Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
9.01: - Fix library minor version (missing bump to 5.8). 9.00: - Add support for AnyConnect "Session Token Re-use Anchor Protocol" (STRAP) (#410). - Add support for AnyConnect "external browser" SSO mode (!354). - On Windows, fix crash on tunnel setup. (#370, 6a2ffbb) - Bugfix RSA SecurID token decryption and PIN entry forms, broken in v8.20. (#388, !344) - Support Cisco's multiple-certificate authentication (!194). - Append internal=no to GlobalProtect authentication/configuration forms, for compatibility with servers which apparently require this to function properly. (#246, !337) - Revert GlobalProtect default route handling change from v8.20. (!367) - Support split-exclude routes for Fortinet. (#394, !345) - Add openconnect_set_useragent() function. - Add webview callback and SAML/SSO support for AnyConnect, GlobalProtect. (!126). 8.20: - When the queue length (-Q option) is 16 or more, try using vhost-net to accelerate tun device access. - Use epoll() where available. - Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect. (#249) - Make tncc-emulate.py work with Python 3.7+. (#152, !120) - Emulated a newer version of GlobalProtect official clients, 5.1.5-8; was 4.0.2-19 (!131) - Support Juniper login forms containing both password and 2FA token (!121) - Explicitly disable 3DES and RC4, unless enabled with --allow-insecure-crypto (!114) - Add obsolete-server-crypto test (!114) - Allow protocols to delay tunnel setup and shutdown (!117) - Support for GlobalProtect IPv6 (!155 and !188; previous work in d6db0ec) - SIGUSR1 causes OpenConnect to log detailed connection information and statistics (!154) - Allow --servercert to be specified multiple times in order to accept server certificates matching more than one possible fingerprint (!162, #25) - Add insecure debugging build mode for developers (!112) - Demangle default routes sent as split routes by GlobalProtect (!118) - Improve GlobalProtect login argument decoding (!143) - Add detection of authentication expiration date, intended to allow front-ends to cache and reuse authentication cookies/sessions (!156) - Small bug fixes and clarification of many logging messages. - Support more Juniper login forms, including some SSO forms (!171) - Automatically build Windows installers for OpenConnect command-line interface (!176) - Restore compatibility with newer Cisco servers, by no longer sending them the X-AnyConnect-Platform header (#101, !175) - Add support for PPP-based protocols, currently over TLS only (!165). - Add support for two PPP-based protocols, F5 with --protocol=f5 and Fortinet with --protocol=fortinet (!169). - Add experimental support for Wintun Layer 3 TUN driver under Windows (#231, !178). - Clean up and improve Windows routing/DNS configuration script (vpnc-scripts!26, vpnc-scripts!41, vpnc-scripts!44). - On Windows, reclaim needed IP addresses from down network interfaces so that configuration script can succeed (!178). - Fix output redirection under Windows (#229) - More gracefully handle idle timeouts and other fatal errors for Juniper and Pulse (!187) - Ignore failures to fetch the Juniper/oNCP landing page if the authentication was successful (3e779436). - Add support for Array Networks SSL VPN (#102) - Support TLSv1.3 with TPMv2 EC and RSA keys, add test cases for swtpm and hardware TPM. (ed80bfac...ee1cd782) - Add openconnect_get_connect_url() to simplify passing correct server information to the connecting openconnect process. (NetworkManager-openconnect #46, #53) - Disable brittle "system policy" enforcement where it cannot be gracefully overridden at user request. (RH#1960763). - Pass "portal cookie" fields from GlobalProtect portal to gateway to avoid repetition of password- or SAML-based login (!199) - With --user, enter username supplied via command-line into all authentication forms, not just the first. (#267, !220). - Fix a subtle bug which has prevented ESP rekey and ESP-to-TLS fallback from working reliably with the Juniper/oNCP protocol since v8.04. (#322, !293). - Fix a bug in csd-wrapper.sh which has prevented it from correctly downloading compressed Trojan binaries since at least v8.00. (!305) - Make Windows socketpair emulation more robust in the face of Windows's ability to break its localhost routes. (#228, #361, !320) - Perform proper disconnect and routes cleanup on Windows when receiving Ctrl+C or Ctrl+Break. (#362, !323) - Improve logging in routing/DNS configuration scripts. (!328, vpnc-scripts!45) - Support modified configuration packet from Pulse 9.1R14 servers (#379, !331)
- Loading branch information
