~mamarley/openconnect/+git/gitlab-main:pulse_Juniper2_password_request_case5

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

c36e0ec... by Dan Lenski on 2021-06-23

Speculative fix for #255

This field:

    AVP 79: 01 01 00 12 fe 00 0a 4c [00 00 00 05] 01 [00 11 5d bf 60]

… is very similar to the Juniper/2 PASSREQ case:

    AVP 79: 01 01 00 12 fe 00 0a 4c 00 00 00 02 01

… except for 2 → 5, and extra bytes at the end. Just log these bytes, and
treat it as if it were the "normal" Juniper/2 PASSREQ case, and see if that
gets us any further.

Signed-off-by: Daniel Lenski <email address hidden>

f5fe88c... by dwmw2 on 2021-06-16

We can admit that the FTP site exists too.

Signed-off-by: David Woodhouse <email address hidden>

b02b490... by Dan Lenski on 2021-05-29

Mark juniper-sso-auth test as using LD_PRELOAD

This will allow us to correctly detect it as broken-under-ASAN

Signed-off-by: Daniel Lenski <email address hidden>

2149566... by dwmw2 on 2021-06-15

Add +SIGN-ALL to GnuTLS DTLS ciphersuite configs

At least for AES256-SHA et al in DTLSv1.2, we needed to explicitly add
+SIGN-RSA-SHA1. Half the ciphersuites already had +SIGN-ALL anyway, so
make them consistent.

Signed-off-by: David Woodhouse <email address hidden>

2669ce3... by dwmw2 on 2021-06-15

Offer OpenConnect-specific DTLSv1.2 AEAD suites with OpenSSL again

These got dropped when we built the list from what's supported instead
of hard-coding it.

Signed-off-by: David Woodhouse <email address hidden>

33cd8fe... by dwmw2 on 2021-06-15

Support non-AEAD ciphersuites in DTLSv1.2 with GnuTLS

We have encountered a Cisco server in the wild which appears only to
support the legacy ciphersuites. And since we offer a set of DTLSv1.2
ciphers it doesn't fall back to accepting the DTLSv1.0 offer; we end
up with no DTLS at all.

This should fix #249.

Signed-off-by: David Woodhouse <email address hidden>

b4bd548... by dwmw2 on 2021-06-15

Update translations from GNOME

Signed-off-by: David Woodhouse <email address hidden>

f036af6... by dwmw2 on 2021-06-15

Switch to https for all URLs

Signed-off-by: David Woodhouse <email address hidden>

0cb55e2... by dwmw2 on 2021-06-15

Use https://www.infradead.org/openconnect/download/ URLs

FTP is getting harder to access these days.

Signed-off-by: David Woodhouse <email address hidden>

5270c92... by dwmw2 on 2021-06-15

Remove reference to --allow-obsolete-crypto bypassing policies

We do that unconditionally now.

Signed-off-by: David Woodhouse <email address hidden>