OpenConnect 5.01 release

David Woodhouse dwmw2 at
Sat Jun 1 16:58:37 EDT 2013

Mostly compatibility fixes following on from the 5.00 release. Also add
a --no-xmlpost option to fall back to the old method (if you need this,
it's a bug), and a --dump-http-traffic option for debugging.

David Woodhouse (22):
      Close HTTPS socket after various errors
      On failure to send HTTP request to an existing session, retry
      Update changelog
      Close https connection when falling back to non-xmlpost mode
      Improve changelog consistency
      Add --no-xmlpost option to fall back to old behaviour
      Add missing newline on error message
      When falling back to non-xmlpost, revert to original URL
      Be a little more lenient about XML errors
      Add --dump-http-traffic option
      Enable AES256 for GnuTLS DTLS
      Drop X-Aggregate-Auth: header in fallback mode
      Handle <client-cert-request> in aggregate auth mode
      Drop xmlpost argument to handle_auth_form()
      Use gnutls_pubkey_verify_data2() only if we have gnutls_pk_to_sign()
      Add /etc/ssl/ca-bundle.pem to list of potential system CA trust files
      Fix shadow 'ret' variable declaration in parse_xml_response()
      Check for broken OpenSSL versions at configure time
      Fix typo in warning message
      Fix --no-xmlpost
      Fix cipher in AES256-SHA
      Use GnuTLS 3.1.12 for Android build

David Woodhouse                            Open Source Technology Centre
David.Woodhouse at                              Intel Corporation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list