OpenConnect 3.19 release
David Woodhouse
dwmw2 at infradead.org
Thu May 17 07:40:05 EDT 2012
This release should fix compatibility with the strange version of
OpenSSL on Ubuntu 10.04, which was broken in v3.12 by our attempt to
avoid ChangeCipherSpec retransmits that upset the server.
This also adds proper cancellation to the libopenconnect library, so
authentication dialogs can *abort* a connection attempt immediately.
Before, they had to wait for it to complete. Which in some cases might
never happen. Users were reporting that the KDE dialog (and thus the
whole of kded) were locking up when they were behind a captive portal
which would accept HTTPS connections but never return any data.
I've updated the GNOME NetworkManager auth dialog to use this facility;
others like the KDE one are left as an exercise for their users.
It also adds the facility to use a config file, which contains long
options one per line, as they would appear on the command line except
without the leading --. This was inspired by, and based on an original
patch by, Fabian Jäger (whose Shimo VPN UI for OSX uses openconnect for
its AnyConnect support).
ftp://ftp.infradead.org/pub/openconnect/openconnect-3.19.tar.gz
ftp://ftp.infradead.org/pub/openconnect/openconnect-3.19.tar.gz.asc
David Woodhouse (44):
Prepare for config file support; don't use getopt_long() and optarg directly
Add --config option for reading options from file
Add local getline() for Solaris 10 build
Fix ENGINE_by_id() and dtls1_stop_timer() checks with non-system OpenSSL
Expand OpenSSL DTLS compatibility to include Ubuntu 10.04 (Lucid Lynx)
Add (unused) cancel_fd to vpninfo struct
Handling cancellation during initial connect()
Add vpninfo arg to proxy I/O functions, use proxy_read() from proxy_gets()
Fix handling of error from proxy_write() in process_http_proxy()
Add cancellation handling to proxy I/O functions
Add cancellation handling to SSL_connect() for https connection
Add vpninfo arg to openconnect_SSL_{printf,gets} functions
Return non-blocking socket from openconnect_open_https()
Add cancellable openconnect_SSL_write(), use it from openconnect_SSL_printf()
Handle cancellation in openconnect_SSL_gets()
Write initial auth GET request in non-blocking mode
Add openconnect_SSL_read() functional which handles cancellation
Use openconnect_SSL_read() for fetching HTTP response
Add openconnect_set_cancel_fd() to library
Export openconnect_version as a pointer rather than an array
Add symbol versioning to libopenconnect shared library
Remove inappropriate exit() from library code
Fix corruption of input string to openconnect_parse_url()
Update copyright years
Update changelog
Make symbol versioning work on Solaris too
Define _WITH_GETLINE for BSD systems
Add library.c and compat.c to POTFILES.in for translation
Remove duplicate library API version number from Makefile.am
Make compat symbols @@OPENCONNECT_PRIVATE
Fix up the historical version tags in libopenconnect.map
Add OPENCONNECT_CHECK_VER() macro for compatibility testing
Refuse to redirect to a non-https URL
Remove internal_parse_url() from the library exports.
Namespace cleanup: s/set_http_proxy/openconnect_set_http_proxy/
Clean up BIO_set_nbio() calls for DTLS
Call BIO_set_nbio() for SSL BIO at startup
Update translations from Transifex
Fix error message when too many command line arguments
Fix --non-inter option so it still allows username/password from command line
Use SOCK_CLOEXEC when opening TCP socket
Update translations from Transifex
Update changelog
Tag version 3.19
Fabian Jäger (1):
Flush progress output immediately.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120517/8c8bd381/attachment.bin>
More information about the openconnect-devel
mailing list