eb6e6a3...
by
Dan Lenski
on 2021-03-21
HTTP requests: add explicit 'Connection: keep-alive' header unless --no-http-keepalive specified
This is *supposed* to be the HTTP/1.1 default, but some servers appear not to follow it unless explicitly requested.
The oNCP protocol includes one request (GET-tunnel) which unconditionally requires the header 'Connection: close' to work properly.
Signed-off-by: Daniel Lenski <email address hidden>
c505859...
by
Dan Lenski
on 2021-03-16
cstp: don't send X-AnyConnect- Platform header
1. Cisco AnyConnect 4.8+ no longer sends it, and some newer servers reject
any client which sends it (see #101)… including older versions of Cisco's
own client. (Great job, Cisco 🤦🏻♂️.)
2. We can't find any evidence of older Cisco servers which *do* require this
header to be present in order to authenticate the client.
3. It's redundant. Any server that wants to know the client's platform as
soon as it receives the initial XML POST already has it. (It's in the
<device-id> tag in addition to the header.)
If there actually are any servers that *do* require this header to identify
and authenticate the client/platform, then the `--local-id` mechanism of
!103 is probably the right way to ensure that it is sent.
Signed-off-by: Daniel Lenski <email address hidden>
ff463ff...
by
Dan Lenski
on 2021-02-20
update .gitignore
Signed-off-by: Daniel Lenski <email address hidden>
cd16d23...
by
Dan Lenski
on 2020-12-17
make set_tun_mtu a global internal function, and don't do it in os_setup_tun anymore
See da51169d7276843 b1a8d4308a51fa7 b1ba591cf6 from 2014 for some useful background.
Signed-off-by: Daniel Lenski <email address hidden>
919dc5a...
by
Dan Lenski
on 2020-12-17
make set_tun_mtu a global internal function, and don't do it in os_setup_tun anymore
See da51169d7276843 b1a8d4308a51fa7 b1ba591cf6 from 2014 for some useful background.
Signed-off-by: Daniel Lenski <email address hidden>
46ae248...
by
Dan Lenski
on 2021-02-01
Juniper forms with 'id' but not 'name'
Speculative fix for #219
Signed-off-by: Daniel Lenski <email address hidden>
d99d88b...
by
Dan Lenski
on 2021-02-20
redirect all ftp/http/https links to Gitlab rather than infradead.org
Except for past release tarballs and their signatures. TODO: figure out if we can do signed releases on Gitlab.
Signed-off-by: Daniel Lenski <email address hidden>
b5b50c2...
by
Dan Lenski
on 2021-03-15
Merge branch 'fix/tncc- exception' into 'master'
fix: don't raise when TNCC_CERTS is unset
See merge request openconnect/ openconnect! 173
8e18454...
by
Joachim Kuebart <email address hidden>
on 2021-03-08
fix: don't raise when TNCC_CERTS is unset
When asn1crypto isn't available, only raise if TNCC_CERTS is set. That's
the semantics suggested by the error message.
Signed-off-by: Joachim Kuebart <email address hidden>
cfff598...
by
Joachim Kuebart <email address hidden>
on 2021-03-08
nit: silence deprecation warning
Using logging.warn() causes a deprecation warning. Even Python 2.7 appears
to have logging.warning(), so use that instead.
Signed-off-by: Joachim Kuebart <email address hidden>