The most interesting part here is the support for Pulse Connect Secure, of course. We now finally have IPv6 support instead of being stuck in the 20th century (actually, make that the 1980s; even IPv6 was 1990s) with the Juniper NC compatibility. We still don't have Host Checker support for Pulse yet though; that would be nice to add. Also fixes password handling for proxies, reworks and improves the MTU detection for DTLS, and a few other fixes. ftp://ftp.infradead.org/pub/openconnect/openconnect-8.04.tar.gz ftp://ftp.infradead.org/pub/openconnect/openconnect-8.04.tar.gz.asc Colin Petrie (1): Update CSTP for IPv6 DNS servers Daniel Lenski (10): make dump_buf_hex() show printable characters as well Better spoofed HIP report Report GP session lifetime Incomplete, speculative IPv6 for GlobalProtect Clean up and simplify GP ESP keying comment about GlobalProtect HTTP user-agent value consolidate GlobalProtect OS name translation Add hipreport-android.sh also support sha256 with GlobalProtect ESP fix GP MTU calculation David Woodhouse (44): Consolidate common parts of setup_esp_keys() Revamp MTU detection Fix peer_cert_hash memory leaks Convert dump_buf_hex() to use oc_text_buf instead of sprintf Add Pulse Connect Secure support Add HMAC-SHA256-128 support for ESP pulse: Split out config packet handling and loop until end-of-config received Add ESP support for Pulse Split out construct_esp_packet() to avoid duplication Set ESP Next Header field to 0x29 for IPv6 packets Disable encrypt-then-mac where possible with DTLS and OpenSSL Fix pulse build without HAVE_ESP Refuse to use libp11 0.4.7 as it's broken Fix EAP-TTLS build for OpenSSL 1.0.2 and earlier pulse: Handle multiple IF-T/TLS records in a single SSL record Import translations from GNOME Update changelog Set IPv6 netmask vs. address fields correctly for Pulse Revert "Set ESP Next Header field to 0x29 for IPv6 packets" Look a lot more like the Windows client... Improve Pulse ESP setup reliability. Translate strings in openconnect_get_supported_protocols() Turn off Extended Master Secret support (RFC7627) for resumed DTLS sessions Add IPv6 DNS and split routing for Pulse. Add tokencode support for Pulse Acknowledge Pulse post-signin message Interpret Pulse auth failure AVP Revert "Look a lot more like the Windows client..." Allow oversized incoming DTLS packets Attempt to handle Pulse password/passcode auth flow better Various documentation updates (DTLSv1.2, Pulse, TNCC) Update translatons from GNOME Set ESP Next Header correctly for IPv6 again For Pulse, send ESP only of the same IP protocol as we're connected over Add IPPROTO_IPIP compat definition to fix MinGW build Support autobuild for COPR Increase buffer size for oNCP configuration Kill bogus 'no GSSAPI' warning when it isn't true Update translatons from GNOME Implicitly enable basic auth for SOCKS if creds are provided. Fix proxy username and password parsing. Simplify openconnect_set_http_proxy() and report errors Remove hipreport-android.sh from COPR RPM build Tag version 8.04 Rosen Penev (2): Fix compilation without deprecated OpenSSL 1.1 APIs Fix DTLS bug when lacking deprecated APIs raminfp (1): gpst: Fix memory leak if udp_connect() fails.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
