From 0cb55e2eec114f93a905b4df61775c472caeee95 Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Tue, 15 Jun 2021 09:49:22 +0100
Subject: [PATCH] Use https://www.infradead.org/openconnect/download/ URLs

FTP is getting harder to access these days.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---
 Makefile.am               |   8 +-
 mingw-openconnect.spec.in |   6 +-
 openconnect.spec.in       |   6 +-
 www/changelog.xml         | 226 +++++++++++++++++++-------------------
 www/download.xml          |   6 +-
 5 files changed, 126 insertions(+), 126 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 2b9dd139..6078420a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -219,8 +219,8 @@ tag: uncommitted-check
 	@( echo '1,/<!-- latest-release-start -->/p' ;\
 	   echo '/<!-- latest-release-end -->/,$$p' ;\
 	   echo  '/<!-- latest-release-start -->/a\' ;\
-	   echo  'The latest release is <a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-$(VERSION).tar.gz">OpenConnect v$(VERSION)</a>\' ;\
-	   echo  '<i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-$(VERSION).tar.gz.asc">PGP signature</a>)</i>,\' ;\
+	   echo  'The latest release is <a href="https://www.infradead.org/openconnect/download/openconnect-$(VERSION).tar.gz">OpenConnect v$(VERSION)</a>\' ;\
+	   echo  '<i>(<a href="https://www.infradead.org/openconnect/download/openconnect-$(VERSION).tar.gz.asc">PGP signature</a>)</i>,\' ;\
 	   echo 'released on $(shell date +%Y-%m-%d) with the following changelog:</p>\' ;\
 	   sed '0,/<b>OpenConnect HEAD/d;/<\/ul><br\/>/,$$d;s/$$/\\/' $(srcdir)/www/changelog.xml ;\
 	   echo '     </ul>' ) | \
@@ -230,8 +230,8 @@ tag: uncommitted-check
 	   echo '     <ul>\' ;\
 	   echo '       <li><i>No changelog entries yet</i></li>\';\
 	   echo '     </ul><br/>\' ;  echo '  </li>\' ;\
-	   echo '  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-$(VERSION).tar.gz">OpenConnect v$(VERSION)</a></b>\' ;\
-	   echo '     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-$(VERSION).tar.gz.asc">PGP signature</a>)</i> &#8212; $(shell date +%Y-%m-%d)' ) | \
+	   echo '  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-$(VERSION).tar.gz">OpenConnect v$(VERSION)</a></b>\' ;\
+	   echo '     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-$(VERSION).tar.gz.asc">PGP signature</a>)</i> &#8212; $(shell date +%Y-%m-%d)' ) | \
 		sed -f - -i $(srcdir)/www/changelog.xml
 	@echo '/API version [0-9]\+\.[0-9]\+:$$/s/:/ (v$(VERSION); $(shell date +%Y-%m-%d)):/' | \
 		sed -f - -i $(srcdir)/openconnect.h
diff --git a/mingw-openconnect.spec.in b/mingw-openconnect.spec.in
index e579b9b1..c121ab0b 100644
--- a/mingw-openconnect.spec.in
+++ b/mingw-openconnect.spec.in
@@ -13,14 +13,14 @@
 Name:		mingw-openconnect
 Version:	%{tagver}%{?snapver}
 Release:	0%{?dist}
-Summary:	Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect
+Summary:	Open client for SSL VPNs including Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect, Fortinet, etc.
 
 License:	LGPLv2
-URL:		http://www.infradead.org/openconnect.html
+URL:		https://www.infradead.org/openconnect.html
 %if 0%{?gitsnapshot}
 Source0:        https://github.com/openconnect/%{name}/archive/%{snapcommit}/openconnect-%{shortcommit}.tar.gz
 %else
-Source0:        ftp://ftp.infradead.org/pub/%{name}/openconnect-%{version}.tar.gz
+Source0:        https://www.infradead.org/openconnect/download/openconnect-%{version}.tar.gz
 %endif
 Source2:	gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc
 Source3:	macros.gpg
diff --git a/openconnect.spec.in b/openconnect.spec.in
index e46c980d..fc009805 100644
--- a/openconnect.spec.in
+++ b/openconnect.spec.in
@@ -33,14 +33,14 @@
 Name:		openconnect
 Version:	%{tagver}%{?snapver}
 Release:	0%{?dist}
-Summary:	Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect
+Summary:	Open client for SSL VPNs including Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect, Fortinet, etc.
 
 License:	LGPLv2
-URL:		http://www.infradead.org/openconnect.html
+URL:		https://www.infradead.org/openconnect.html
 %if 0%{?gitsnapshot}
 Source0:        https://github.com/openconnect/%{name}/archive/%{snapcommit}/%{name}-%{shortcommit}.tar.gz
 %else
-Source0:        ftp://ftp.infradead.org/pub/%{name}/%{name}-%{version}.tar.gz
+Source0:        https://www.infradead.org/openconnect/download/%{name}-%{version}.tar.gz
 %endif
 Source2:	gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc
 Source3:	macros.gpg
diff --git a/www/changelog.xml b/www/changelog.xml
index 03e1025e..c94fb94a 100644
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -47,8 +47,8 @@
        <li>Disable brittle "system policy" enforcement where it cannot be gracefully overridden at user request. <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1960763"><i>(RH#1960763)</i></a>.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.10.tar.gz">OpenConnect v8.10</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.10.tar.gz.asc">PGP signature</a>)</i> &#8212; 2020-05-14
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-8.10.tar.gz">OpenConnect v8.10</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-8.10.tar.gz.asc">PGP signature</a>)</i> &#8212; 2020-05-14
      <ul>
        <li>Install bash completion script to <tt>${datadir}/bash-completion/completions/openconnect</tt>.</li>
        <li>Improve compatibility of <tt>csd-post.sh</tt> trojan.</li>
@@ -56,8 +56,8 @@
        <li>Fix potential buffer overflow with GnuTLS describing local certs (CVE-2020-12823).</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.09.tar.gz">OpenConnect v8.09</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.09.tar.gz.asc">PGP signature</a>)</i> &#8212; 2020-04-29
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-8.09.tar.gz">OpenConnect v8.09</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-8.09.tar.gz.asc">PGP signature</a>)</i> &#8212; 2020-04-29
      <ul>
        <li>Add bash completion support.</li>
        <li>Give more helpful error in case of Pulse servers asking for TNCC.</li>
@@ -70,16 +70,16 @@
        <li>Work around PKCS#11 tokens which forget to set <tt>CKF_LOGIN_REQUIRED</tt> (<a href="https://gitlab.com/openconnect/openconnect/issues/123">#123</a>).</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.08.tar.gz">OpenConnect v8.08</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.08.tar.gz.asc">PGP signature</a>)</i> &#8212; 2020-04-06
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-8.08.tar.gz">OpenConnect v8.08</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-8.08.tar.gz.asc">PGP signature</a>)</i> &#8212; 2020-04-06
      <ul>
        <li>Fix check of <tt>pin-sha256:</tt> public key hashes to be case sensitive (<a href="https://gitlab.com/openconnect/openconnect/issues/116">#116</a>).</li>
        <li>Don't give non-functioning <tt>stderr</tt> to CSD trojan scripts.</li>
        <li>Fix crash with uninitialised OIDC token.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.07.tar.gz">OpenConnect v8.07</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.07.tar.gz.asc">PGP signature</a>)</i> &#8212; 2020-04-04
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-8.07.tar.gz">OpenConnect v8.07</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-8.07.tar.gz.asc">PGP signature</a>)</i> &#8212; 2020-04-04
      <ul>
        <li>Don't abort Pulse connection when server-provided certificate MD5 doesn't match.</li>
        <li>Fix off-by-one in check for bad GnuTLS versions, and add build and run time checks.</li>
@@ -88,8 +88,8 @@
        <li>Convert <tt>tncc-wrapper.py</tt> to Python 3, and include modernized <tt>tncc-emulate.py</tt> as well.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.06.tar.gz">OpenConnect v8.06</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.06.tar.gz.asc">PGP signature</a>)</i> &#8212; 2020-03-31
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-8.06.tar.gz">OpenConnect v8.06</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-8.06.tar.gz.asc">PGP signature</a>)</i> &#8212; 2020-03-31
      <ul>
        <li>Implement EAP-TTLS fragmentation.</li>
        <li>Fix Windows build with MSYS2 (<a href="https://gitlab.com/openconnect/openconnect/issues/74">#74</a>).</li>
@@ -105,15 +105,15 @@
        <li>Add RFC6750 Bearer token support (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/70">!70</a>).</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.05.tar.gz">OpenConnect v8.05</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.05.tar.gz.asc">PGP signature</a>)</i> &#8212; 2019-09-12
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-8.05.tar.gz">OpenConnect v8.05</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-8.05.tar.gz.asc">PGP signature</a>)</i> &#8212; 2019-09-12
      <ul>
        <li>Fix GlobalProtect ESP stall (<a href="https://gitlab.com/openconnect/openconnect/merge_requests/55">!55</a>).</li>
        <li>Fix HTTP chunked encoding buffer overflow (CVE-2019-16239).</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.04.tar.gz">OpenConnect v8.04</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.04.tar.gz.asc">PGP signature</a>)</i> &#8212; 2019-08-09
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-8.04.tar.gz">OpenConnect v8.04</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-8.04.tar.gz.asc">PGP signature</a>)</i> &#8212; 2019-08-09
      <ul>
        <li>Rework DTLS MTU detection. (<a href="https://gitlab.com/openconnect/openconnect/issues/10">#10</a>)</li>
        <li>Add Pulse Connect Secure support.</li>
@@ -124,8 +124,8 @@
        <li>Fix proxy username/password handling to allow special characters and escaping.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.03.tar.gz">OpenConnect v8.03</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.03.tar.gz.asc">PGP signature</a>)</i> &#8212; 2019-05-18
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-8.03.tar.gz">OpenConnect v8.03</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-8.03.tar.gz.asc">PGP signature</a>)</i> &#8212; 2019-05-18
      <ul>
        <li>Fix detection of <tt>utun</tt> support on OS X (<a href="https://gitlab.com/openconnect/openconnect/issues/18">#18</a>).</li>
        <li>Fix Cisco DTLSv1.2 support for <tt>AES256-GCM-SHA384</tt>.</li>
@@ -133,8 +133,8 @@
        <li>Fix recognition of OTP password fields (<a href="https://gitlab.com/openconnect/openconnect/issues/24">#24</a>).</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.02.tar.gz">OpenConnect v8.02</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.02.tar.gz.asc">PGP signature</a>)</i> &#8212; 2019-01-16
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-8.02.tar.gz">OpenConnect v8.02</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-8.02.tar.gz.asc">PGP signature</a>)</i> &#8212; 2019-01-16
      <ul>
        <li>Fix GNU/Hurd build.</li>
        <li>Discover <tt>vpnc-script</tt> in default packaged location on FreeBSD/OpenBSD.</li>
@@ -145,15 +145,15 @@
        <li>Invoke script with <tt>reason=attempt-reconnect</tt> before doing so.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.01.tar.gz">OpenConnect v8.01</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.01.tar.gz.asc">PGP signature</a>)</i> &#8212; 2019-01-05
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-8.01.tar.gz">OpenConnect v8.01</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-8.01.tar.gz.asc">PGP signature</a>)</i> &#8212; 2019-01-05
      <ul>
        <li>Fix <tt>memset_s()</tt> arguments.</li>
        <li>Fix OpenBSD build.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.00.tar.gz">OpenConnect v8.00</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.00.tar.gz.asc">PGP signature</a>)</i> &#8212; 2019-01-05
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-8.00.tar.gz">OpenConnect v8.00</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-8.00.tar.gz.asc">PGP signature</a>)</i> &#8212; 2019-01-05
      <ul>
        <li>Clear form submissions (which may include passwords) before freeing (CVE-2018-20319).</li>
        <li>Allow form responses to be provided on command line.</li>
@@ -173,8 +173,8 @@
        <li>SIGTERM cleans up the session similarly to SIGINT.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz">OpenConnect v7.08</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz.asc">PGP signature</a>)</i> &#8212; 2016-12-13
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-7.08.tar.gz">OpenConnect v7.08</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-7.08.tar.gz.asc">PGP signature</a>)</i> &#8212; 2016-12-13
      <ul>
        <li>Add SHA256 support for server cert hashes.</li>
        <li>Enable DHE ciphers for Cisco DTLS.</li>
@@ -208,8 +208,8 @@
        <li>Support Juniper "Pre Sign-in Message".</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.07.tar.gz">OpenConnect v7.07</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.07.tar.gz.asc">PGP signature</a>)</i> &#8212; 2016-07-11
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-7.07.tar.gz">OpenConnect v7.07</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-7.07.tar.gz.asc">PGP signature</a>)</i> &#8212; 2016-07-11
    <ul>
        <li>More fixes for OpenSSL 1.1 build.</li>
        <li>Support Juniper "Post Sign-in Message".</li>
@@ -226,8 +226,8 @@
        <li>Add <tt>--resolve</tt> and <tt>--local-hostname</tt> options to command line.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.06.tar.gz">OpenConnect v7.06</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.06.tar.gz.asc">PGP signature</a>)</i> &#8212; 2015-03-17
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-7.06.tar.gz">OpenConnect v7.06</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-7.06.tar.gz.asc">PGP signature</a>)</i> &#8212; 2015-03-17
      <ul>
        <li>Fix <tt>openconnect.pc</tt> breakage after liboath removal.</li>
        <li>Refactor Juniper Network Connect receive loop.</li>
@@ -235,8 +235,8 @@
        <li>Add Bosnian translation.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.05.tar.gz">OpenConnect v7.05</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.05.tar.gz.asc">PGP signature</a>)</i> &#8212; 2015-03-10
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-7.05.tar.gz">OpenConnect v7.05</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-7.05.tar.gz.asc">PGP signature</a>)</i> &#8212; 2015-03-10
      <ul>
        <li>Fix alignment issue which broke LZS compression on ARM etc.</li>
        <li>Support HTTP authentication to servers, not just proxies.</li>
@@ -250,8 +250,8 @@
        <li>Preliminary support for Juniper SSL VPN.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.04.tar.gz">OpenConnect v7.04</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.04.tar.gz.asc">PGP signature</a>)</i> &#8212; 2015-01-25
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-7.04.tar.gz">OpenConnect v7.04</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-7.04.tar.gz.asc">PGP signature</a>)</i> &#8212; 2015-01-25
      <ul>
        <li>Change default behaviour to enable only stateless compression.</li>
        <li>Add <tt>--compression</tt> argument and <tt>openconnect_set_compression_mode()</tt>.</li>
@@ -259,8 +259,8 @@
        <li>Add support for <a href="https://code.google.com/p/lz4/">LZ4</a> compression <i>(compatible with ocserv)</i>.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.03.tar.gz">OpenConnect v7.03</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.03.tar.gz.asc">PGP signature</a>)</i> &#8212; 2015-01-09
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-7.03.tar.gz">OpenConnect v7.03</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-7.03.tar.gz.asc">PGP signature</a>)</i> &#8212; 2015-01-09
      <ul>
        <li>Android build infrastructure updates, including 64-bit support.</li>
        <li>Clean up handling of incoming packets.</li>
@@ -268,15 +268,15 @@
        <li>Stop using static variables for received packets.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.02.tar.gz">OpenConnect v7.02</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.02.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-12-19
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-7.02.tar.gz">OpenConnect v7.02</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-7.02.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-12-19
      <ul>
        <li>Add PKCS#11 support for OpenSSL.</li>
        <li>Fix handling of select options in <tt>openconnect_set_option_value().</tt></li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.01.tar.gz">OpenConnect v7.01</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.01.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-12-07
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-7.01.tar.gz">OpenConnect v7.01</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-7.01.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-12-07
      <ul>
        <li>Try harder to find a PKCS#11 key to match a given certificate.</li>
        <li>Handle '<tt>Connection: close</tt>' from proxies correctly.</li>
@@ -284,8 +284,8 @@
        <li>Add support for <tt>X-CSTP-DynDNS</tt>, to trigger DNS lookup on each reconnect.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.00.tar.gz">OpenConnect v7.00</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.00.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-11-27
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-7.00.tar.gz">OpenConnect v7.00</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-7.00.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-11-27
      <ul>
        <li>Add support for GnuTLS 3.4 <tt>system:</tt> keys including Windows certificate store.</li>
        <li>Add support for HOTP/TOTP keys from Yubikey NEO devices.</li>
@@ -308,8 +308,8 @@
        <li>Fix crash on invocation with <tt>--token-mode</tt> but no <tt>--token-secret</tt>.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-6.00.tar.gz">OpenConnect v6.00</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-6.00.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-07-08
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-6.00.tar.gz">OpenConnect v6.00</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-6.00.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-07-08
      <ul>
        <li>Support SOCKS proxy authentication (password, GSSAPI).</li>
        <li>Support HTTP proxy authentication (Basic, Digest, NTLM and GSSAPI).</li>
@@ -322,8 +322,8 @@
        <li>Update several Android dependencies, and make the download process more robust.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-5.99.tar.gz">OpenConnect v5.99</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-5.99.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-03-05
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-5.99.tar.gz">OpenConnect v5.99</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-5.99.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-03-05
      <ul>
        <li>Add <a href="http://tools.ietf.org/html/rfc4226">RFC4226</a> HOTP token support.</li>
        <li>Tolerate servers closing connection uncleanly after HTTP/1.0 response <a href="https://bugs.launchpad.net/bugs/1225276"><i>(Ubuntu #1225276)</i></a>.</li>
@@ -346,14 +346,14 @@
        3.2.9+.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-5.03.tar.gz">OpenConnect v5.03</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-5.03.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-02-03
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-5.03.tar.gz">OpenConnect v5.03</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-5.03.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-02-03
      <ul>
        <li>Fix crash on <tt>--authenticate</tt> due to freeing <tt>--cafile</tt> option in <tt>argv</tt>.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-5.02.tar.gz">OpenConnect v5.02</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-5.02.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-01-01
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-5.02.tar.gz">OpenConnect v5.02</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-5.02.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-01-01
      <ul>
        <li>Fix XML POST issues with authgroups by falling back to old style login.</li>
        <li>Fix <tt>--cookie-on-stdin</tt> with cookies from ocserv.</li>
@@ -365,8 +365,8 @@
        <li>Fix possible heap overflow if MTU is increased on reconnection (CVE-2013-7098).</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-5.01.tar.gz">OpenConnect v5.01</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-5.01.tar.gz.asc">PGP signature</a>)</i> &#8212; 2013-06-01
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-5.01.tar.gz">OpenConnect v5.01</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-5.01.tar.gz.asc">PGP signature</a>)</i> &#8212; 2013-06-01
      <ul>
        <li>Attempt to handle <tt>&amp;lt;client-cert-request&amp;gt;</tt> in aggregate auth mode.</li>
        <li>Don't include <tt>X-Aggregate-Auth:</tt> header in fallback mode.</li>
@@ -379,8 +379,8 @@
        <li>Improve error handling when server closes connection <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708928"><i>(Debian #708928)</i></a>.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-5.00.tar.gz">OpenConnect v5.00</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-5.00.tar.gz.asc">PGP signature</a>)</i> &#8212; 2013-05-15
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-5.00.tar.gz">OpenConnect v5.00</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-5.00.tar.gz.asc">PGP signature</a>)</i> &#8212; 2013-05-15
      <ul>
        <li>Use GnuTLS by default instead of OpenSSL.</li>
        <li>Avoid using deprecated <tt>gnutls_pubkey_verify_data()</tt> function.</li>
@@ -391,16 +391,16 @@
        <li>Replace <tt>--stoken</tt> option with more generic <tt>--token-mode</tt> and <tt>--token-secret</tt> options.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.99.tar.gz">OpenConnect v4.99</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.99.tar.gz.asc">PGP signature</a>)</i> &#8212; 2013-02-07
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-4.99.tar.gz">OpenConnect v4.99</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-4.99.tar.gz.asc">PGP signature</a>)</i> &#8212; 2013-02-07
      <ul>
        <li>Add <tt>--os</tt> switch to report a different OS type to the gateway.</li>
        <li>Support new XML POST format.</li>
        <li>Add SecurID token support using <a href="http://stoken.sourceforge.net/">libstoken</a>.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.08.tar.gz">OpenConnect v4.08</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.08.tar.gz.asc">PGP signature</a>)</i> &#8212; 2013-02-13
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-4.08.tar.gz">OpenConnect v4.08</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-4.08.tar.gz.asc">PGP signature</a>)</i> &#8212; 2013-02-13
      <ul>
        <li>Fix overflow on HTTP request buffers (CVE-2012-6128)</li>
        <li>Fix connection to servers with round-robin DNS with two-stage auth/connect.</li>
@@ -409,23 +409,23 @@
        <li>Improve <tt>"Attempting to connect..."</tt> message to be explicit when it's connecting to a proxy.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.07.tar.gz">OpenConnect v4.07</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.07.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-08-31
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-4.07.tar.gz">OpenConnect v4.07</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-4.07.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-08-31
      <ul>
        <li>Fix segmentation fault when invoked with <tt>-p</tt> argument.</li>
        <li>Fix handling of write stalls on CSTP (TCP) socket.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.06.tar.gz">OpenConnect v4.06</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.06.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-07-23
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-4.06.tar.gz">OpenConnect v4.06</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-4.06.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-07-23
      <ul>
        <li>Fix default CA location for non-Fedora systems with old GnuTLS.</li>
        <li>Improve error handing when <tt>vpnc-script</tt> exits with error.</li>
        <li>Handle PKCS#11 tokens which won't list keys without login.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.05.tar.gz">OpenConnect v4.05</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.05.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-07-12
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-4.05.tar.gz">OpenConnect v4.05</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-4.05.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-07-12
      <ul>
        <li>Use correct CSD script for Mac OS X.</li>
        <li>Fix endless loop in PIN cache handling with multiple PKCS#11 tokens.</li>
@@ -434,14 +434,14 @@
        <li>Fix GnuTLS v3 build on OpenBSD.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.04.tar.gz">OpenConnect v4.04</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.04.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-07-05
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-4.04.tar.gz">OpenConnect v4.04</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-4.04.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-07-05
      <ul>
        <li>Fix GnuTLS password handling for PKCS#8 files.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.03.tar.gz">OpenConnect v4.03</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.03.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-07-02
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-4.03.tar.gz">OpenConnect v4.03</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-4.03.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-07-02
      <ul>
        <li>Fix <tt>--no-proxy</tt> option.</li>
        <li>Fix handling of requested vs. received MTU settings.</li>
@@ -450,14 +450,14 @@
        <li>Fix GnuTLS compatibilty issue with servers that insist on TLSv1.0 or non-AES ciphers <a href="https://bugzilla.redhat.com/show_bug.cgi?id=836558"><i>(RH#836558)</i></a>.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.02.tar.gz">OpenConnect v4.02</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.02.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-06-28
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-4.02.tar.gz">OpenConnect v4.02</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-4.02.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-06-28
      <ul>
        <li>Fix build failure due to unconditional inclusion of <tt>&amp;lt;gnutls/dtls.h&amp;gt;</tt>.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.01.tar.gz">OpenConnect v4.01</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.01.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-06-28
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-4.01.tar.gz">OpenConnect v4.01</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-4.01.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-06-28
      <ul>
        <li>Fix DTLS MTU issue with GnuTLS.</li>
        <li>Fix reconnect crash when compression is disabled.</li>
@@ -467,8 +467,8 @@
        <li>Fix <tt>openconnect.pc</tt> pkg-config file not to require <tt>zlib.pc</tt> on systems which lack it (like RHEL5).</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.00.tar.gz">OpenConnect v4.00</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.00.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-06-20
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-4.00.tar.gz">OpenConnect v4.00</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-4.00.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-06-20
      <ul>
        <li>Add support for OpenSSL's odd encrypted PKCS#1 files, for GnuTLS.</li>
        <li>Fix repeated passphrase retry for OpenSSL.</li>
@@ -477,8 +477,8 @@
        <li>Fix library references to OpenSSL's <tt>ERR_print_errors_cb()</tt> when built against GnuTLS v2.12.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.99.tar.gz">OpenConnect v3.99</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.99.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-06-13
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.99.tar.gz">OpenConnect v3.99</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-3.99.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-06-13
      <ul>
        <li>Enable native TPM support when built with GnuTLS.</li>
        <li>Enable PKCS#11 token support when built with GnuTLS.</li>
@@ -489,15 +489,15 @@
        <li>Add <tt>--with-pkgconfigdir=</tt> option to <tt>configure</tt> for FreeBSD's benefit <i><a href="https://bugs.freedesktop.org/show_bug.cgi?id=48743">(fd#48743)</a></i>.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.20.tar.gz">OpenConnect v3.20</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.20.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-05-18
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.20.tar.gz">OpenConnect v3.20</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-3.20.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-05-18
      <ul>
        <li>Cope with non-keepalive HTTP response on authentication success.</li>
        <li>Fix progress callback with incorrect <tt>cbdata</tt> which caused KDE crash.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.19.tar.gz">OpenConnect v3.19</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.19.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-05-17
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.19.tar.gz">OpenConnect v3.19</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-3.19.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-05-17
      <ul>
        <li>Add <tt>--config</tt> option for reading options from file.</li>
        <li>Improve OpenSSL DTLS compatibility to work on Ubuntu 10.04.</li>
@@ -510,15 +510,15 @@
        <li>Fix <tt>--non-inter</tt> option so it still uses login information from command line.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.18.tar.gz">OpenConnect v3.18</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.18.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-04-25
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.18.tar.gz">OpenConnect v3.18</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-3.18.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-04-25
      <ul>
        <li>Fix autohate breakage with <tt>--disable-nls</tt>... hopefully.</li>
        <li>Fix buffer overflow in banner handling.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.17.tar.gz">OpenConnect v3.17</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.17.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-04-20
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.17.tar.gz">OpenConnect v3.17</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-3.17.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-04-20
      <ul>
        <li>Work around <tt>time()</tt> brokenness on Solaris.</li>
        <li>Fix interface plumbing on Solaris 10.</li>
@@ -530,8 +530,8 @@
        <li>Invoke <tt>vpnc-script</tt> with "pre-init" reason to load tun module if necessary.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.16.tar.gz">OpenConnect v3.16</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.16.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-04-08
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.16.tar.gz">OpenConnect v3.16</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-3.16.tar.gz.asc">PGP signature</a>)</i> &#8212; 2012-04-08
      <ul>
        <li>Fix build failure on Debian/kFreeBSD and Hurd.</li>
        <li>Fix memory leak of deflated packets.</li>
@@ -544,15 +544,15 @@
        <li>Be more conservative in detecting libproxy without pkg-config.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.15.tar.gz">OpenConnect v3.15</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.15.tar.gz.asc">PGP signature</a>)</i> &#8212; 2011-11-25
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.15.tar.gz">OpenConnect v3.15</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-3.15.tar.gz.asc">PGP signature</a>)</i> &#8212; 2011-11-25
      <ul>
        <li>Fix for reading multiple packets from Solaris tun device.</li>
        <li>Call <tt>bindtextdomain()</tt> to ensure that translations are found in install path.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.14.tar.gz">OpenConnect v3.14</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.14.tar.gz.asc">PGP signature</a>)</i> &#8212; 2011-11-08
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.14.tar.gz">OpenConnect v3.14</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-3.14.tar.gz.asc">PGP signature</a>)</i> &#8212; 2011-11-08
      <ul>
        <li>Move executable to <tt>$prefix/sbin</tt>.</li>
        <li>Fix build issues on OSX, OpenIndiana, DragonFlyBSD, OpenBSD, FreeBSD &amp;amp; NetBSD.</li>
@@ -561,8 +561,8 @@
        <li>Attempt to make NLS support more portable (with fewer dependencies).</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.13.tar.gz">OpenConnect v3.13</a></b>
-     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.13.tar.gz.asc">PGP signature</a>)</i> &#8212; 2011-09-30
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.13.tar.gz">OpenConnect v3.13</a></b>
+     <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-3.13.tar.gz.asc">PGP signature</a>)</i> &#8212; 2011-09-30
      <ul>
        <li>Add <tt>--cert-expire-warning</tt> option.</li>
        <li>Give visible warning when server dislikes client SSL certificate.</li>
@@ -573,7 +573,7 @@
        <li>Fix various minor compiler warnings.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.12.tar.gz">OpenConnect v3.12</a></b> &#8212; 2011-09-12
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.12.tar.gz">OpenConnect v3.12</a></b> &#8212; 2011-09-12
      <ul>
        <li>Fix DTLS compatibility with ASA firmware 8.4.1(11) and above.</li>
        <li>Fix build failures on GNU Hurd, on systems with ancient OpenSSL,
@@ -582,7 +582,7 @@
        <li>Print SHA1 fingerprint with server certificate details.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.11.tar.gz">OpenConnect v3.11</a></b> &#8212; 2011-07-20
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.11.tar.gz">OpenConnect v3.11</a></b> &#8212; 2011-07-20
      <ul>
        <li>Add <tt>Android.mk</tt> file for Android build support</li>
        <li>Add logging support for Android, in place of standard <tt>syslog()</tt>.</li>
@@ -590,7 +590,7 @@
        <li>Make TPM support optional, dependent on OpenSSL ENGINE support.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.10.tar.gz">OpenConnect v3.10</a></b> &#8212; 2011-06-30
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.10.tar.gz">OpenConnect v3.10</a></b> &#8212; 2011-06-30
      <ul>
        <li>Switch to using GNU autoconf/automake/libtool.</li>
        <li>Produce shared library for authentication.</li>
@@ -600,19 +600,19 @@
        <li>Add <tt>--non-inter</tt> option to avoid all user input.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.02.tar.gz">OpenConnect v3.02</a></b> &#8212; 2011-04-19
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.02.tar.gz">OpenConnect v3.02</a></b> &#8212; 2011-04-19
      <ul>
        <li>Install man page in <tt>make install</tt> target.</li>
        <li>Add <tt>openconnect_vpninfo_free()</tt> to libopenconnect.</li>
        <li>Clear cached <tt>peer_addr</tt> to avoid reconnecting to wrong host.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.01.tar.gz">OpenConnect v3.01</a></b> &#8212; 2011-03-09
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.01.tar.gz">OpenConnect v3.01</a></b> &#8212; 2011-03-09
      <ul>
        <li>Add libxml2 to pkg-config requirements.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.00.tar.gz">OpenConnect v3.00</a></b> &#8212; 2011-03-09
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.00.tar.gz">OpenConnect v3.00</a></b> &#8212; 2011-03-09
      <ul>
        <li>Create libopenconnect.a for GUI authentication dialog to use.</li>
        <li>Remove auth-dialog, which now lives in the <a href="http://git.gnome.org/browse/network-manager-openconnect/">network-manager-openconnect</a> package.</li>
@@ -621,7 +621,7 @@
        <li>Report error and abort if CA file cannot be opened.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.26.tar.gz">OpenConnect v2.26</a></b> &#8212; 2010-09-22
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-2.26.tar.gz">OpenConnect v2.26</a></b> &#8212; 2010-09-22
      <ul>
        <li>Fix potential crash on relative HTTP redirect.</li>
        <li>Use correct TUN/TAP device node on Android.</li>
@@ -635,7 +635,7 @@
        <li>Never include address family prefix on <tt>script-tun</tt> connections.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.25.tar.gz">OpenConnect v2.25</a></b> &#8212; 2010-05-15
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-2.25.tar.gz">OpenConnect v2.25</a></b> &#8212; 2010-05-15
      <ul>
        <li>Always validate server certificate, even when no extra <tt>--cafile</tt> is provided.</li>
        <li>Add <tt>--no-cert-check</tt> option to avoid certificate validation.</li>
@@ -644,7 +644,7 @@
        <li>Fix libproxy detection on NetBSD.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.24.tar.gz">OpenConnect v2.24</a></b> &#8212; 2010-05-07
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-2.24.tar.gz">OpenConnect v2.24</a></b> &#8212; 2010-05-07
      <ul>
        <li>Forget preconfigured password after a single attempt; don't retry infinitely if it's failing.</li>
        <li>Set <tt>$CISCO_BANNER</tt> environment variable when running script.</li>
@@ -653,7 +653,7 @@
        <li>Fix DragonFly BSD build.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.23.tar.gz">OpenConnect v2.23</a></b> &#8212; 2010-04-09
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-2.23.tar.gz">OpenConnect v2.23</a></b> &#8212; 2010-04-09
      <ul>
        <li>Support "Cisco Secure Desktop" trojan in NetworkManager auth-dialog.</li>
        <li>Support proxy in NetworkManager auth-dialog.</li>
@@ -663,7 +663,7 @@
        <li>Improve workaround for server certificates lacking SSL_SERVER purpose, so that it also works with OpenSSL older than 0.9.8k.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.22.tar.gz">OpenConnect v2.22</a></b> &#8212; 2010-03-07
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-2.22.tar.gz">OpenConnect v2.22</a></b> &#8212; 2010-03-07
      <ul>
        <li>Fix bug handling port numbers above 9999.</li>
        <li>Ignore "<tt>Connection: Keep-Alive</tt>" in HTTP/1.0 to work around server bug with certificate authentication.</li>
@@ -675,13 +675,13 @@
        <li>Fix exit code with <tt>--background</tt> option.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.21.tar.gz">OpenConnect v2.21</a></b> &#8212; 2010-01-10
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-2.21.tar.gz">OpenConnect v2.21</a></b> &#8212; 2010-01-10
      <ul>
        <li>Fix handling of HTTP 1.0 responses with keepalive <a href="https://bugzilla.redhat.com/show_bug.cgi?id=553817"><i>(RH#553817)</i></a>.</li>
        <li>Fix case sensitivity in HTTP headers and hostname comparison on redirect.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.20.tar.gz">OpenConnect v2.20</a></b> &#8212; 2010-01-04
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-2.20.tar.gz">OpenConnect v2.20</a></b> &#8212; 2010-01-04
      <ul>
        <li>Fix use-after-free bug in NetworkManager authentication dialog <a href="https://bugzilla.redhat.com/show_bug.cgi?id=551665"><i>(RH#551665)</i></a>.</li>
        <li>Allow server to be specified with <tt>https://</tt> URL, including port and pathname (which Cisco calls 'UserGroup')</li>
@@ -690,14 +690,14 @@
        <li>Handle HTTP redirection with IPv6 literal addresses.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.12.tar.gz">OpenConnect v2.12</a></b> &#8212; 2009-12-07
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-2.12.tar.gz">OpenConnect v2.12</a></b> &#8212; 2009-12-07
      <ul>
        <li>Fix buffer overflow when generating useragent string.</li>
        <li>Cope with idiotic schizoDNS configurations by not repeating DNS lookup for VPN server on reconnects.</li>
        <li>Support DragonFlyBSD. Probably.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.11.tar.gz">OpenConnect v2.11</a></b> &#8212; 2009-11-17
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-2.11.tar.gz">OpenConnect v2.11</a></b> &#8212; 2009-11-17
      <ul>
        <li>Add IPv6 support for FreeBSD.</li>
        <li>Support "split tunnel" mode for IPv6 routing.</li>
@@ -705,7 +705,7 @@
 	   CSD trojan if a PKCS#12 certificate was used.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.10.tar.gz">OpenConnect v2.10</a></b> &#8212; 2009-11-04
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-2.10.tar.gz">OpenConnect v2.10</a></b> &#8212; 2009-11-04
      <ul>
        <li>OpenSolaris support.</li>
        <li>Preliminary support for IPv6 connectivity.</li>
@@ -717,7 +717,7 @@
        <li>Fix recognition of certificates from OpenSSL 1.0.0.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.01.tar.gz">OpenConnect v2.01</a></b> &#8212; 2009-06-24
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-2.01.tar.gz">OpenConnect v2.01</a></b> &#8212; 2009-06-24
      <ul>
        <li>Fix bug causing loss of DTLS (and lots of syslog spam about it)
 	   after a CSTP reconnection.</li>
@@ -728,7 +728,7 @@
 	   chain.</li>
      </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.00.tar.gz">OpenConnect v2.00</a></b> &#8212; 2009-06-03
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-2.00.tar.gz">OpenConnect v2.00</a></b> &#8212; 2009-06-03
       <ul>
 	<li>Add OpenBSD and FreeBSD support.</li>
 	<li>Build with OpenSSL-0.9.7 (Mac OS X, OpenBSD, etc.)</li>
@@ -741,7 +741,7 @@
 	<li>Fix segfault in NM auth-dialog when changing hosts.</li>
       </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.40.tar.gz">OpenConnect v1.40</a></b> &#8212; 2009-05-27
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-1.40.tar.gz">OpenConnect v1.40</a></b> &#8212; 2009-05-27
       <ul>
 	<li>Fix validation of server's SSL certificate when NetworkManager runs openconnect as an unprivileged user (which can't read the real user's trust chain file).</li>
 	<li>Fix double-free of DTLS Cipher option on reconnect.</li>
@@ -749,12 +749,12 @@
 	<li>Fix reporting of SSL errors through syslog/UI.</li>
       </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.30.tar.gz">OpenConnect v1.30</a></b> &#8212; 2009-05-13
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-1.30.tar.gz">OpenConnect v1.30</a></b> &#8212; 2009-05-13
       <ul>
 	<li>NetworkManager auth-dialog will now cache authentication form options.</li>
       </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.20.tar.gz">OpenConnect v1.20</a></b> &#8212; 2009-05-08
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-1.20.tar.gz">OpenConnect v1.20</a></b> &#8212; 2009-05-08
       <ul>
 	<li>DTLS cipher choice fixes.</li>
 	<li>Improve handling of authentication group selection.</li>
@@ -763,14 +763,14 @@
 	<li>Detect TCP connection closure.</li>
       </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.10.tar.gz">OpenConnect v1.10</a></b> &#8212; 2009-04-01
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-1.10.tar.gz">OpenConnect v1.10</a></b> &#8212; 2009-04-01
       <ul>
 	<li>NetworkManager UI rewrite with many improvements.</li>
 	<li>Support for "UserGroups" where a single server offers multiple
 	configurations according to the URL used to connect.</li>
       </ul><br/>
   </li>
-  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.00.tar.gz">OpenConnect v1.00</a></b> &#8212; 2009-03-18
+  <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-1.00.tar.gz">OpenConnect v1.00</a></b> &#8212; 2009-03-18
       <ul>
 	<li>First non-beta release.</li>
       </ul>
diff --git a/www/download.xml b/www/download.xml
index a742c4ac..a30eeba5 100644
--- a/www/download.xml
+++ b/www/download.xml
@@ -11,14 +11,14 @@
     	<h1>Download</h1>
 
 <p>Released versions of OpenConnect are available from the FTP site:</p>
-<ul><li><a href="ftp://ftp.infradead.org/pub/openconnect/"><tt>ftp://ftp.infradead.org/pub/openconnect/</tt></a></li></ul>
+<ul><li><a href="https://www.infradead.org/openconnect/download/"><tt>https://www.infradead.org/openconnect/download/</tt></a></li></ul>
 
 <p>Release tarballs (since 3.13) are signed with the PGP key with fingerprint <a href="https://pgp.mit.edu/pks/lookup?op=vindex&amp;search=0xBE07D9FD54809AB2C4B0FF5F63762CDA67E2F359">BE07 D9FD 5480 9AB2 C4B0  FF5F 6376 2CDA 67E2 F359</a>.</p>
 
 <p>
 <!-- latest-release-start -->
-The latest release is <a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.10.tar.gz">OpenConnect v8.10</a>
-<i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.10.tar.gz.asc">PGP signature</a>)</i>,
+The latest release is <a href="https://www.infradead.org/openconnect/download/openconnect-8.10.tar.gz">OpenConnect v8.10</a>
+<i>(<a href="https://www.infradead.org/openconnect/download/openconnect-8.10.tar.gz.asc">PGP signature</a>)</i>,
 released on 2020-05-14 with the following changelog:</p>
      <ul>
        <li>Install bash completion script to <tt>${datadir}/bash-completion/completions/openconnect</tt>.</li>
-- 
2.49.0