This release finally contains the SAML/SSO support for AnyConnect and GlobalProtect, and the multiple certificate support for AnyConnect. These have been ourstanding for a long time, and I'd really like to thank Steven Walter and Tom Carroll for their work and especially their patience.
Thanks also to Luca Boccassi and Dimitri Papadopoulos for their notable contributions, and to Daniel Lenski as usual. https://www.infradead.org/openconnect/download/openconnect-9.00.tar.gz https://www.infradead.org/openconnect/download/openconnect-9.00.tar.gz.asc Ambroise Rosset (1): Implement a function openconnect_set_useragent Daniel Lenski (25): Don't try to set MTU on tunnel interface within (lib)openconnect itself Re-enabling tests/auth-multicert Cleanup and simplify fake-cisco-server.py Cleanup and clarify lengthy comment on multiple certificate authentication Add openconnect_set_mca_{cert,key_password} to public API Add setMCACert and setMCAKeyPassword to Java API Add OC_PROTO_AUTH_MCA flag Describe --mca-{certificate,key,key-password} options in manual Remove repeated flexible array member which is confusing Coverity make .sso_detect_done a protocol-specific VFN, and use in openconnect_webview_load_changed openconnect_open_webview_vfn should return int, and accept callback data split OC_FORM_OPT_SSO into _TOKEN and _USER versions, and don't open_webview until after "normal" form processing start adding GP SSO support Add changelog entry Bugfix RSA SecurID token decryption and PIN entry forms Add changelog entry Fix GP fake server parameters so that gateway-interface 2FA is actually tested Handle Fortinet split-exclude routes Update changelog Factor out parse_split_routes for Fortinet Fix initial client request XML structure when announcing multicert capability GP: add 'internal=no' flag to the login and configuration requests Update changelog Merge branch 'GP_internal_no_flag_for_issue_246' into 'master' Do not ignore 0.0.0.0/0 specified as a "split"-{in,ex}clude route for oNCP David Woodhouse (76): OpenSSL implementation of multicert challenge Support vhost on more than just x86_64 Make buf_append_utf16le() robust against being passed NULL Fix Windows tun setup crash epoll: Handle EPOLLERR as 'readable' esp: Close socket on error stoken: Fix const warnings Merge branch 'master' into 'master' Merge branch 'reconnection_report_PRG_ERROR' into 'master' Merge branch 'man' into 'master' Merge branch 'dump_buf_hex_performance' into 'master' Merge branch 'obs' into 'master' Merge branch 'sigaction' into 'master' Merge branch 'gai_strerror' into 'master' Merge branch 'vpn_progress_wintun_version' into 'master' Merge branch 'free_const_char' into 'master' Merge branch 'cast_char' into 'master' Merge branch 'const_char' into 'master' Merge branch 'code_climate_deepsource' into 'master' Merge branch 'no_MTU_setting_in_openconnect_itself' into 'master' Merge branch 'remove_unnecessary_struct_member_to_quiet_Coverity' into 'master' AnyConnect: Generate EC keys for X-AnyConnect-STRAP-{DH-,}Pubkey Add cancellable_accept(), make cancellable_send() take a const buffer Add OpenSSL crypto support for HKPE Add GnuTLS crypto support for HPKE AnyConnect: Add support for external browser SSO Add openconnect_set_external_browser_callback() and defaults Fix translated wintun version strings Update translations from GNOME Fix translations mangled by sed Merge branch 'obs' into 'master' Merge branch 'multicert' of gitlab.com:openconnect/openconnect fake-cisco-server.py: Disable check for `multiple-cert` support Merge branch 'errors' into 'master' Add xdg-utils for xdg-open (default external browser) Merge branch 'master' of gitlab.com:openconnect/openconnect Merge branch 'insecure-openssl' into 'master' Merge branch 'errors' into 'master' Merge branch 'obs' of gitlab.com:bluca/openconnect Increase server delay for fake server tests Reduce the 'bus factor' for translation sync a bit Import translations from GNOME Fix hogweed/gmp library linkage for HPKE by actually using $(HPKE_LIBS) Merge branch 'obs' into 'master' Attempt to make posix_spawn() work on OSX Merge branch 'vhost-portable' of gitlab.com:openconnect/openconnect Import translations from GNOME Merge branch 'master' of gitlab.com:openconnect/openconnect Use 'open' to spawn browser on OSX Merge branch 'align' into 'master' Merge branch 'field_precision_specifier_expects_int' into 'master' Merge branch 'DWORD_PRId32_PRIo32' into 'master' Fix lost translations for PRId64 → PRIu64 change Import translations from GNOME Attempt to implement AnyConnect Session Token Re-use Anchor Protocol (STRAP) Export STRAP private key with AnyConnect cookie Revert "append_compr_types: removed unnecessary assignment" Silence static-analyser warning about redundant assignment to 'sep' Make all STRAP support conditional on HPKE Always send STRAP pubkey even when we don't change it Add changelog for STRAP Revert "GP: Fix the issue of a 0.0.0.0/0 "split"-include route by swapping the "split" route with the default netmask." Only abort on certificate fail for CERT2_REQUESTED Allow gmp without pkgconfig Fix potential leak of cookie_buf on error path Fix setsockopt(SO_REUSEADDR) warnings Merge branch 'codespell' of gitlab.com:DimitriPapadopoulos/openconnect Merge branch 'obs' of gitlab.com:bluca/openconnect Import translations from GNOME Merge branch 'scootergrisen-master-patch-59421' of gitlab.com:DimitriPapadopoulos/openconnect Resync translations with sources Add missing export-strings.sh Merge branch 'fortinet_split_excludes' of gitlab.com:openconnect/openconnect Merge branch 'autoconf' into 'master' Add changelog entry for SAML/SSO Tag version 9.00 Dimitri Papadopoulos (42): Win32: gai_strerror → WSAGetLastError Consistency in error messages Fix error reporting in main() and friends fprintf(stderr, ...) → vpn_progress(stderr, VPN_ERR, ...) No need to cache errno before _() Check return value of sigaction() Fix Linux kernel coding style error and warnings Do not use `type` as a variable name Squash two identical `if` branches Protect next() calls wit try/except inside generators Overridden methods should have identical parameters Use `()` and `{}` instead of `list()` and `dict()` Avoid code duplication Avoid code complexity Local variable redefined argument Avoid assert statement outside of tests Remove unused imports Condition `len>=0` is true after `if (len < 0)` Condition `!dtlsver` is true after `else if (dtlsver)` Decorate with `@staticmethod` if `self` is not used Fix --reconnect-timeout documentation Silence compiler warning [-Wformat=] Consistency in man page Skip dump_buf_hex() when the log level is low enough No need to cast `const char *` to `char *` Declare C string constants using array syntax Adjust verbosity level of Fortinet-related logging Silence compiler warnings [-Wdiscarded-qualifiers] No embedded URLs in translatable strings Fix Linux kernel coding style error and warnings Align output of openconnect --help Fix MinGW compiler warning The format specifier for DWORD is "%lu" The format specifier for uint64_t is PRIu64 Fix typo found by codespell Change "openconnect" to "OpenConnect" No need to support RHEL 5 AC_PROG_CC_C99 is obsolete starting with autoconf 2.70 Arguments should be enclosed within ‘[’ and ‘]’ Update m4 files AC_TRY_COMPILE is obsolete starting with autoconf 2.70 Add missing host-cpu-c-abi.m4 Luca Boccassi (20): Docs: note that GP + SAML is supported by network-manager-openconnect GP SAML: fix some memory handling GP SAML: handle redirect case AC SAML: do not assume the cookie will be on the final page AC SAML: cookies might be empty GP SAML: support legacy workflow Add --enable-docs option Add packaging files for OBS build Add OBS workflow configuration file Store OBS _service file Merge branch 'fix_388' into 'master' obs workflow: rebuild on each push/merge to master obs workflow: add xdg-utils build-dep on openconnect.dsc too obs: remove libpskc-dev dependency from libopenconnect-dev OBS: remove ancient requires on vpnc from RPM www: remove link to PPA, not updated anymore www: link OBS setup instructions in packages.xml obs workflow: trigger release repository rebuilds when a tag is pushed obs: switch version format to 'tag+n_commits_over_tag+gHASH' obs: add a strict versioned dependency from openconnect to libopenconnect5 Maxim Storchak (1): Set loglevel as soon as it's known Mike Gilbert (2): openssl: allow ALL ciphers when allow-insecure-crypto is enabled Do not XFAIL obsolete-server-crypto on Fedora/CentOS Steven Walter (1): Support AnyConnect single-sign-on-v2 Tom Carroll (13): Add multicert fields to openconnect_info struct Add constants and string maps for AnyConnect multicert auth Converse the multiple certificate authentication (mulitcert) protocol. gnutls crypto implementation for signing multicert challenge. Test server stub to exercise the multiple-certificate authentication. Abort multiple-certificate authentication if certificate load fail. Add field to cert_info, prototypes for revised certifiate handling API. Updated multicert string maps to revised certificate API. GnuTLS implementation of revised certificate API. Implement multiple certificate authentication with revised certificate handling API. Ensure that certificate resources are released. OpenSSL implementation of revised certificate API. Implement public multiple certificate authentication API.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
