> On Fri, 2019-04-19 at 13:58 -0400, Daniel Lenski wrote: >> On Thu, Apr 18, 2019 at 5:04 PM David Woodhouse <dwmw2@xxxxxxxxxxxxx> >> wrote: >> > Junos Pulse (which we should support because it supports IPv6 and at >> > some point they're doing to stop supporting the legacy NC protocol) >> has >> > something similar. Hence the hack checking for cert_md5 in >> > http://david.woodhou.se/proxy.go >> >> Ah, nice. Do you have an OpenConnect branch with Pulse support? (Even >> if crude and incomplete) Or some kind of protocol description? > > Does http://david.woodhou.se/pulse2.c count? > > I have that, and a bunch of the hexdumps from proxy.go, which I had > vaguely understood at the time; I had worked out enough of the IF-T/TLS > upgrade and the subsequent EAP bits that it mostly made sense. The IF-T spec at https://trustedcomputinggroup.org/resource/tnc-if-t-binding-to-tls/ helps... -- dwmw2 _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
