~mamarley/openconnect/+git/gitlab-main:hpke-win32

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

fdd3f34... by dwmw2 on 2022-04-28

Attempt to spawn browser on Windows.

Seems to fail with err 148. No idea why.

Signed-off-by: David Woodhouse <email address hidden>

c1f90d5... by dwmw2 on 2022-04-28

Fix potential leak of cookie_buf on error path

Spotted by Coverity.

Signed-off-by: David Woodhouse <email address hidden>

461e78b... by dwmw2 on 2022-04-28

Allow gmp without pkgconfig

The MinGW builds seem to have it like this. Now HPKE works on Windows
(although I haven't worked out how to spawn the browser)

Signed-off-by: David Woodhouse <email address hidden>

0b94c7b... by dwmw2 on 2022-04-28

Only abort on certificate fail for CERT2_REQUESTED

Some servers seem to request the first certificate even when it isn't
needed. Don't abort XML mode for that.

Fixes: #417
Signed-off-by: David Woodhouse <email address hidden>

a2b8134... by dwmw2 on 2022-04-25

Revert "GP: Fix the issue of a 0.0.0.0/0 "split"-include route by swapping the "split" route with the default netmask."

This reverts commit 99ae55aec1408a2905df72394dab99cb6fb41aed, which causes
regressions with existing NetworkManager-openconnect releases.

We can do it in NetworkManager-openconnect with
https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/merge_requests/36

Signed-off-by: David Woodhouse <email address hidden>

12f2163... by dwmw2 on 2022-04-23

Add changelog for STRAP

Signed-off-by: David Woodhouse <email address hidden>

62aa9c1... by dwmw2 on 2022-04-22

Always send STRAP pubkey even when we don't change it

Signed-off-by: David Woodhouse <email address hidden>

69a2ed3... by dwmw2 on 2022-04-22

Make all STRAP support conditional on HPKE

We really don't care about STRAP; we only did it for the external browser
support. The only case we've seen STRAP failing is when we *did* advertise
it and then didn't really do it, so omitting it completely seems harmless
for now.

And older GnuTLS such as on CentOS doesn't have some of the functions we
are using to obtain the Finished message or export the privkey, so just
disable it all. We *could* support the basic STRAP from GnuTLS 3.4.0 on
but there's not a lot of point.

Signed-off-by: David Woodhouse <email address hidden>

b982b2e... by dwmw2 on 2022-04-22

Silence static-analyser warning about redundant assignment to 'sep'

I did this for a reason. The *compiler* is clever enough not to bother
actually doing the assignment (not that it would matter anyway, since it
is hardly a fast path). But *developers*, including myself, are much less
likely to spot that it needs to be added in the 'deflate' case if we add
a new case at the end. So now in order to shut the tools up, I have to
turn a non-bug into a latent *actual* bug.

I suppose I could leave it there with a comment, or refactor it into a
loop over tuples of the form { COMPR_LZ4, "oc-lz4" }… but it probably
doesn't matter as we're unlikely to be adding more. Just suck it up.

Signed-off-by: David Woodhouse <email address hidden>

0e789d1... by dwmw2 on 2022-04-22

Revert "append_compr_types: removed unnecessary assignment"

This reverts commit 3cde372235c0616e4769a09dd8774b6fb2c95209.

The assignment *was* necessary. The point was that the first time 'sep'
was used, it's a space. And *after* that, it's a comma. Using a comma
every time ends up sending headers which look like this:
  X-DTLS-Accept-Encoding:,lzs

Signed-off-by: David Woodhouse <email address hidden>