OpenConnect

~mamarley/openconnect/+git/gitlab-main:explicit_http_keepalive_header

Git
lp:~mamarley/openconnect/+git/gitlab-main
explicit_http_keepalive_header

Last commit made on 2021-03-23

Get this branch:: git clone -b explicit_http_keepalive_header https://git.launchpad.net/~mamarley/openconnect/+git/gitlab-main

Branch merges

Branch information

Name:: explicit_http_keepalive_header

Repository:: lp:~mamarley/openconnect/+git/gitlab-main

Recent commits

eb6e6a3... by Dan Lenski on 2021-03-21

HTTP requests: add explicit 'Connection: keep-alive' header unless --no-http-keepalive specified

This is *supposed* to be the HTTP/1.1 default, but some servers appear not to follow it unless explicitly requested.

The oNCP protocol includes one request (GET-tunnel) which unconditionally requires the header 'Connection: close' to work properly.

Signed-off-by: Daniel Lenski <email address hidden>

c505859... by Dan Lenski on 2021-03-16

cstp: don't send X-AnyConnect-Platform header

1. Cisco AnyConnect 4.8+ no longer sends it, and some newer servers reject
   any client which sends it (see #101)… including older versions of Cisco's
   own client. (Great job, Cisco 🤦🏻‍♂️.)
2. We can't find any evidence of older Cisco servers which *do* require this
   header to be present in order to authenticate the client.
3. It's redundant. Any server that wants to know the client's platform as
   soon as it receives the initial XML POST already has it. (It's in the
   <device-id> tag in addition to the header.)

If there actually are any servers that *do* require this header to identify
and authenticate the client/platform, then the `--local-id` mechanism of
!103 is probably the right way to ensure that it is sent.

Signed-off-by: Daniel Lenski <email address hidden>

ff463ff... by Dan Lenski on 2021-02-20

update .gitignore

Signed-off-by: Daniel Lenski <email address hidden>

cd16d23... by Dan Lenski on 2020-12-17

make set_tun_mtu a global internal function, and don't do it in os_setup_tun anymore

See da51169d7276843b1a8d4308a51fa7b1ba591cf6 from 2014 for some useful background.

Signed-off-by: Daniel Lenski <email address hidden>

919dc5a... by Dan Lenski on 2020-12-17

make set_tun_mtu a global internal function, and don't do it in os_setup_tun anymore

See da51169d7276843b1a8d4308a51fa7b1ba591cf6 from 2014 for some useful background.

Signed-off-by: Daniel Lenski <email address hidden>

46ae248... by Dan Lenski on 2021-02-01

Juniper forms with 'id' but not 'name'

Speculative fix for #219

Signed-off-by: Daniel Lenski <email address hidden>

d99d88b... by Dan Lenski on 2021-02-20

redirect all ftp/http/https links to Gitlab rather than infradead.org

Except for past release tarballs and their signatures. TODO: figure out if we can do signed releases on Gitlab.

Signed-off-by: Daniel Lenski <email address hidden>

b5b50c2... by Dan Lenski on 2021-03-15

Merge branch 'fix/tncc-exception' into 'master'

fix: don't raise when TNCC_CERTS is unset

See merge request openconnect/openconnect!173

8e18454... by Joachim Kuebart <email address hidden> on 2021-03-08

fix: don't raise when TNCC_CERTS is unset

When asn1crypto isn't available, only raise if TNCC_CERTS is set. That's
the semantics suggested by the error message.

Signed-off-by: Joachim Kuebart <email address hidden>

cfff598... by Joachim Kuebart <email address hidden> on 2021-03-08

nit: silence deprecation warning

Using logging.warn() causes a deprecation warning. Even Python 2.7 appears
to have logging.warning(), so use that instead.

Signed-off-by: Joachim Kuebart <email address hidden>

»