# OpenConnect
-OpenConnect is an SSL VPN client initially created to support [Cisco's AnyConnect SSL VPN](http://www.cisco.com/go/asm).
+OpenConnect is an SSL VPN client initially created to support [Cisco's AnyConnect SSL VPN](https://www.cisco.com/go/asm).
It has since been ported to support the Juniper SSL VPN (which is now known as [Pulse Connect Secure](https://www.pulsesecure.net/products/connect-secure/)),
the [Palo Alto Networks GlobalProtect SSL VPN](https://www.paloaltonetworks.com/features/vpn)
])
# ===========================================================================
-# http://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html
+# https://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html
# ===========================================================================
#
# SYNOPSIS
#
# Build liboath
#
-# http://download.savannah.nongnu.org/releases/oath-toolkit/
+# https://download.savannah.nongnu.org/releases/oath-toolkit/
OATH_VER := 2.6.7
OATH_TAR := oath-toolkit-$(OATH_VER).tar.gz
OATH_SHA := 36eddfce8f2f36347fb257dbf878ba0303a2eaafe24eaa071d5cd302261046a9
* inet_aton() (and WSAStringToAddress()) will support, but
* which inet_pton() should not. Not to mention the fact that
* Wine's implementation will even succeed for strings like
- * "2001::1" (http://bugs.winehq.org/show_bug.cgi?id=36991) */
+ * "2001::1" (https://bugs.winehq.org/show_bug.cgi?id=36991) */
if (af == AF_INET) {
char canon[16];
unsigned char *a = (unsigned char *)&sa.s4.sin_addr;
if (getsockname(listener, &a.addr, &addrlen) == SOCKET_ERROR)
break;
// win32 getsockname may only set the port number, p=0.0005.
- // ( http://msdn.microsoft.com/library/ms738543.aspx ):
+ // ( https://docs.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-getsockname ):
a.inaddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
a.inaddr.sin_family = AF_INET;
/*
* Windows doesn't have gmtime_r but apparently its gmtime()
* *is* thread-safe because it uses a per-thread static buffer.
- * cf. http://sourceforge.net/p/mingw/bugs/1625/
+ * cf. https://sourceforge.net/p/mingw/bugs/1625/
*
* We also explicitly say 'GMT' because %Z would give us the
* Microsoft stupidity "GMT Standard Time". Which is not only
* is specified.
*
* Discussion:
- * http://www.ietf.org/mail-archive/web/tls/current/msg10423.html
+ * https://www.ietf.org/mail-archive/web/tls/current/msg10423.html
*
* GnuTLS commits:
* b6d29bb1737f96ac44a8ef9cc9fe7f9837e20465
Test/demo code is in src/com/example/
OpenConnect wrapper library is in src/org/infradead/libopenconnect/
-[1] http://repo.or.cz/w/ocproxy.git
+[1] https://repo.or.cz/w/ocproxy.git
/*
* Many implementations of NewStringUTF() will return NULL on
* NULL input, but that isn't guaranteed:
- * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35979
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=35979
*/
return in ? (*jenv)->NewStringUTF(jenv, in) : NULL;
}
#elif defined(_WIN32) || defined(__native_client__)
/*
* FIXME: Perhaps we could implement syslog_progress() using these APIs:
- * http://msdn.microsoft.com/en-us/library/windows/desktop/aa364148%28v=vs.85%29.aspx
+ * https://docs.microsoft.com/en-us/windows/win32/etw/tracing-events
*/
#else /* !__ANDROID__ && !_WIN32 && !__native_client__ */
#include <syslog.h>
# This is an NSIS Installer Command Script generated automatically
# by the Fedora nsiswrapper program. For more information see:
#
-# http://fedoraproject.org/wiki/MinGW
+# https://fedoraproject.org/wiki/MinGW
#
# To build an installer from the script you would normally do:
#
* packets by silently disabling extensions such as SNI.
*
* Discussion:
- * http://www.ietf.org/mail-archive/web/tls/current/msg10423.html
+ * https://www.ietf.org/mail-archive/web/tls/current/msg10423.html
*
* OpenSSL commits:
* 4fcdd66fff5fea0cfa1055c6680a76a4303f28a2
!vpninfo->got_pause_cmd);
/* Check whether connect() succeeded or failed by using
- getpeername(). See http://cr.yp.to/docs/connect.html */
+ getpeername(). See https://cr.yp.to/docs/connect.html */
if (!getpeername(sockfd, (void *)&peer, &peerlen))
return 0;
<h2>How the VPN works</h2>
<p>The VPN is extremely simple, based almost entirely on the standard
-HTTPS and <a href="http://www.rfc-editor.org/rfc/rfc4347.txt">DTLS</a>
+HTTPS and <a href="https://www.rfc-editor.org/rfc/rfc4347.txt">DTLS</a>
protocols. You connect to the secure web server, authenticate using
certificates and/or arbitrary web forms, and you are rewarded with a
standard HTTP cookie named <tt>webvpn</tt>.</p>
</ul>
And <em>optionally</em> also:
<ul>
- <li><b><tt><a href="http://p11-glue.freedesktop.org/p11-kit.html">p11-kit</a></tt></b> <i>(for PKCS#11 support)</i></li>
+ <li><b><tt><a href="https://p11-glue.github.io/p11-glue/p11-kit.html">p11-kit</a></tt></b> <i>(for PKCS#11 support)</i></li>
<li><b><tt><a href="https://github.com/OpenSC/libp11/wiki">libp11</a></tt></b> <i>(also needed for PKCS#11 support if using OpenSSL)</i></li>
- <li><b><tt><a href="http://code.google.com/p/libproxy/">libproxy</a></tt></b></li>
+ <li><b><tt><a href="https://code.google.com/archive/p/libproxy/">libproxy</a></tt></b></li>
<li><b><tt><a href="http://trousers.sourceforge.net/">trousers</a></tt></b> <i>(for TPMv1 support if using GnuTLS)</i></li>
- <li><b><tt><a href="https://www.gnu.org/software/libtasn1/">libtasn1</a></tt></b> and <em>either</em> <b><tt><a href="https://github.com/tpm2-software/tpm2-tss">tss2-esys</a></tt></b> or <b><tt><a href="http://sourceforge.net/projects/ibmtpm20tss/">IBM's TPM 2.0 TSS</a></tt></b>. <i>(for TPMv2 support if using GnuTLS)</i></li>
- <li><b><tt><a href="http://stoken.sourceforge.net/">libstoken</a></tt></b> <i>(for SecurID software token support)</i></li>
- <li><b><tt><a href="http://www.nongnu.org/oath-toolkit/">libpskc</a></tt></b> <i>(for RFC6030 PSKC file storage of HOTP/TOTP keys)</i></li>
+ <li><b><tt><a href="https://www.gnu.org/software/libtasn1/">libtasn1</a></tt></b> and <em>either</em> <b><tt><a href="https://github.com/tpm2-software/tpm2-tss">tss2-esys</a></tt></b> or <b><tt><a href="https://sourceforge.net/projects/ibmtpm20tss/">IBM's TPM 2.0 TSS</a></tt></b>. <i>(for TPMv2 support if using GnuTLS)</i></li>
+ <li><b><tt><a href="http://stoken.sf.net/">libstoken</a></tt></b> <i>(for SecurID software token support)</i></li>
+ <li><b><tt><a href="https://www.nongnu.org/oath-toolkit/">libpskc</a></tt></b> <i>(for RFC6030 PSKC file storage of HOTP/TOTP keys)</i></li>
<li><b><tt><a href="https://pcsclite.alioth.debian.org/pcsclite.html">libpcsclite</a></tt></b> <i>(for Yubikey hardware HOTP/HOTP support)</i></li>
</ul>
<p>OpenConnect supports the use of HTTP and SOCKS proxies to connect to the
<p>Solaris/OpenIndiana users will need the <a href="http://www.whiteboard.ne.jp/~admin2/tuntap/">Solaris TAP driver</a>.
Note that for IPv6 support, the Solaris tun/tap driver from 16th Nov 2009 or newer is required.</p>
-<p>On Windows, version 9.9 or later of the <a href="https://community.openvpn.net/openvpn/wiki/ManagingWindowsTAPDrivers">TAP-Windows driver</a> from the <a href="http://www.openvpn.net/">OpenVPN project</a> is required. The easiest way to install the driver is to use the Windows installer from the <a href="http://openvpn.net/index.php/download/community-downloads.html">Community Downloads page</a>. The 64-bit installer contains signed drivers suitable for use on Windows 7 and later versions.</p>
+<p>On Windows, version 9.9 or later of the <a href="https://community.openvpn.net/openvpn/wiki/ManagingWindowsTAPDrivers">TAP-Windows driver</a> from the <a href="https://openvpn.net/">OpenVPN project</a> is required. The easiest way to install the driver is to use the Windows installer from the <a href="https://openvpn.net/index.php/download/community-downloads.html">Community Downloads page</a>. The 64-bit installer contains signed drivers suitable for use on Windows 7 and later versions.</p>
<INCLUDE file="inc/footer.tmpl" />
</PAGE>
<ul>
<li>Fix alignment issue which broke LZS compression on ARM etc.</li>
<li>Support HTTP authentication to servers, not just proxies.</li>
- <li>Work around Yubikey <a href="http://forum.yubico.com/viewtopic.php?f=26&t=1601#p6807">issue</a> with non-ASCII passphrase set on pre-KitKat Android.</li>
+ <li>Work around Yubikey <a href="https://forum.yubico.com/viewtopic.php?f=26&t=1601#p6807">issue</a> with non-ASCII passphrase set on pre-KitKat Android.</li>
<li>Add SHA256/SHA512 support for OATH.</li>
<li>Remove liboath dependency.</li>
<li>Support DTLS v1.2 and AES-GCM with OpenSSL 1.0.2.</li>
<li>Support <tt>utun</tt> driver on OS X.</li>
<li>Change library API so string ownership is never transferred.</li>
<li>Support new NDIS6 TAP-Windows driver shipped with OpenVPN 2.3.4.</li>
- <li>Support using PSKC <i>(<a href="http://tools.ietf.org/html/rfc6030">RFC6030</a>)</i> token files for HOTP/TOTP tokens.</li>
+ <li>Support using PSKC <i>(<a href="https://tools.ietf.org/html/rfc6030">RFC6030</a>)</i> token files for HOTP/TOTP tokens.</li>
<li>Support for updating HOTP token storage when token is used.</li>
<li>Support for reading OTP token data from a file.</li>
<li>Add full <a href="charset.html">character set handling</a> for legacy non-UTF8 systems <i>(including Windows)</i>.</li>
<li><b><a href="https://www.infradead.org/openconnect/download/openconnect-5.99.tar.gz">OpenConnect v5.99</a></b>
<i>(<a href="https://www.infradead.org/openconnect/download/openconnect-5.99.tar.gz.asc">PGP signature</a>)</i> — 2014-03-05
<ul>
- <li>Add <a href="http://tools.ietf.org/html/rfc4226">RFC4226</a> HOTP token support.</li>
+ <li>Add <a href="https://tools.ietf.org/html/rfc4226">RFC4226</a> HOTP token support.</li>
<li>Tolerate servers closing connection uncleanly after HTTP/1.0 response <a href="https://bugs.launchpad.net/bugs/1225276"><i>(Ubuntu #1225276)</i></a>.</li>
<li>Add support for IPv6 split tunnel configuration.</li>
<li>Add Windows support with MinGW <i>(tested with both IPv6 and Legacy IP with latest <a href="https://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script-win.js">vpnc-script-win.js</a>)</i></li>
<li>Use original URL when falling back to non-XML POST mode.</li>
<li>Add <tt>--no-xmlpost</tt> option to revert to older, compatible behaviour.</li>
<li>Close connection before falling back to non-xmlpost mode <a href="https://bugzilla.redhat.com/show_bug.cgi?id=964650"><i>(RH#964650)</i></a>.</li>
- <li>Improve error handling when server closes connection <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708928"><i>(Debian #708928)</i></a>.</li>
+ <li>Improve error handling when server closes connection <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708928"><i>(Debian #708928)</i></a>.</li>
</ul><br/>
</li>
<li><b><a href="https://www.infradead.org/openconnect/download/openconnect-5.00.tar.gz">OpenConnect v5.00</a></b>
<li>Fix compatibility issues with XML POST authentication.</li>
<li>Fix memory leaks on <tt>realloc()</tt> failure.</li>
<li>Fix certificate validation problem caused by hostname canonicalisation.</li>
- <li>Add <a href="http://tools.ietf.org/html/rfc6238">RFC6238</a> TOTP token support using <a href="http://www.nongnu.org/oath-toolkit/">liboath</a>.</li>
+ <li>Add <a href="https://tools.ietf.org/html/rfc6238">RFC6238</a> TOTP token support using <a href="https://www.nongnu.org/oath-toolkit/">liboath</a>.</li>
<li>Replace <tt>--stoken</tt> option with more generic <tt>--token-mode</tt> and <tt>--token-secret</tt> options.</li>
</ul><br/>
</li>
<ul>
<li>Add <tt>--os</tt> switch to report a different OS type to the gateway.</li>
<li>Support new XML POST format.</li>
- <li>Add SecurID token support using <a href="http://stoken.sourceforge.net/">libstoken</a>.</li>
+ <li>Add SecurID token support using <a href="http://stoken.sf.net/">libstoken</a>.</li>
</ul><br/>
</li>
<li><b><a href="https://www.infradead.org/openconnect/download/openconnect-4.08.tar.gz">OpenConnect v4.08</a></b>
<li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.00.tar.gz">OpenConnect v3.00</a></b> — 2011-03-09
<ul>
<li>Create libopenconnect.a for GUI authentication dialog to use.</li>
- <li>Remove auth-dialog, which now lives in the <a href="http://git.gnome.org/browse/network-manager-openconnect/">network-manager-openconnect</a> package.</li>
+ <li>Remove auth-dialog, which now lives in the <a href="https://gitlab.gnome.org/GNOME/NetworkManager-openconnect">network-manager-openconnect</a> package.</li>
<li>Cope with more entries in authentication forms.</li>
<li>Add <tt>--csd-wrapper</tt> option to wrap CSD trojan.</li>
<li>Report error and abort if CA file cannot be opened.</li>
<h1>Features</h1>
<ul>
- <li>Connection through HTTP proxy, including <a href="http://code.google.com/p/libproxy/">libproxy</a> support for automatic proxy configuration.</li>
+ <li>Connection through HTTP proxy, including <a href="https://code.google.com/archive/p/libproxy/">libproxy</a> support for automatic proxy configuration.</li>
<li>Connection through SOCKS5 proxy.</li>
<li>Automatic detection of IPv4 and IPv6 address, routes.</li>
<li>Authentication via HTTP forms.</li>
- <li>Authentication using SSL certificates — from local file, <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">Trusted Platform Module</a> and PKCS#11 smartcards.</li>
+ <li>Authentication using SSL certificates — from local file, <a href="https://en.wikipedia.org/wiki/Trusted_Platform_Module">Trusted Platform Module</a> and PKCS#11 smartcards.</li>
<li>Authentication using SecurID software tokens <i>(when built with libstoken)</i></li>
<li>Authentication using OATH TOTP or HOTP software tokens.</li>
<li>Authentication using Yubikey OATH tokens <i>(when built with libpcsclite)</i></li>
<p>Support for OpenConnect in NetworkManager has been integrated into
GNOME git and is released alongside NetworkManager's other VPN modules:
-<a href="http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openconnect/">
-http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openconnect/</a>.</p>
+<a href="https://download.gnome.org/sources/NetworkManager-openconnect/">
+https://download.gnome.org/sources/NetworkManager-openconnect/</a>.</p>
<p>OpenConnect is also supported in KDE Plasma NM as well as the older
widget-based NetworkManagement applet.</p>
<h2>ConnMan</h2>
-<p><a href="http://connman.net/">ConnMan</a> has core OpenConnect functionality
+<p><a href="https://01.org/connman">ConnMan</a> has core OpenConnect functionality
as from version 0.48, and the corresponding support is also in the
<a href="http://meego.gitorious.org/meego-netbook-ux/meego-panel-networks">meego-panel-networks</a>
user interface. Other ConnMan UI front ends may lack VPN support.</p>
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<!-- Created with Inkscape (https://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
<p>Development of OpenConnect was started after a trial of the Cisco AnyConnect
client under Linux found it to have many deficiencies:</p>
<ul>
- <li>Inability to use SSL certificates from a <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">TPM</a> or
- <a href="http://en.wikipedia.org/wiki/PKCS11">PKCS#11</a> smartcard, or even use a passphrase.</li>
+ <li>Inability to use SSL certificates from a <a href="https://en.wikipedia.org/wiki/Trusted_Platform_Module">TPM</a> or
+ <a href="https://en.wikipedia.org/wiki/PKCS11">PKCS#11</a> smartcard, or even use a passphrase.</li>
<li>Lack of support for Linux platforms other than i386.</li>
<li>Lack of integration with NetworkManager on the Linux desktop.</li>
<li>Lack of proper (RPM/DEB) packaging for Linux distributions.</li>
<p>There is also an IRC channel
<a href="ircs://irc.oftc.net:6697/#openconnect"><tt>#openconnect</tt></a>
- on the <a HREF="http://www.oftc.net/">OFTC</a> network. You can access it via the
+ on the <a href="https://www.oftc.net/">OFTC</a> network. You can access it via the
<a href="https://webchat.oftc.net/">OFTC webchat</a> if you don't have an
IRC client.</p>
spawn a user-supplied program, passing all data traffic through a UNIX
socket to that program.</p>
<p>This option can be used in conjunction with a userspace TCP stack
-such as <a href="http://savannah.nongnu.org/projects/lwip/">lwip</a>
+such as <a href="https://savannah.nongnu.org/projects/lwip/">lwip</a>
to provide SOCKS access to the VPN, without requiring root privileges
at all.</p>
<p>SOCKS proxy implementions suitable for being used from OpenConnect
</li>
<li><h2>FreeBSD</h2>
<p>
- An <tt>openconnect</tt> <a href="http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openconnect/">port</a> is available for FreeBSD.
+ An <tt>openconnect</tt> <a href="https://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openconnect/">port</a> is available for FreeBSD.
</p>
</li>
<li><h2>OpenBSD</h2>
<h2>Identifying the token</h2>
<p>In order to use a PKCS#11 token with OpenConnect, first it must be installed
appropriately in the system's
-<a href="http://p11-glue.freedesktop.org/doc/p11-kit/config.html">p11-kit configuration</a>.
+<a href="https://p11-glue.github.io/p11-glue/p11-kit/manual/config.html">p11-kit configuration</a>.
You shouldn't need to worry about this; it should automatically be the case for
properly packaged software on any modern operating system.</p>
<p>In order to query the available PKCS#11 modules, and the certificates
stored therein, the best tool to use is the
-<a href="http://www.gnutls.org/manual/html_node/p11tool-Invocation.html">p11tool</a>
+<a href="https://www.gnutls.org/manual/html_node/p11tool-Invocation.html">p11tool</a>
distributed with GnuTLS. In Fedora it's in the <tt>gnutls-utils</tt> package.</p>
<p>First identify the PKCS#11 modules which are available by using the <tt>--list-tokens</tt> option:</p>
Android</a>), OpenBSD, FreeBSD (including Debian GNU/kFreeBSD), NetBSD,
DragonFly BSD, OpenIndiana/OpenSolaris, Solaris 10/11, Windows and
Mac OS X platforms, and should be trivially portable to any other platform
-supporting <a href="http://en.wikipedia.org/wiki/TUN/TAP">TUN/TAP</a> devices
-and on which <a href="http://www.gnutls.org/">GnuTLS</a> or
-<a href="http://www.openssl.org/">OpenSSL</a> runs.</p>
+supporting <a href="https://en.wikipedia.org/wiki/TUN/TAP">TUN/TAP</a> devices
+and on which <a href="https://www.gnutls.org/">GnuTLS</a> or
+<a href="https://www.openssl.org/">OpenSSL</a> runs.</p>
<p>For Solaris support, and for IPv6 on any platform, the
<tt>vpnc-script</tt> shipped with vpnc itself (as of v0.5.3)
<ul>
<li><a href="anyconnect.html">Details</a> on support for
- Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a> (<tt>--protocol=anyconnect</tt>).
+ Cisco's <a href="https://www.cisco.com/go/asm">AnyConnect SSL VPN</a> (<tt>--protocol=anyconnect</tt>).
The OpenConnect VPN server, <a href="https://ocserv.gitlab.io/www/index.html">ocserv</a>, now implements an improved version of this protocol.</li>
<li><a href="juniper.html">Details</a> on support for
Juniper SSL VPN (<tt>--protocol=nc</tt>)</li>
<p>OpenConnect supports three types of software tokens for automatically
generating one-time passwords:</p>
<ul>
- <li><a href="http://en.wikipedia.org/wiki/SecurID">RSA SecurID</a> tokens using
- <a href="http://stoken.sourceforge.net/">libstoken</a></li>
- <li>OATH TOTP <i>(<a href="http://tools.ietf.org/html/rfc6238">RFC6238</a>)</i> tokens</li>
- <li>OATH HOTP <i>(<a href="http://tools.ietf.org/html/rfc4226">RFC4226</a>)</i> tokens</li>
+ <li><a href="https://en.wikipedia.org/wiki/SecurID">RSA SecurID</a> tokens using
+ <a href="http://stoken.sf.net/">libstoken</a></li>
+ <li>OATH TOTP <i>(<a href="https://tools.ietf.org/html/rfc6238">RFC6238</a>)</i> tokens</li>
+ <li>OATH HOTP <i>(<a href="https://tools.ietf.org/html/rfc4226">RFC4226</a>)</i> tokens</li>
</ul>
<p>OATH HOTP/TOTP tokens are also supported in hardware by:</p>
<ul><li><a href="https://developers.yubico.com/ykneo-oath/">ykneo-oath</a> applet on
<li><b>sha512:0x53656372657453656372657421</b><br/>
This is the hexadecimal form which <i>(without the leading <tt>0x</tt>)</i> is
accepted by default by the
- <tt><a href="http://www.nongnu.org/oath-toolkit/oathtool.1.html">oathtool</a></tt>
+ <tt><a href="https://www.nongnu.org/oath-toolkit/oathtool.1.html">oathtool</a></tt>
program.</li>
<li><b>base32:KNSWG4TFORJWKY3SMV2CC===</b></li>
<li><b>sha256:base32:KNSWG4TFORJWKY3SMV2CC===</b></li>
<li><b>sha512:base32:KNSWG4TFORJWKY3SMV2CC===</b><br/>
This is the base32 form which is accepted by the
- <tt><a href="http://www.nongnu.org/oath-toolkit/oathtool.1.html">oathtool</a></tt>
+ <tt><a href="https://www.nongnu.org/oath-toolkit/oathtool.1.html">oathtool</a></tt>
program with its <tt>-b</tt> option..</li>
<li><b>&lt;?xml version=...</b><br/>
- PSKC XML files conforming to <a href="http://tools.ietf.org/html/rfc6030">RFC6030</a>.
+ PSKC XML files conforming to <a href="https://tools.ietf.org/html/rfc6030">RFC6030</a>.
These should be generally be imported from a file: '<tt>--token-secret @<i>FILE.PSKC</i></tt>'</li>
</ul>
"<tt>sha512:</tt>" when explicitly providing a key on the command line.
Algorithms other than SHA-1 are not yet supported with PSKC files until
the relevant standards have been updated to indicate how they shall be
-indicated in the PSKC file. See <a href="http://www.rfc-editor.org/errata_search.php?rfc=6238&eid=4249">this erratum</a> to RFC6238 for current status.</p>
+indicated in the PSKC file. See <a href="https://www.rfc-editor.org/errata_search.php?rfc=6238&eid=4249">this erratum</a> to RFC6238 for current status.</p>
These correspond to the raw forms of the TOTP tokens given above, with the <i>counter</i>
value appended in decimal form after a comma.</li>
<li><b>&lt;?xml version=...</b><br/>
- PSKC XML files conforming to <a href="http://tools.ietf.org/html/rfc6030">RFC6030</a> will
+ PSKC XML files conforming to <a href="https://tools.ietf.org/html/rfc6030">RFC6030</a> will
contain the <i>counter</i> value.</li>
</ul>
There are two ENGINE implementations for TPM v2 with OpenSSL,
based on different TSS libraries.</p>
-<p><a href="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/"><tt>openssl_tpm2_engine</tt></a> is based on <a href="http://sourceforge.net/projects/ibmtpm20tss/">IBM's TPM 2.0 TSS</a>, while
+<p><a href="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/"><tt>openssl_tpm2_engine</tt></a> is based on <a href="https://sourceforge.net/projects/ibmtpm20tss/">IBM's TPM 2.0 TSS</a>, while
<a href="https://github.com/tpm2-software/tpm2-tss-engine"><tt>tpm2-tss-engine</tt></a> uses the
<a href="https://github.com/tpm2-software/tpm2-tss">Intel/TCG stack</a>. OpenConnect can use
either ENGINE.</p>
<p>To set the routing and name service up, it uses an external script
which is usually called <tt>vpnc-script</tt>. It's exactly the same script that
-<a href="http://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a> uses.
+<a href="https://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a> uses.
You may already have a <tt>vpnc-script</tt> installed on your system,
perhaps in a location such as <tt>/etc/vpnc/vpnc-script</tt>.</p>
<p>On Windows, the default configuration of OpenConnect will look for
a script named named <tt>vpnc-script-win.js</tt> in the same directory
as the <tt>openconnect.exe</tt> executable, and will execute it with the
-<a href="http://technet.microsoft.com/en-us/library/bb490887.aspx">command-based script
-host (<tt>CScript.exe</tt>)</a>.</p>
+<a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cscript">command-based
+script host (<tt>CScript.exe</tt>)</a>.</p>
<p>The current version of this script can be found <a
href="https://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script-win.js">here</a>.</p>
if (pin) {
/* Try working around pre-KitKat PBKDF2 bug discussed at
* http://forum.yubico.com/viewtopic.php?f=26&t=1601#p6807 and
- * http://android-developers.blogspot.se/2013/12/changes-to-secretkeyfactory-api-in.html */
+ * https://android-developers.googleblog.com/2013/12/changes-to-secretkeyfactory-api-in.html */
const char *in;
char *out;
projects / users / dwmw2 / openconnect.git / commitdiff
