[prev in list] [next in list] [prev in thread] [next in thread]
List: openconnect-devel
Subject: OpenConnect 8.04 release
From: David Woodhouse <dwmw2 () infradead ! org>
Date: 2019-08-09 15:17:18
Message-ID: c48a79fa6902f6ebe77cd62aaf30bd488607ae03.camel () infradead ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
The most interesting part here is the support for Pulse Connect Secure,
of course. We now finally have IPv6 support instead of being stuck in
the 20th century (actually, make that the 1980s; even IPv6 was 1990s)
with the Juniper NC compatibility. We still don't have Host Checker
support for Pulse yet though; that would be nice to add.
Also fixes password handling for proxies, reworks and improves the MTU
detection for DTLS, and a few other fixes.
ftp://ftp.infradead.org/pub/openconnect/openconnect-8.04.tar.gz
ftp://ftp.infradead.org/pub/openconnect/openconnect-8.04.tar.gz.asc
Colin Petrie (1):
Update CSTP for IPv6 DNS servers
Daniel Lenski (10):
make dump_buf_hex() show printable characters as well
Better spoofed HIP report
Report GP session lifetime
Incomplete, speculative IPv6 for GlobalProtect
Clean up and simplify GP ESP keying
comment about GlobalProtect HTTP user-agent value
consolidate GlobalProtect OS name translation
Add hipreport-android.sh
also support sha256 with GlobalProtect ESP
fix GP MTU calculation
David Woodhouse (44):
Consolidate common parts of setup_esp_keys()
Revamp MTU detection
Fix peer_cert_hash memory leaks
Convert dump_buf_hex() to use oc_text_buf instead of sprintf
Add Pulse Connect Secure support
Add HMAC-SHA256-128 support for ESP
pulse: Split out config packet handling and loop until end-of-config =
received
Add ESP support for Pulse
Split out construct_esp_packet() to avoid duplication
Set ESP Next Header field to 0x29 for IPv6 packets
Disable encrypt-then-mac where possible with DTLS and OpenSSL
Fix pulse build without HAVE_ESP
Refuse to use libp11 0.4.7 as it's broken
Fix EAP-TTLS build for OpenSSL 1.0.2 and earlier
pulse: Handle multiple IF-T/TLS records in a single SSL record
Import translations from GNOME
Update changelog
Set IPv6 netmask vs. address fields correctly for Pulse
Revert "Set ESP Next Header field to 0x29 for IPv6 packets"
Look a lot more like the Windows client...
Improve Pulse ESP setup reliability.
Translate strings in openconnect_get_supported_protocols()
Turn off Extended Master Secret support (RFC7627) for resumed DTLS se=
ssions
Add IPv6 DNS and split routing for Pulse.
Add tokencode support for Pulse
Acknowledge Pulse post-signin message
Interpret Pulse auth failure AVP
Revert "Look a lot more like the Windows client..."
Allow oversized incoming DTLS packets
Attempt to handle Pulse password/passcode auth flow better
Various documentation updates (DTLSv1.2, Pulse, TNCC)
Update translatons from GNOME
Set ESP Next Header correctly for IPv6 again
For Pulse, send ESP only of the same IP protocol as we're connected o=
ver
Add IPPROTO_IPIP compat definition to fix MinGW build
Support autobuild for COPR
Increase buffer size for oNCP configuration
Kill bogus 'no GSSAPI' warning when it isn't true
Update translatons from GNOME
Implicitly enable basic auth for SOCKS if creds are provided.
Fix proxy username and password parsing.
Simplify openconnect_set_http_proxy() and report errors
Remove hipreport-android.sh from COPR RPM build
Tag version 8.04
Rosen Penev (2):
Fix compilation without deprecated OpenSSL 1.1 APIs
Fix DTLS bug when lacking deprecated APIs
raminfp (1):
gpst: Fix memory leak if udp_connect() fails.
["smime.p7s" (application/x-pkcs7-signature)]
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic