1. 28 Jul, 2021 1 commit
  2. 22 Jul, 2021 1 commit
  3. 13 Jul, 2021 1 commit
  4. 28 Jun, 2021 1 commit
  5. 27 Jun, 2021 1 commit
  6. 15 Jun, 2021 3 commits
  7. 09 Jun, 2021 1 commit
  8. 15 May, 2021 1 commit
  9. 14 May, 2021 2 commits
    • David Woodhouse's avatar
      Support openconnect_get_connect_url() to fix SNI and authgroup problems · 911151fc
      David Woodhouse authored
      Fixes: #53
      Fixes: #46
      
      A long time back, OpenConnect started returning the IP address when we
      call openconnect_get_hostname(), to ensure that it ends up establishing
      the connection to precisely the same host as it authenticated to. Since
      we passed on the server certificate fingerprint explicitly it didn't
      need to revalidate that anyway.
      
      However, that breaks virtualhost servers which rely on either a Host:
      header or SNI to provide the actual hostname. So where OpenConnect is
      new enough to understand the --resolve argument, use that and go back
      to giving it the *actual* hostname in the connect URL.
      
      Meanwhile, the Pulse protocol started actually caring about the *path*
      for the connection; it's the only one for which the path part of the
      URL actually matters after authentication, and isn't just noise left
      behind by the last form we authenticated to. So for *Pulse* only, add
      the path too.
      
      The next OpenConnect release will have openconnect_get_connect_url()
      and we won't need to do that by hand, but for now we *can* support
      versions going back to v7.07 where the --resolve argument was added,
      so let's do so.
      
      We need to construct the --resolve argument too, and everything we
      need to do that is already available, although it's a bit icky that
      we have to strip the [] from around IPv6 literals.
      911151fc
    • Yuri Chornoivan's avatar
      Update Ukrainian translation · d7f683da
      Yuri Chornoivan authored
      d7f683da
  10. 13 May, 2021 3 commits
  11. 12 May, 2021 1 commit
  12. 11 May, 2021 2 commits
  13. 04 May, 2021 1 commit
    • Aaron Barany's avatar
      Allow IP prefixes of 0 for routing rules · ca4187c5
      Aaron Barany authored
      A prefix of 0 is used for routing rules that accept all traffic. For
      example, a VPN may accept all traffic by default while excluding specific
      IPs. Previously, the "accept all traffic by default" rule was rejected as
      invalid due to having an IP prefix of 0.
      
      This also requires a similar fix in the main NetworkManager package to work
      properly. Versions of NetworkManager without the fix will silently reject
      the rule, yielding the same behavior as before this commit.
      
      #52
      
      !21
      ca4187c5
  14. 25 Apr, 2021 1 commit
  15. 22 Apr, 2021 1 commit
  16. 21 Apr, 2021 1 commit
  17. 30 Mar, 2021 2 commits
  18. 27 Mar, 2021 3 commits
  19. 13 Mar, 2021 1 commit
  20. 09 Mar, 2021 1 commit
  21. 23 Feb, 2021 1 commit
  22. 10 Jan, 2021 1 commit
  23. 30 Dec, 2020 1 commit
  24. 21 Nov, 2020 1 commit
  25. 01 Nov, 2020 1 commit
  26. 04 Oct, 2020 1 commit
  27. 21 Sep, 2020 1 commit
  28. 09 Sep, 2020 1 commit
  29. 08 Sep, 2020 2 commits
  30. 01 Sep, 2020 1 commit