OpenConnect 4.99 release

David Woodhouse dwmw2 at
Thu Feb 7 05:17:06 EST 2013

This is the result of extensive work by Kevin Cernekee to support the
XML authentication method which is used by newer servers. Thanks, Kevin.
Kevin has also added support for automatic SecurID authentication using

This is called '4.99' because there have been some extensive changes and
I'm treating it as a beta for a 5.00 which should hopefully happen

I will probably change 5.00 to use GnuTLS by default, instead of

David Woodhouse (53):
      Import translations from GNOME
      Update translations from Transifex
      Be explicit when we're connecting to a proxy not directly to a VPN server
      Import translations from GNOME
      Import translations from GNOME
      Update translations from Transifex
      Import translations from GNOME
      Fix token serial number matching when trying to find hidden PKCS#11 key
      Fix potential NULL dereference in error path in gnutls_pkcs11_simple_parse()
      Fix error reporting when failed to write CSD script file
      Close XML file handle before error return if fstat() fails
      Free CSTP option structure before error return if malloc fails
      Close ssl_sock before returning error in connect_https_socket()
      Close config_fd before returning from write_new_config()
      Close dtls_fd on error returns from connect_dtls_socket()
      Fix fd/memory leak on error return from openconnect_open_https()
      Fix use-after-free of numeric IPv6 hostname on error path
      Fix leaks on failure paths in OpenSSL openconnect_open_https()
      Update changelog
      Import translations from GNOME
      Hide nuke_opt_values() if stoken support not built
      Update changelog
      Import translations from GNOME
      Import translations from GNOME
      Import translations from GNOME
      Import translations from GNOME
      Fix missing verb in Solaris error message
      Update translations from Transifex
      Merge branch 'xmlpost-v2' of git://
      Fix missing newlines on more messages
      Import translations from GNOME
      Fix library versioning
      Use libsocket and libnsl as necessary on Solaris
      Avoid incorrect compiler warning about optlen being used uninitialised
      Import translations from GNOME
      Handle libintl needing libiconv (for OpenBSD 5.2)
      Include version.c from build dir in preference to source dir
      Use native libtool on OpenBSD
      Import translations from GNOME
      Use -version-info arg to libtool on OpenBSD, not -version-number
      Update translations from Transifex
      Import translations from GNOME
      Update translations from GNOME
      Update translations from Transifex
      Update translations from Transifex
      Import translations from GNOME
      Reinstate compatibility with test server hack
      Import translations from GNOME
      Canonicalise hostname during authentication if necessary
      Impose minimum MTU of 1280 bytes.
      Don't append port number to hostname when canonicalising
      Update translations from Transifex
      Tag version 4.99

Jiří Klimeš (1):
      Fix typo "Keystore ocked" -> "Keystore locked"

Kevin Cernekee (39):
      Delete references to long-removed SecurID code
      Fix a couple of minor typos
      Update Debian package status
      Link to OpenConnect SOCKS proxy (ocproxy) from documentation
      Fix missing newline in the "No form handler" error message
      Move strcasestr() implementation to compat.c
      Allow optional arguments in the config file
      stoken: Link with libstoken if available
      stoken: Add software token functions to library API; bump to v2.1
      stoken: Add --stoken option to CLI, and invoke library to set up soft token
      stoken: Implement new auth form to gather soft token information
      stoken: Fill in "password" fields with a generated tokencode
      stoken: Update documentation, manpage with libstoken information
      openssl: Fix missing newline on "Failed to write" error string
      http: Split HTTP redirect and cookie clear logic into helper functions
      http: Fix overflow on HTTP request buffers
      http: Create add_common_headers() to simplify HTTP request code
      auth: Remove obsolete trace message from parse_form()
      auth: Move <auth> node parsing into a separate function
      auth: Introduce new XML helper functions for parse_auth_node()
      auth: Don't forget to free OC_FORM_OPT_STOKEN entries
      auth: Split auth form prompt logic from parsing logic
      auth: Parse the new server response format
      library: Add call to change reported OS name
      Allow setting reported OS from the command line
      auth: Add new XML POST capability
      http: Split GET/POST logic into a helper function
      http: Add new X-* HTTP headers
      http: Record the last redirection type
      csd: Don't return from run_csd_script() in the forked process
      csd: Export some useful environment variables
      http: Rewrite openconnect_obtain_cookie() loop
      Fix a couple of valgrind warnings
      stoken: Fix CSD/stoken interaction
      Document new --os option
      www: Use a more "stable" URL for the libstoken homepage
      www: Update changelog
      tun: Don't call tunnel script on reconnect events
      tun: Kill the tunnel script's process group

David Woodhouse                            Open Source Technology Centre
David.Woodhouse at                              Intel Corporation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list