From: Dimitri Papadopoulos <3350651+DimitriPapadopoulos@users.noreply.gitlab.com> Date: Wed, 16 Jun 2021 10:38:35 +0000 (+0200) Subject: http:// -> https:// X-Git-Tag: v8.20~133^2 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=0ae6852702f605ac1543e8b5c645aa303263bc44;p=users%2Fdwmw2%2Fopenconnect.git http:// -> https:// I have left out: - sites that have not moved to HTTPS - URLs found in XML and SVG files Signed-off-by: Dimitri Papadopoulos <3350651+DimitriPapadopoulos@users.noreply.gitlab.com> --- diff --git a/README.md b/README.md index d539c76d..2aa9bdab 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # OpenConnect -OpenConnect is an SSL VPN client initially created to support [Cisco's AnyConnect SSL VPN](http://www.cisco.com/go/asm). +OpenConnect is an SSL VPN client initially created to support [Cisco's AnyConnect SSL VPN](https://www.cisco.com/go/asm). It has since been ported to support the Juniper SSL VPN (which is now known as [Pulse Connect Secure](https://www.pulsesecure.net/products/connect-secure/)), the [Palo Alto Networks GlobalProtect SSL VPN](https://www.paloaltonetworks.com/features/vpn) diff --git a/acinclude.m4 b/acinclude.m4 index f259b5c1..56ea8b12 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -61,7 +61,7 @@ AC_DEFUN([AS_COMPILER_FLAGS], ]) # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html +# https://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html # =========================================================================== # # SYNOPSIS diff --git a/android/Makefile b/android/Makefile index a3b61c24..703fcd79 100644 --- a/android/Makefile +++ b/android/Makefile @@ -292,7 +292,7 @@ stoken: $(STOKEN_DEPS) # # Build liboath # -# http://download.savannah.nongnu.org/releases/oath-toolkit/ +# https://download.savannah.nongnu.org/releases/oath-toolkit/ OATH_VER := 2.6.7 OATH_TAR := oath-toolkit-$(OATH_VER).tar.gz OATH_SHA := 36eddfce8f2f36347fb257dbf878ba0303a2eaafe24eaa071d5cd302261046a9 diff --git a/compat.c b/compat.c index 5a9406ca..f83a520b 100644 --- a/compat.c +++ b/compat.c @@ -301,7 +301,7 @@ int openconnect__win32_inet_pton(int af, const char *src, void *dst) * inet_aton() (and WSAStringToAddress()) will support, but * which inet_pton() should not. Not to mention the fact that * Wine's implementation will even succeed for strings like - * "2001::1" (http://bugs.winehq.org/show_bug.cgi?id=36991) */ + * "2001::1" (https://bugs.winehq.org/show_bug.cgi?id=36991) */ if (af == AF_INET) { char canon[16]; unsigned char *a = (unsigned char *)&sa.s4.sin_addr; @@ -417,7 +417,7 @@ OPENCONNECT_CMD_SOCKET dumb_socketpair(OPENCONNECT_CMD_SOCKET socks[2], int make if (getsockname(listener, &a.addr, &addrlen) == SOCKET_ERROR) break; // win32 getsockname may only set the port number, p=0.0005. - // ( http://msdn.microsoft.com/library/ms738543.aspx ): + // ( https://docs.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-getsockname ): a.inaddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); a.inaddr.sin_family = AF_INET; diff --git a/gnutls.c b/gnutls.c index 54d0f5c4..4cabc6dd 100644 --- a/gnutls.c +++ b/gnutls.c @@ -381,7 +381,7 @@ static int check_certificate_expiry(struct openconnect_info *vpninfo, struct cer /* * Windows doesn't have gmtime_r but apparently its gmtime() * *is* thread-safe because it uses a per-thread static buffer. - * cf. http://sourceforge.net/p/mingw/bugs/1625/ + * cf. https://sourceforge.net/p/mingw/bugs/1625/ * * We also explicitly say 'GMT' because %Z would give us the * Microsoft stupidity "GMT Standard Time". Which is not only @@ -2310,7 +2310,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo) * is specified. * * Discussion: - * http://www.ietf.org/mail-archive/web/tls/current/msg10423.html + * https://www.ietf.org/mail-archive/web/tls/current/msg10423.html * * GnuTLS commits: * b6d29bb1737f96ac44a8ef9cc9fe7f9837e20465 diff --git a/java/README b/java/README index 8963ddea..28940ccf 100644 --- a/java/README +++ b/java/README @@ -19,4 +19,4 @@ non-root user and it should be pingable from across the VPN. Test/demo code is in src/com/example/ OpenConnect wrapper library is in src/org/infradead/libopenconnect/ -[1] http://repo.or.cz/w/ocproxy.git +[1] https://repo.or.cz/w/ocproxy.git diff --git a/jni.c b/jni.c index 2c9d581d..4bf9fac1 100644 --- a/jni.c +++ b/jni.c @@ -75,7 +75,7 @@ static jstring dup_to_jstring(JNIEnv *jenv, const char *in) /* * Many implementations of NewStringUTF() will return NULL on * NULL input, but that isn't guaranteed: - * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35979 + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=35979 */ return in ? (*jenv)->NewStringUTF(jenv, in) : NULL; } diff --git a/main.c b/main.c index 3259ab88..54fe2f76 100644 --- a/main.c +++ b/main.c @@ -140,7 +140,7 @@ static void __attribute__ ((format(printf, 3, 4))) #elif defined(_WIN32) || defined(__native_client__) /* * FIXME: Perhaps we could implement syslog_progress() using these APIs: - * http://msdn.microsoft.com/en-us/library/windows/desktop/aa364148%28v=vs.85%29.aspx + * https://docs.microsoft.com/en-us/windows/win32/etw/tracing-events */ #else /* !__ANDROID__ && !_WIN32 && !__native_client__ */ #include diff --git a/openconnect.nsi.in b/openconnect.nsi.in index e050eec1..c6d89472 100644 --- a/openconnect.nsi.in +++ b/openconnect.nsi.in @@ -3,7 +3,7 @@ # This is an NSIS Installer Command Script generated automatically # by the Fedora nsiswrapper program. For more information see: # -# http://fedoraproject.org/wiki/MinGW +# https://fedoraproject.org/wiki/MinGW # # To build an installer from the script you would normally do: # diff --git a/openssl.c b/openssl.c index 8a1c393b..1a1c134f 100644 --- a/openssl.c +++ b/openssl.c @@ -1920,7 +1920,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo) * packets by silently disabling extensions such as SNI. * * Discussion: - * http://www.ietf.org/mail-archive/web/tls/current/msg10423.html + * https://www.ietf.org/mail-archive/web/tls/current/msg10423.html * * OpenSSL commits: * 4fcdd66fff5fea0cfa1055c6680a76a4303f28a2 diff --git a/ssl.c b/ssl.c index 1267198c..dbbe223c 100644 --- a/ssl.c +++ b/ssl.c @@ -127,7 +127,7 @@ static int cancellable_connect(struct openconnect_info *vpninfo, int sockfd, !vpninfo->got_pause_cmd); /* Check whether connect() succeeded or failed by using - getpeername(). See http://cr.yp.to/docs/connect.html */ + getpeername(). See https://cr.yp.to/docs/connect.html */ if (!getpeername(sockfd, (void *)&peer, &peerlen)) return 0; diff --git a/www/anyconnect.xml b/www/anyconnect.xml index 8970d0f8..cd5e0095 100644 --- a/www/anyconnect.xml +++ b/www/anyconnect.xml @@ -13,7 +13,7 @@

How the VPN works

The VPN is extremely simple, based almost entirely on the standard -HTTPS and DTLS +HTTPS and DTLS protocols. You connect to the secure web server, authenticate using certificates and/or arbitrary web forms, and you are rewarded with a standard HTTP cookie named webvpn.

diff --git a/www/building.xml b/www/building.xml index 6603469b..9c6b9d0c 100644 --- a/www/building.xml +++ b/www/building.xml @@ -28,13 +28,13 @@ libraries and tools installed:

And optionally also:

OpenConnect supports the use of HTTP and SOCKS proxies to connect to the @@ -118,7 +118,7 @@ require additional kernel modules to be installed.

Solaris/OpenIndiana users will need the Solaris TAP driver. Note that for IPv6 support, the Solaris tun/tap driver from 16th Nov 2009 or newer is required.

-

On Windows, version 9.9 or later of the TAP-Windows driver from the OpenVPN project is required. The easiest way to install the driver is to use the Windows installer from the Community Downloads page. The 64-bit installer contains signed drivers suitable for use on Windows 7 and later versions.

+

On Windows, version 9.9 or later of the TAP-Windows driver from the OpenVPN project is required. The easiest way to install the driver is to use the Windows installer from the Community Downloads page. The 64-bit installer contains signed drivers suitable for use on Windows 7 and later versions.

diff --git a/www/changelog.xml b/www/changelog.xml index e7d98e47..54bd4d13 100644 --- a/www/changelog.xml +++ b/www/changelog.xml @@ -241,7 +241,7 @@
@@ -397,7 +397,7 @@
  • OpenConnect v4.08 @@ -616,7 +616,7 @@
  • OpenConnect v3.00 — 2011-03-09
    • Create libopenconnect.a for GUI authentication dialog to use.
      • -
    • Remove auth-dialog, which now lives in the network-manager-openconnect package.
      • +
    • Remove auth-dialog, which now lives in the network-manager-openconnect package.
    • Cope with more entries in authentication forms.
    • Add --csd-wrapper option to wrap CSD trojan.
    • Report error and abort if CA file cannot be opened.
      • diff --git a/www/features.xml b/www/features.xml index f878e96d..9e47a287 100644 --- a/www/features.xml +++ b/www/features.xml @@ -10,11 +10,11 @@

      Features

        -
      • Connection through HTTP proxy, including libproxy support for automatic proxy configuration.
        • +
      • Connection through HTTP proxy, including libproxy support for automatic proxy configuration.
      • Connection through SOCKS5 proxy.
      • Automatic detection of IPv4 and IPv6 address, routes.
      • Authentication via HTTP forms.
        • -
      • Authentication using SSL certificates — from local file, Trusted Platform Module and PKCS#11 smartcards.
        • +
      • Authentication using SSL certificates — from local file, Trusted Platform Module and PKCS#11 smartcards.
      • Authentication using SecurID software tokens (when built with libstoken)
      • Authentication using OATH TOTP or HOTP software tokens.
      • Authentication using Yubikey OATH tokens (when built with libpcsclite)
        • diff --git a/www/gui.xml b/www/gui.xml index 497c7360..9d90f701 100644 --- a/www/gui.xml +++ b/www/gui.xml @@ -14,15 +14,15 @@

        Support for OpenConnect in NetworkManager has been integrated into GNOME git and is released alongside NetworkManager's other VPN modules: - -http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openconnect/.

        + +https://download.gnome.org/sources/NetworkManager-openconnect/.

        OpenConnect is also supported in KDE Plasma NM as well as the older widget-based NetworkManagement applet.

        ConnMan

        -

        ConnMan has core OpenConnect functionality +

        ConnMan has core OpenConnect functionality as from version 0.48, and the corresponding support is also in the meego-panel-networks user interface. Other ConnMan UI front ends may lack VPN support.

        diff --git a/www/images/openconnect.svg b/www/images/openconnect.svg index 655a17d1..52b2076b 100644 --- a/www/images/openconnect.svg +++ b/www/images/openconnect.svg @@ -1,5 +1,5 @@ - +

        Development of OpenConnect was started after a trial of the Cisco AnyConnect client under Linux found it to have many deficiencies:

          -
        • Inability to use SSL certificates from a TPM or - PKCS#11 smartcard, or even use a passphrase.
          • +
        • Inability to use SSL certificates from a TPM or + PKCS#11 smartcard, or even use a passphrase.
        • Lack of support for Linux platforms other than i386.
        • Lack of integration with NetworkManager on the Linux desktop.
        • Lack of proper (RPM/DEB) packaging for Linux distributions.
          • diff --git a/www/mail.xml b/www/mail.xml index ce5cb28a..f2b8cc50 100644 --- a/www/mail.xml +++ b/www/mail.xml @@ -59,7 +59,7 @@

          There is also an IRC channel #openconnect - on the OFTC network. You can access it via the + on the OFTC network. You can access it via the OFTC webchat if you don't have an IRC client.

          diff --git a/www/nonroot.xml b/www/nonroot.xml index 2860a7ee..8f0969b6 100644 --- a/www/nonroot.xml +++ b/www/nonroot.xml @@ -58,7 +58,7 @@ modify the system's network configuration. Instead, OpenConnect can spawn a user-supplied program, passing all data traffic through a UNIX socket to that program.

          This option can be used in conjunction with a userspace TCP stack -such as lwip +such as lwip to provide SOCKS access to the VPN, without requiring root privileges at all.

          SOCKS proxy implementions suitable for being used from OpenConnect diff --git a/www/packages.xml b/www/packages.xml index 77ce14b9..da746025 100644 --- a/www/packages.xml +++ b/www/packages.xml @@ -53,7 +53,7 @@

        • FreeBSD

          - An openconnect port is available for FreeBSD. + An openconnect port is available for FreeBSD.

        • OpenBSD

          diff --git a/www/pkcs11.xml b/www/pkcs11.xml index 59cb9d83..4525cc15 100644 --- a/www/pkcs11.xml +++ b/www/pkcs11.xml @@ -28,7 +28,7 @@ hopefully assist you in working it out.

          Identifying the token

          In order to use a PKCS#11 token with OpenConnect, first it must be installed appropriately in the system's -p11-kit configuration. +p11-kit configuration. You shouldn't need to worry about this; it should automatically be the case for properly packaged software on any modern operating system.

          @@ -40,7 +40,7 @@ the OpenSC module with p11-kit by creating a file such as

          In order to query the available PKCS#11 modules, and the certificates stored therein, the best tool to use is the -p11tool +p11tool distributed with GnuTLS. In Fedora it's in the gnutls-utils package.

          First identify the PKCS#11 modules which are available by using the --list-tokens option:

          diff --git a/www/platforms.xml b/www/platforms.xml index 0f1594a0..2b2d1764 100644 --- a/www/platforms.xml +++ b/www/platforms.xml @@ -16,9 +16,9 @@ Android), OpenBSD, FreeBSD (including Debian GNU/kFreeBSD), NetBSD, DragonFly BSD, OpenIndiana/OpenSolaris, Solaris 10/11, Windows and Mac OS X platforms, and should be trivially portable to any other platform -supporting TUN/TAP devices -and on which GnuTLS or -OpenSSL runs.

          +supporting TUN/TAP devices +and on which GnuTLS or +OpenSSL runs.

          For Solaris support, and for IPv6 on any platform, the vpnc-script shipped with vpnc itself (as of v0.5.3) diff --git a/www/protocols.xml b/www/protocols.xml index 869c2068..65b14b8f 100644 --- a/www/protocols.xml +++ b/www/protocols.xml @@ -17,7 +17,7 @@ See the --protocol option for how to use a dif

          • Details on support for - Cisco's AnyConnect SSL VPN (--protocol=anyconnect). + Cisco's AnyConnect SSL VPN (--protocol=anyconnect). The OpenConnect VPN server, ocserv, now implements an improved version of this protocol.
          • Details on support for Juniper SSL VPN (--protocol=nc)
            • diff --git a/www/token.xml b/www/token.xml index 07502e1e..d484173a 100644 --- a/www/token.xml +++ b/www/token.xml @@ -13,10 +13,10 @@

            OpenConnect supports three types of software tokens for automatically generating one-time passwords:

            OATH HOTP/TOTP tokens are also supported in hardware by:

            • ykneo-oath applet on @@ -127,16 +127,16 @@ They may be specified in one of the following forms:

            • sha512:0x53656372657453656372657421
              This is the hexadecimal form which (without the leading 0x) is accepted by default by the - oathtool + oathtool program.
            • base32:KNSWG4TFORJWKY3SMV2CC===
            • sha256:base32:KNSWG4TFORJWKY3SMV2CC===
            • sha512:base32:KNSWG4TFORJWKY3SMV2CC===
              This is the base32 form which is accepted by the - oathtool + oathtool program with its -b option..
            • &lt;?xml version=...
              - PSKC XML files conforming to RFC6030. + PSKC XML files conforming to RFC6030. These should be generally be imported from a file: '--token-secret @FILE.PSKC'
            @@ -145,7 +145,7 @@ SHA-512 are also supported; to use them prefix "sha256:" or "sha512:" when explicitly providing a key on the command line. Algorithms other than SHA-1 are not yet supported with PSKC files until the relevant standards have been updated to indicate how they shall be -indicated in the PSKC file. See this erratum to RFC6238 for current status.

            +indicated in the PSKC file. See this erratum to RFC6238 for current status.

            @@ -163,7 +163,7 @@ generated.

            These correspond to the raw forms of the TOTP tokens given above, with the counter value appended in decimal form after a comma.
          • &lt;?xml version=...
            - PSKC XML files conforming to RFC6030 will + PSKC XML files conforming to RFC6030 will contain the counter value.
          diff --git a/www/tpm.xml b/www/tpm.xml index 302174f9..ff10c209 100644 --- a/www/tpm.xml +++ b/www/tpm.xml @@ -45,7 +45,7 @@ These have the PEM tag: There are two ENGINE implementations for TPM v2 with OpenSSL, based on different TSS libraries.

          -

          openssl_tpm2_engine is based on IBM's TPM 2.0 TSS, while +

          openssl_tpm2_engine is based on IBM's TPM 2.0 TSS, while tpm2-tss-engine uses the Intel/TCG stack. OpenConnect can use either ENGINE.

          diff --git a/www/vpnc-script.xml b/www/vpnc-script.xml index 8fbc8550..6737d43d 100644 --- a/www/vpnc-script.xml +++ b/www/vpnc-script.xml @@ -16,7 +16,7 @@ various operating systems that it runs on.

          To set the routing and name service up, it uses an external script which is usually called vpnc-script. It's exactly the same script that -vpnc uses. +vpnc uses. You may already have a vpnc-script installed on your system, perhaps in a location such as /etc/vpnc/vpnc-script.

          @@ -50,8 +50,8 @@ to configure the routing or name service for the VPN.

          On Windows, the default configuration of OpenConnect will look for a script named named vpnc-script-win.js in the same directory as the openconnect.exe executable, and will execute it with the -command-based script -host (CScript.exe).

          +command-based +script host (CScript.exe).

          The current version of this script can be found here.

          diff --git a/yubikey.c b/yubikey.c index a7b90496..c3a7232a 100644 --- a/yubikey.c +++ b/yubikey.c @@ -278,7 +278,7 @@ static int select_yubioath_applet(struct openconnect_info *vpninfo, if (pin) { /* Try working around pre-KitKat PBKDF2 bug discussed at * http://forum.yubico.com/viewtopic.php?f=26&t=1601#p6807 and - * http://android-developers.blogspot.se/2013/12/changes-to-secretkeyfactory-api-in.html */ + * https://android-developers.googleblog.com/2013/12/changes-to-secretkeyfactory-api-in.html */ const char *in; char *out;