OpenConnect 3.13 release

David Woodhouse dwmw2 at
Fri Sep 30 18:15:56 EDT 2011

This should fix the build on Debian systems where they restrict the
available OpenSSL symbols. It also enables a bunch of compiler warnings
that would have highlighted that issue sooner... and then fixes a bunch
of (harmless) compiler warnings. 

It improves the handling of expired and expiring certificates by adding
an option to change the warning from its default 60 days, and printing a
warning when the server doesn't like the client cert.

It adds NLS support, although there are very few actual translations

The web pages are also updated somewhat.

I *haven't* yet moved the openconnect binary into $sbindir. I'll
probably do that in the next release.

David Woodhouse (45):
      Clean up DTLS timer workaround to make it work with Debian OpenSSL, hopefully
      Enable AM_SILENT_RULES so that warnings are more visible.
      Enable various compiler warnings
      Make match_cert_hostname() static to avoid compiler complaints
      Fix char pointers in check_certificate_expiry() to be const
      Make 'print_equals' string const to avoid compiler complaints
      Make parse_xml_response() method and request_body_type args const
      Fix compiler warnings about constness of csd_argv[]
      Make usage() static to avoid compiler complaints
      Make 'base' arg to openconnect_create_useragent() const
      Avoid unused 'autoproxy' variable when built without libproxy support.
      Make vpninfo->quit_reason const to avoid compiler complaints
      Fix another const char warning in start_cstp_connection()
      Make in_ex and route args to process_split_xxclude const
      Fix handling of vpninfo->ifname. Always strdup()
      Refactor xmlnode_msg() not to use server-provided string as asprintf() format.
      Update changelog
      Fix DTLS-may-fail warning when built against OpenSSL 1.0.0e and run with older
      Fix libproxy build.
      Add translation support
      Make user-visible strings translatable
      Use dgettext() so the domain is always correct even in libopenconnect
      Reduce certificate warning to PRG_INFO
      Fix build instructions on web page.
      Add error message when SSL cert fails
      Add (empty) translation files from Transifex
      Add Transifex config file so 'tx pull' works in any checkout.
      Translatability fix for 'Discard bad split xxclude' message
      Add new version of web pages
      Update new web pages in release, not openconnect.html
      Use automake for www/ directory
      Fix up distro status page.
      Fix header on connecting page
      Add links to manual page, don't number 'started' subpages
      Man page update: clarify which fsid is used, forget Solaris tuntap IPv6 patch.
      Add OpenSuSE to distribution status list
      Update transations from Transifex
      Switch to using PNG image in web site. Android can't show SVG. Still!
      Clean up DTLS Session-ID length warning
      Make certificate expiry warning time variable (still default 60 days)
      Add --cert-expire-warning,-e option to set warning level
      Update changelog
      Update translations from Transifex
      Add openconnect_set_cert_expiry_warning() to library
      Tag version 3.13

David Woodhouse                            Open Source Technology Centre
David.Woodhouse at                              Intel Corporation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5818 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list