* FortiOS 4 was the last version to send the legacy HTTP configuration.
* FortiOS 5 and later send the current XML configuration.
* We clearly do not need to support FortiOS 4 anymore.
- *
+ *
* Yet we keep this code around in order to get a sanity check about
* whether the SVPNCOOKIE is still valid/alive, until we are sure we've
* worked out the weirdness with reconnects.
struct oc_auth_form *form,
struct oc_form_opt *opt);
-int set_oidc_token(struct openconnect_info *vpninfo,
+int set_oidc_token(struct openconnect_info *vpninfo,
const char *token_str);
/* stoken.c */
<h2>Other enhancements</h2>
-One of the main other improvements that would be welcome, is implementing a full WebView in the graphical clients. Currently for protocols like Juniper, OpenConnect screen-scrapes the HTML pages used for login, and attempts to make sense of them. This is The main thing that would be
+One of the main other improvements that would be welcome, is implementing a full WebView in the graphical clients. Currently for protocols like Juniper, OpenConnect screen-scrapes the HTML pages used for login, and attempts to make sense of them. This is The main thing that would be
Other items on the TODO list include:
<ul>
<table border="1"><tr><td>
<pre>
Copyright 2007, 2010 by Nathan C. Myers <ncm@cantrip.org>
-Redistribution and use in source and binary forms, with or without modification,
+Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
-
+
Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
- The name of the author must not be used to endorse or promote products derived
+ The name of the author must not be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
<table border="1"><tr><td>
<pre>
Copyright (C) 2012, 2013 James McLaughlin et al. All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
If you are posting debugging output from openconnect to the mailing list, do <em>not</em> include a line which looks like this:
<br/><tt>Set-Cookie: webvpn=835278264@921600@1221512527@6B9EC24DEB2F59E242F75B424D42F223D0912984;PATH=/</tt><br/>
That HTTP cookie is all that's needed to grant access to the VPN session you just logged in to —
- it's almost as bad as giving your password away. Version 2.26 or later of OpenConnect will
+ it's almost as bad as giving your password away. Version 2.26 or later of OpenConnect will
automatically filter this out of the debugging output for you.
</p>
<p>For Juniper VPN, the equivalent is a <tt>DSID</tt> cookie, which is not yet filtered
<p>OpenConnect is known to work, with both IPv6 and Legacy IP, on Linux
(<a href="https://github.com/cernekee/ics-openconnect">including
Android</a>), OpenBSD, FreeBSD (including Debian GNU/kFreeBSD), NetBSD,
-DragonFly BSD, OpenIndiana/OpenSolaris, Solaris 10/11, Windows and
+DragonFly BSD, OpenIndiana/OpenSolaris, Solaris 10/11, Windows and
Mac OS X platforms, and should be trivially portable to any other platform
supporting <a href="https://en.wikipedia.org/wiki/TUN/TAP">TUN/TAP</a> devices
and on which <a href="https://www.gnutls.org/">GnuTLS</a> or
body {
background: white;
font-family: 'Raleway', Sans, Arial, Helvetica, Geneva, Swiss, SunSans-Regular;
- font-size: 12px;
+ font-size: 12px;
}
#logo {
}
#menu1 .nonsel a:hover span {
- color: Black;
- text-decoration: underline;
- background: url(../images/rightsel.png) top right no-repeat transparent;
+ color: Black;
+ text-decoration: underline;
+ background: url(../images/rightsel.png) top right no-repeat transparent;
}
#menu1 .sel a {
padding-top: 0.2em;
background: url(../images/leftsel.png) top left no-repeat #e6e6e6;
margin-top: 0.2em;
- margin-left: 5px;
+ margin-left: 5px;
height: 2em;
text-decoration: none;
}
}
#menu2 .nonsel a:hover span {
- color: Black;
- text-decoration: underline;
- background: url(../images/rightsel2.png) top right no-repeat transparent;
+ color: Black;
+ text-decoration: underline;
+ background: url(../images/rightsel2.png) top right no-repeat transparent;
}
#menu2 .sel a {
float: left;
padding: 0.2em 1em 0 1em;
margin-top: 0.2em;
- margin-left: 0px;
+ margin-left: 0px;
height: 2em;
text-decoration: none;
}
padding-left: 20px;
padding-right: 120px;
padding-bottom: 20px;
- font-size: 14px;
+ font-size: 14px;
}
#text {
margin: 0;
border-color: #e6e6e6;
- font-size: 14px;
+ font-size: 14px;
background: #ffffff;
}
token as described below.</p>
<p>For the <tt>openconnect</tt> command line program, if the first character of
the <tt>--token-secret</tt> value is / or @, the argument is interpreted as a
-filename. The secret data will be loaded from <i>(and potentially saved back
+filename. The secret data will be loaded from <i>(and potentially saved back
to, in the case of HOTP tokens)</i> the specifed file.</p>
<p>In each case, the automatic token generation will be tried twice before it
<p>If no <tt>--token-secret</tt> argument is provided in SecurID mode, the
default <tt>.stokenrc</tt> file from the user's home directory will be used.
For the NetworkManager integration, this is a separate choice for the token
-type — the UI has separate choices for <i>"RSA SecurID - read from ~/.stokenrc"</i> vs.
+type — the UI has separate choices for <i>"RSA SecurID - read from ~/.stokenrc"</i> vs.
<i>"RSA SecurID - manually entered"</i>.</p>
<p>If a token is provided — either directly on the command line, as the contents
<li><b>sha256:0x53656372657453656372657421</b></li>
<li><b>sha512:0x53656372657453656372657421</b><br/>
This is the hexadecimal form which <i>(without the leading <tt>0x</tt>)</i> is
- accepted by default by the
+ accepted by default by the
<tt><a href="https://www.nongnu.org/oath-toolkit/oathtool.1.html">oathtool</a></tt>
program.</li>
<li><b>base32:KNSWG4TFORJWKY3SMV2CC===</b></li>
<li><b>sha256:base32:KNSWG4TFORJWKY3SMV2CC===</b></li>
<li><b>sha512:base32:KNSWG4TFORJWKY3SMV2CC===</b><br/>
- This is the base32 form which is accepted by the
+ This is the base32 form which is accepted by the
<tt><a href="https://www.nongnu.org/oath-toolkit/oathtool.1.html">oathtool</a></tt>
program with its <tt>-b</tt> option..</li>
<li><b>&lt;?xml version=...</b><br/>
projects / users / dwmw2 / openconnect.git / commitdiff