This is the result of extensive work by Kevin Cernekee to support the XML authentication method which is used by newer servers. Thanks, Kevin. Kevin has also added support for automatic SecurID authentication using libstoken. This is called '4.99' because there have been some extensive changes and I'm treating it as a beta for a 5.00 which should hopefully happen imminently. I will probably change 5.00 to use GnuTLS by default, instead of OpenSSL. ftp://ftp.infradead.org/pub/openconnect/openconnect-4.99.tar.gz ftp://ftp.infradead.org/pub/openconnect/openconnect-4.99.tar.gz.asc David Woodhouse (53): Import translations from GNOME Update translations from Transifex Be explicit when we're connecting to a proxy not directly to a VPN server Import translations from GNOME Import translations from GNOME Update translations from Transifex Import translations from GNOME Fix token serial number matching when trying to find hidden PKCS#11 key Fix potential NULL dereference in error path in gnutls_pkcs11_simple_parse() Fix error reporting when failed to write CSD script file Close XML file handle before error return if fstat() fails Free CSTP option structure before error return if malloc fails Close ssl_sock before returning error in connect_https_socket() Close config_fd before returning from write_new_config() Close dtls_fd on error returns from connect_dtls_socket() Fix fd/memory leak on error return from openconnect_open_https() Fix use-after-free of numeric IPv6 hostname on error path Fix leaks on failure paths in OpenSSL openconnect_open_https() Update changelog Import translations from GNOME Hide nuke_opt_values() if stoken support not built Update changelog Import translations from GNOME Import translations from GNOME Import translations from GNOME Import translations from GNOME Fix missing verb in Solaris error message Update translations from Transifex Merge branch 'xmlpost-v2' of git://github.com/cernekee/openconnect Fix missing newlines on more messages Import translations from GNOME Fix library versioning Use libsocket and libnsl as necessary on Solaris Avoid incorrect compiler warning about optlen being used uninitialised Import translations from GNOME Handle libintl needing libiconv (for OpenBSD 5.2) Include version.c from build dir in preference to source dir Use native libtool on OpenBSD Import translations from GNOME Use -version-info arg to libtool on OpenBSD, not -version-number Update translations from Transifex Import translations from GNOME Update translations from GNOME Update translations from Transifex Update translations from Transifex Import translations from GNOME Reinstate compatibility with test server hack Import translations from GNOME Canonicalise hostname during authentication if necessary Impose minimum MTU of 1280 bytes. Don't append port number to hostname when canonicalising Update translations from Transifex Tag version 4.99 Ji?? Klime? (1): Fix typo "Keystore ocked" -> "Keystore locked" Kevin Cernekee (39): Delete references to long-removed SecurID code Fix a couple of minor typos Update Debian package status Link to OpenConnect SOCKS proxy (ocproxy) from documentation Fix missing newline in the "No form handler" error message Move strcasestr() implementation to compat.c Allow optional arguments in the config file stoken: Link with libstoken if available stoken: Add software token functions to library API; bump to v2.1 stoken: Add --stoken option to CLI, and invoke library to set up soft token stoken: Implement new auth form to gather soft token information stoken: Fill in "password" fields with a generated tokencode stoken: Update documentation, manpage with libstoken information openssl: Fix missing newline on "Failed to write" error string http: Split HTTP redirect and cookie clear logic into helper functions http: Fix overflow on HTTP request buffers http: Create add_common_headers() to simplify HTTP request code auth: Remove obsolete trace message from parse_form() auth: Move <auth> node parsing into a separate function auth: Introduce new XML helper functions for parse_auth_node() auth: Don't forget to free OC_FORM_OPT_STOKEN entries auth: Split auth form prompt logic from parsing logic auth: Parse the new server response format library: Add call to change reported OS name Allow setting reported OS from the command line auth: Add new XML POST capability http: Split GET/POST logic into a helper function http: Add new X-* HTTP headers http: Record the last redirection type csd: Don't return from run_csd_script() in the forked process csd: Export some useful environment variables http: Rewrite openconnect_obtain_cookie() loop Fix a couple of valgrind warnings stoken: Fix CSD/stoken interaction Document new --os option www: Use a more "stable" URL for the libstoken homepage www: Update changelog tun: Don't call tunnel script on reconnect events tun: Kill the tunnel script's process group -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6171 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20130207/101472af/attachment.bin>
