i.e., pass the UDP socket to worker,
	close it on the main server and then re-open it (using REUSEADDR).  Also several updates in TUN handling to allow more than one clients
	connecting.

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: removed unneeded warning

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/config.c, src/cookies.c,
	src/cookies.h, src/main-auth.c, src/main.c, src/main.h,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/sample.config, src/tlslib.c, src/tlslib.h, src/vpn.h: dropped
	dependency on gdbm. Cookies are stored in a hash.

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-user.c: corrected issue in utmp

2013-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed uneeded text

2013-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/main-auth.c,
	src/main-script.c, src/main-user.c, src/main.c, src/main.h,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/sample.config, src/vpn.h: Added explicit logging to UTMP file.

2013-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, gl/Makefile.am, gl/hash-pjw-bare.c,
	gl/hash-pjw-bare.h, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	src/Makefile.am, src/ccan/build_assert/build_assert.h,
	src/ccan/check_type/check_type.h,
	src/ccan/container_of/container_of.h, src/ccan/hash/hash.c,
	src/ccan/hash/hash.h, src/ccan/htable/htable.c,
	src/ccan/htable/htable.h, src/ccan/htable/htable_type.h,
	src/ccan/licenses/BSD-MIT, src/ccan/licenses/CC0,
	src/ccan/licenses/LGPL-2.1, src/ccan/list/list.c,
	src/ccan/list/list.h, src/hash.h, src/hashtable.h, src/list.h,
	src/main-auth.c, src/main-resume.c, src/main-script.c, src/main.c,
	src/main.h, src/tlslib.c, src/tlslib.h, src/tun.c, src/tun.h: Use
	CCAN hashes and lists.

2013-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: added fixme

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/log.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/vpn.h, src/worker-auth.c, src/worker-vpn.c: 
	corrected DTLS packet handling.

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.h, src/log.c, src/main.c, src/main.h, src/tlslib.h,
	src/vpn.h, src/worker-resume.c, src/worker.h: reorganized headers

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.h, src/ipc.h, src/main-auth.c, src/main-script.c,
	src/main.h, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config, src/worker-auth.c: store
	hostname of the user, and pass it to scripts.

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: reply to the correct interface

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config, src/vpn.h, src/worker-vpn.c: 
	changes to enable VPN functionality.

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: be less verbose about children dying

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-script.c, src/main.h: call connect
	script with explicit lease

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.h, src/worker-vpn.c: Send X-CSTP-Version and read
	hostname.

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/tlslib.c, src/tlslib.h, src/tun.h: deinitialize
	the TLS cache prior to fork

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: depend on the correct gnutls version

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing files

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/cookies.h, src/ipc.h, src/main.c: simplified
	call to expire cookies

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, TODO, aclocal.m4, config.h.in: updated

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: Check for root permissions after parsing command line

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-script.c, src/main.c, src/tun.c: use close-on-exec flag
	on fds

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/cloexec.c, gl/cloexec.h, gl/close.c,
	gl/dup2.c, gl/fcntl.c, gl/fcntl.in.h, gl/fd-hook.c, gl/fd-hook.h,
	gl/getdtablesize.c, gl/m4/close.m4, gl/m4/dup2.m4,
	gl/m4/fcntl-o.m4, gl/m4/fcntl.m4, gl/m4/fcntl_h.m4,
	gl/m4/getdtablesize.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/off_t.m4, gl/m4/ssize_t.m4, gl/m4/stdbool.m4,
	gl/m4/sys_types_h.m4, gl/m4/unistd_h.m4, gl/msvc-inval.c,
	gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
	gl/stdbool.in.h, gl/sys_types.in.h, gl/unistd.c, gl/unistd.in.h: 
	added cloexec module

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-script.c, src/main.c, src/main.h: clear all fds and mem
	prior to exec

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/main-auth.c,
	src/main-script.c, src/main.c, src/main.h, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/vpn.h: Added connect and disconnect scripts

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-vpn.c: handle disconnections

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: print the pid of dying processes

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-resume.c: removed debugging info

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-resume.c, src/main.c, src/main.h, src/sample.config,
	src/tlslib.c, src/tlslib.h, src/worker-vpn.c: Added automatic TLS
	session expiration.

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main-auth.c, src/main-resume.c, src/worker-resume.c: reduce
	the number of data exchanged during a resumption.

2013-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Added missing file

2013-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, gl/Makefile.am, gl/hash-pjw-bare.c,
	gl/hash-pjw-bare.h, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/stdint.in.h, gl/sys_time.in.h, src/Makefile.am, src/hash.h,
	src/hashtable.h, src/ipc.h, src/list.h, src/main-auth.c,
	src/main-resume.c, src/main.c, src/main.h, src/tlslib.c,
	src/tlslib.h, src/vpn.h, src/worker-auth.c, src/worker-auth.h,
	src/worker-resume.c, src/worker-vpn.c, src/worker.h: Added session
	resumption to TLS server.

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: updated

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in: updated config.h.in

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.c: use the full certificate DN if no username is
	set

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tlslib.c, src/vpn.h, src/worker-vpn.c: Added some primitive
	mtu handling

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/gettime.c, gl/gettimeofday.c, gl/m4/clock_time.m4,
	gl/m4/extern-inline.m4, gl/m4/gettime.m4, gl/m4/gettimeofday.m4,
	gl/m4/sys_socket_h.m4, gl/m4/sys_time_h.m4, gl/m4/time_h.m4,
	gl/m4/timespec.m4, gl/sys_time.in.h, gl/time.in.h, gl/timespec.c,
	gl/timespec.h: Added missing files

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/cookies.c, src/vpn.h: better name for db_file

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: updated

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.h, src/main-auth.c, src/vpn.h, src/worker-auth.c,
	src/worker-auth.h: master secret doesn't need to be generated by the
	server

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/main.c, src/sample.config, src/vpn.h: set a
	maximum number of clients

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/config.c, src/sample.config: set a default priority string if
	not set.

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, src/worker-vpn.c: cleanups

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO, aclocal.m4, gl/Makefile.am, gl/dummy.c,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, src/config.c,
	src/cookies.h, src/main-auth.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/vpn.h, src/worker-auth.c, src/worker-auth.h, src/worker-vpn.c: 
	Fixed UDP side.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/worker-vpn.c: Allow a graceful shutdown.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/worker-auth.h, src/worker-vpn.c: Allow worker to received
	asynchronous commands from main.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/sample.config: chroot worker process

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing file

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* TODO: Added todo

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* config.h.in, configure.ac, src/Makefile.am, src/main-auth.c,
	src/pam.c, src/pam.h: Added PAM authentication.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/cookies.c, src/cookies.h,
	src/log.c, src/main-auth.c, src/main.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/sample.config,
	src/tun.c, src/vpn.h, src/worker-auth.c, src/worker-auth.h,
	src/worker-vpn.c: several updates and fixes in auth

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/cookies.h, src/http_auth.c,
	src/http_auth.h, src/main.c, src/tun.c, src/vpn.c, src/vpn.h,
	src/worker-auth.c, src/worker-vpn.c: better file structure

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: silence background operation

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: notify that root access is required

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: daemonize

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/ocserv-args.c, src/ocserv-args.def,
	src/ocserv-args.h, src/sample.config: small updates. Added sample
	configuration.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main.c, src/vpn.c: Associate a gnutls session with
	the worker state ptr.

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/config.c, src/ocserv-args.c,
	src/ocserv-args.def, src/ocserv-args.h, src/vpn.h: Read
	configuration file

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.c: make local option work

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, build-aux/compile: Added compile

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, Makefile.am, aclocal.m4, config.h.in, configure.ac,
	libopts/COPYING.gplv3, libopts/COPYING.lgplv3,
	libopts/COPYING.mbsd, libopts/MakeDefs.inc, libopts/Makefile.am,
	libopts/README, libopts/ag-char-map.h, libopts/alias.c,
	libopts/ao-strs.c, libopts/ao-strs.h, libopts/autoopts.c,
	libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/project.h, libopts/autoopts/usage-txt.h,
	libopts/boolean.c, libopts/check.c, libopts/compat/compat.h,
	libopts/compat/pathfind.c, libopts/compat/snprintf.c,
	libopts/compat/strchr.c, libopts/compat/strdup.c,
	libopts/compat/windows-config.h, libopts/configfile.c,
	libopts/cook.c, libopts/enum.c, libopts/env.c, libopts/file.c,
	libopts/find.c, libopts/genshell.c, libopts/genshell.h,
	libopts/libopts.c, libopts/load.c, libopts/m4/libopts.m4,
	libopts/m4/liboptschk.m4, libopts/makeshell.c, libopts/nested.c,
	libopts/numeric.c, libopts/parse-duration.c,
	libopts/parse-duration.h, libopts/pgusage.c, libopts/proto.h,
	libopts/putshell.c, libopts/reset.c, libopts/restore.c,
	libopts/save.c, libopts/sort.c, libopts/stack.c,
	libopts/streqvcmp.c, libopts/text_mmap.c, libopts/time.c,
	libopts/tokenize.c, libopts/usage.c, libopts/value-type.c,
	libopts/value-type.h, libopts/version.c, libopts/xat-attribute.c,
	libopts/xat-attribute.h, src/Makefile.am, src/config.c, src/main.c,
	src/ocserv-args.c, src/ocserv-args.def, src/ocserv-args.h,
	src/vpn.h: use autogen for command line options

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/http_auth.c, src/main.c, src/vpn.c, src/vpn.h: better notation

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/vpn.c: Allow a certain number of requests to the HTTP server

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/cookies.h, src/http_auth.c, src/http_auth.h,
	src/log.c, src/main.c, src/vpn.c, src/vpn.h: server_st -> worker_st

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tun.c: bring up tun interface

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c: initialize memory

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/http_auth.c, src/main.c, src/tun.c,
	src/tun.h, src/vpn.c, src/vpn.h: Provide client with normal leased
	IPs.

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/log.c, src/main.c, src/tun.c, src/tun.h, src/vpn.h: use const

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/vpn.c, src/vpn.h: main server keeps list of client
	IPs

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* main.c, src/http_auth.c, src/main.c, src/tun.c, src/tun.h,
	src/vpn.c, src/vpn.h: updated

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/main.c, src/tun.c, src/tun.h: separated tun
	code from main

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, build-aux/snippet/arg-nonnull.h,
	build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h: Added
	missing files

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/auth.c, src/auth.h,
	src/http_auth.c, src/http_auth.h, src/main.c, src/vpn.c, src/vpn.h: 
	updated server.

2013-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* main.c: Added missing file

2013-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* root/index.xml, root/login.xml, src/auth.c, src/auth.h, src/vpn.c: 
	Fixed connection issue with new openconnect client.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, src/main.c, src/vpn.c: small fixes

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cookies.c, src/main.c, src/vpn.h: Allow dropping privileges

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/main.c, src/vpn.c: set configured addresses to tun device.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth.c, src/tlslib.h, src/vpn.c: tls_print -> tls_puts to
	distinguish from printf

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/auth.c, src/auth.h, src/main.c, src/vpn.c, src/vpn.h: 
	preliminary configuration for networks.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/auth.c, src/common.h, src/cookies.c,
	src/log.c, src/main.c, src/tlslib.c, src/vpn.c, src/vpn.h: Added
	internal logging subsystem.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, AUTHORS, COPYING, ChangeLog, INSTALL, Makefile,
	Makefile.am, NEWS, README, aclocal.m4, build-aux/depcomp,
	build-aux/install-sh, build-aux/missing, config.h.in, configure.ac,
	gl/Makefile.am, gl/dummy.c, gl/m4/00gnulib.m4, gl/m4/extensions.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/include_next.m4,
	gl/m4/longlong.m4, gl/m4/memchr.m4, gl/m4/memmem.m4,
	gl/m4/mmap-anon.m4, gl/m4/multiarch.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/string_h.m4, gl/m4/warn-on-use.m4,
	gl/m4/wchar_t.m4, gl/memchr.c, gl/memchr.valgrind, gl/memmem.c,
	gl/stddef.in.h, gl/stdint.in.h, gl/str-two-way.h, gl/string.in.h,
	src/Makefile.am, src/auth.c, src/cookies.c, src/main.c,
	src/tlslib.c, src/vpn.c: Added automake/autoconf system

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* auth.c, auth.h, common.h, cookies.c, cookies.h,
	http-parser/http_parser.c, http-parser/http_parser.h, list.h,
	main.c, src/auth.c, src/auth.h, src/common.h, src/cookies.c,
	src/cookies.h, src/http-parser/http_parser.c,
	src/http-parser/http_parser.h, src/list.h, src/main.c,
	src/tlslib.c, src/tlslib.h, src/vpn.c, src/vpn.h, tlslib.c,
	tlslib.h, vpn.c, vpn.h: Moved sources

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* vpn.c, vpn.h: better handling of headers.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* auth.c, cookies.h, main.c, vpn.h: extract username from
	certificate.

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* vpn.c: removed unused code

2013-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile, auth.c, auth.h, common.h, cookies.c, cookies.h,
	http-parser/http_parser.c, http-parser/http_parser.h, list.h,
	main.c, root/index.xml, root/login.xml, server.c, tlslib.c,
	tlslib.h, vpn.c, vpn.h: updated server

2013-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile: a.out -> server Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile, server.c: updated for gnutls Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-01-04  David Woodhouse <David.Woodhouse@intel.com>

	* Initial import of test hack Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

