also support sha256 with GlobalProtect ESP

author Daniel Lenski <dlenski@gmail.com>

Sun, 9 Jun 2019 20:42:21 +0000 (13:42 -0700)

committer David Woodhouse <dwmw2@infradead.org>

Sun, 9 Jun 2019 23:55:40 +0000 (00:55 +0100)
author Daniel Lenski <dlenski@gmail.com>
Sun, 9 Jun 2019 20:42:21 +0000 (13:42 -0700)
committer David Woodhouse <dwmw2@infradead.org>
Sun, 9 Jun 2019 23:55:40 +0000 (00:55 +0100)
diff --git a/gpst.c b/gpst.c

index 088cb40d2152f855f71b283fe406998aae337f61..0a621c41827ed717a6f944870a8897e89c8214e2 100644 (file)
--- a/gpst.c
+++ b/gpst.c
@@ -406,8 +406,9 @@ static int calculate_mtu(struct openconnect_info *vpninfo, int can_use_esp)
  #ifdef HAVE_ESP
  static int check_hmac_algo(struct openconnect_info *v, const char *s)
  {
-       if (!strcmp(s, "sha1")) return HMAC_SHA1;
-       if (!strcmp(s, "md5"))  return HMAC_MD5;
+       if (!strcmp(s, "sha1"))   return HMAC_SHA1;
+       if (!strcmp(s, "md5"))    return HMAC_MD5;
+       if (!strcmp(s, "sha256")) return HMAC_SHA256;
         vpn_progress(v, PRG_ERR, _("Unknown ESP MAC algorithm: %s"), s);
         return -ENOENT;
  }
@@ -622,7 +623,7 @@ static int gpst_get_config(struct openconnect_info *vpninfo)
         buf_append(request_body, "client-type=1&protocol-version=p1&app-version=4.0.5-8");
         append_opt(request_body, "clientos", gpst_os_name(vpninfo));
         append_opt(request_body, "os-version", vpninfo->platname);
-       append_opt(request_body, "hmac-algo", "sha1,md5");
+       append_opt(request_body, "hmac-algo", "sha1,md5,sha256");
         append_opt(request_body, "enc-algo", "aes-128-cbc,aes-256-cbc");
         if (old_addr || old_addr6) {
                 append_opt(request_body, "preferred-ip", old_addr);
author	Daniel Lenski <dlenski@gmail.com>
	Sun, 9 Jun 2019 20:42:21 +0000 (13:42 -0700)
committer	David Woodhouse <dwmw2@infradead.org>
	Sun, 9 Jun 2019 23:55:40 +0000 (00:55 +0100)