Revisions of openconnect
Oleksandr Chumachenko (Ledest)
committed
(revision 4)
- update to version 7.08 * Add SHA256 support for server cert hashes. * Enable DHE ciphers for Cisco DTLS. * Increase initial oNCP configuration buffer size. * Improve support for point-to-point routing on Windows. * Check for non-resumed DTLS sessions which may indicate a MiTM attack. * Fix compatibility with Pulse Secure 8.2R5. * Support DTLS automatic negotiation. * Support --key-password for GnuTLS PKCS#11 PIN. * Support automatic DTLS MTU detection with OpenSSL. * Update OpenSSL to allow TLSv1.2, improve compatibility options. * Remove --no-cert-check option. It was being (mis)used. * Fix OpenSSL support for PKCS#11 EC keys without public key. * Fix polling/retry on "tun" socket when buffers full. * Fix AnyConnect server-side MTU setting. * Fix ESP replay detection. * Add certificate torture test suite. * Support PKCS#11 PIN via pin-value= and --key-password for OpenSSL. * Fix integer overflow issues with ESP packet replay detection. * Add --pass-tos option as in OpenVPN. * Support role selection form in Juniper VPN. * Support DER-format certificates, add certificate format torture tests. * For OpenSSL >= 1.0.2, fix certificate validation when only an intermediate CA is specified with the --cafile option. * Support Juniper "Pre Sign-in Message". - dropped juniper-fix-for-upstream-sources.patch, upstreamed - juniper-fix-for-upstream-sources.patch included to fix upgraded Juniper servers
Oleksandr Chumachenko (Ledest)
committed
(revision 3)
- Upgraded to 7.07, included fix for Juniper vpn - Update to version 7.0.7 * More fixes for OpenSSL 1.1 build. * Support Juniper "Post Sign-in Message". * Add --protocol option. * Fix ChaCha20-Poly1305 cipher suite to reflect final standard. * Add ability to disable IPv6 support via library API. * Set groups appropriately when using setuid(). * Automatic DTLS MTU detection. * Support SSL client certificate authentication with Juniper servers. * Revamp SSL certificate validation for OpenSSL and stop supporting OpenSSL older than 0.9.8. * Fix handling of multiple DNS search domains with Network Connect. * Fix handling of large configuration packets for Network Connect. * Enable SNI when built with OpenSSL (1.0.1g or later). * Add --resolve and --local-hostname options to command line. - Included patch to fix upgraded Juniper servers * Submitted to upstream, not yet included in release
Oleksandr Chumachenko (Ledest)
committed
(revision 2)
- Update to version 7.0.7 * More fixes for OpenSSL 1.1 build. * Support Juniper "Post Sign-in Message". * Add --protocol option. * Fix ChaCha20-Poly1305 cipher suite to reflect final standard. * Add ability to disable IPv6 support via library API. * Set groups appropriately when using setuid(). * Automatic DTLS MTU detection. * Support SSL client certificate authentication with Juniper servers. * Revamp SSL certificate validation for OpenSSL and stop supporting OpenSSL older than 0.9.8. * Fix handling of multiple DNS search domains with Network Connect. * Fix handling of large configuration packets for Network Connect. * Enable SNI when built with OpenSSL (1.0.1g or later). * Add --resolve and --local-hostname options to command line.
Oleksandr Chumachenko (Ledest)
committed
(revision 1)
Displaying all 4 revisions