[GIT PULL V2] Fixes for rekeying, Android builds, etc.

Kevin Cernekee cernekee at gmail.com
Sun Feb 16 17:12:46 EST 2014 

V1->V2:

 - Added reference to Android local symbol relocation issue:
   https://code.google.com/p/android/issues/detail?id=66048

 - Added minor AC_CONFIG_FILES fix

 - Rebase on latest upstream master

You guys might want to hold off on "Rework DTLS master secret
(re)generation" depending on what Nikos' rekeying changes wind up looking
like?  The most critical fix in my commit is making sure that DTLS
re-handshakes after sending a new DTLS master key to the gateway.  This
is currently a major problem on mobile since the device is constantly
disconnecting and reconnecting due to suspend/resume and network
connectivity changes.  Without the fix, the client's DTLS parameters
eventually get out of sync with the server's parameters, and no data
traffic can pass.



The following changes since commit 18e0f494d1b8e571be2cf535a3fa067db894034e:

  Remove Java_* wildcard from libopenconnect.map (2014-02-16 21:20:37 +0000)

are available in the git repository at:

  git://github.com/cernekee/openconnect rekey-20140216

for you to fetch changes up to ebf8452d65a5410859298ac316eed3c3a9d1b4df:

  Avoid deprecated AC_OUTPUT syntax (2014-02-16 13:43:25 -0800)

----------------------------------------------------------------
Kevin Cernekee (15):
      Add liboath version check
      http: Don't retry on user cancellation
      cstp_reconnect: Don't sleep if the user terminated the connection
      android: Add android/ directory to release tarballs
      android: Explicitly disable symbol versioning
      android: Use make-standalone-toolchain.sh from NDK
      android: Install stripped binaries under $(TRIPLET)/out
      cstp: Make sure outbound packets are sent over CSTP if DTLS is down
      dtls: Set rekey_method correctly if the header is missing
      Sanity-check CSTP and DTLS rekey times
      cstp: Rework DTLS master secret (re)generation
      mainloop: Use consistent logic for rekey timeout check
      mainloop: Simplify the keepalive functions
      dtls: Fix link error on !HAVE_DTLS builds
      Avoid deprecated AC_OUTPUT syntax

 Makefile.am      |    3 ++-
 android/Makefile |   73 ++++++++++++++++++++++++++++++++----------------------
 configure.ac     |   17 ++++++++++---
 cstp.c           |   42 ++++++++++++++++++++++++-------
 dtls.c           |    9 +++++++
 http.c           |    2 ++
 main.c           |    2 +-
 mainloop.c       |   71 +++++++++++++++++++---------------------------------
 ssl.c            |    6 ++---
 9 files changed, 133 insertions(+), 92 deletions(-)

-- 
1.7.9.5

More information about the openconnect-devel mailing list