Home Features Getting Started Mailing List / Help Contribute Protocols VPN Server

OpenConnect VPN client

About Supported Platforms Download Packages Changelog Licence

Changelog

For full changelog entries including the latest development, see gitweb.

• OpenConnect HEAD
  • No changelog entries yet
  
  
• OpenConnect v8.02 (PGP signature) — 2019-01-16
  • Fix GNU/Hurd build.
  • Discover vpnc-script in default packaged location on FreeBSD/OpenBSD.
  • Support split-exclude routes for GlobalProtect.
  • Fix GnuTLS builds without libtasn1.
  • Fix DTLS support with OpenSSL 1.1.1+.
  • Add Cisco-compatible DTLSv1.2 support.
  • Invoke script with reason=attempt-reconnect before doing so.
  
  
• OpenConnect v8.01 (PGP signature) — 2019-01-05
  • Fix memset_s() arguments.
  • Fix OpenBSD build.
  
  
• OpenConnect v8.00 (PGP signature) — 2019-01-05
  • Clear form submissions (which may include passwords) before freeing (CVE-2018-20319).
  • Allow form responses to be provided on command line.
  • Add support for SSL keys stored in TPM2.
  • Fix ESP rekey when replay protection is disabled.
  • Drop support for GnuTLS older than 3.2.10.
  • Fix --passwd-on-stdin for Windows to not forcibly open console.
  • Fix portability of shell scripts in test suite.
  • Add Google Authenticator TOTP support for Juniper.
  • Add RFC7469 key PIN support for cert hashes.
  • Add protocol method to securely log out the Juniper session.
  • Relax requirements for Juniper hostname packet response to support old gateways.
  • Add API functions to query the supported protocols.
  • Verify ESP sequence numbers and warn even if replay protection is disabled.
  • Add support for PAN GlobalProtect VPN protocol (--protocol=gp).
  • Reorganize listing of command-line options, and include information on supported protocols.
  • SIGTERM cleans up the session similarly to SIGINT.
  
  
• OpenConnect v7.08 (PGP signature) — 2016-12-13
  • Add SHA256 support for server cert hashes.
  • Enable DHE ciphers for Cisco DTLS.
  • Increase initial oNCP configuration buffer size.
  • Reopen CONIN$ when stdin is redirected on Windows.
  • Improve support for point-to-point routing on Windows.
  • Check for non-resumed DTLS sessions which may indicate a MiTM attack.
  • Add TUNIDX environment variable on Windows.
  • Fix compatibility with Pulse Secure 8.2R5.
  • Fix IPv6 support in Solaris.
  • Support DTLS automatic negotiation.
  • Support --key-password for GnuTLS PKCS#11 PIN.
  • Support automatic DTLS MTU detection with OpenSSL.
  • Drop support for combined GnuTLS/OpenSSL build.
  • Update OpenSSL to allow TLSv1.2, improve compatibility options.
  • Remove --no-cert-check option. It was being (mis)used.
  • Fix OpenSSL support for PKCS#11 EC keys without public key.
  • Support for final OpenSSL 1.1 release.
  • Fix polling/retry on "tun" socket when buffers full.
  • Fix AnyConnect server-side MTU setting.
  • Fix ESP replay detection.
  • Allow build with LibreSSL (for fetishists only; do not use this as DTLS is broken).
  • Add certificate torture test suite.
  • Support PKCS#11 PIN via pin-value= and --key-password for OpenSSL.
  • Fix integer overflow issues with ESP packet replay detection.
  • Add --pass-tos option as in OpenVPN.
  • Support rôle selection form in Juniper VPN.
  • Support DER-format certificates, add certificate format torture tests.
  • For OpenSSL >= 1.0.2, fix certificate validation when only an intermediate CA is specified with the --cafile option.
  • Support Juniper "Pre Sign-in Message".
  
  
• OpenConnect v7.07 (PGP signature) — 2016-07-11
  • More fixes for OpenSSL 1.1 build.
  • Support Juniper "Post Sign-in Message".
  • Add --protocol option.
  • Fix ChaCha20-Poly1305 cipher suite to reflect final standard.
  • Add ability to disable IPv6 support via library API.
  • Set groups appropriately when using setuid().
  • Automatic DTLS MTU detection.
  • Support SSL client certificate authentication with Juniper servers.
  • Revamp SSL certificate validation for OpenSSL and stop supporting OpenSSL older than 0.9.8.
  • Fix handling of multiple DNS search domains with Network Connect.
  • Fix handling of large configuration packets for Network Connect.
  • Enable SNI when built with OpenSSL (1.0.1g or later).
  • Add --resolve and --local-hostname options to command line.
  
  
• OpenConnect v7.06 (PGP signature) — 2015-03-17
  • Fix openconnect.pc breakage after liboath removal.
  • Refactor Juniper Network Connect receive loop.
  • Fix some memory leaks.
  • Add Bosnian translation.
  
  
• OpenConnect v7.05 (PGP signature) — 2015-03-10
  • Fix alignment issue which broke LZS compression on ARM etc.
  • Support HTTP authentication to servers, not just proxies.
  • Work around Yubikey issue with non-ASCII passphrase set on pre-KitKat Android.
  • Add SHA256/SHA512 support for OATH.
  • Remove liboath dependency.
  • Support DTLS v1.2 and AES-GCM with OpenSSL 1.0.2.
  • Add OpenSSL 1.0.2 to known-broken releases (RT#3703, RT#3711).
  • Fix build with OpenSSL HEAD (OpenSSL 1.1.x).
  • Preliminary support for Juniper SSL VPN.
  
  
• OpenConnect v7.04 (PGP signature) — 2015-01-25
  • Change default behaviour to enable only stateless compression.
  • Add --compression argument and openconnect_set_compression_mode().
  • Add support for LZS compression (compatible with latest Cisco ASA and ocserv).
  • Add support for LZ4 compression (compatible with ocserv).
  
  
• OpenConnect v7.03 (PGP signature) — 2015-01-09
  • Android build infrastructure updates, including 64-bit support.
  • Clean up handling of incoming packets.
  • Fix issue with two-stage (i.e. NetworkManager) connection to servers with trick DNS (RH#1179681).
  • Stop using static variables for received packets.
  
  
• OpenConnect v7.02 (PGP signature) — 2014-12-19
  • Add PKCS#11 support for OpenSSL.
  • Fix handling of select options in openconnect_set_option_value().
  
  
• OpenConnect v7.01 (PGP signature) — 2014-12-07
  • Try harder to find a PKCS#11 key to match a given certificate.
  • Handle 'Connection: close' from proxies correctly.
  • Warn when MTU is set too low (<1280) to permit IPv6 connectivity.
  • Add support for X-CSTP-DynDNS, to trigger DNS lookup on each reconnect.
  
  
• OpenConnect v7.00 (PGP signature) — 2014-11-27
  • Add support for GnuTLS 3.4 system: keys including Windows certificate store.
  • Add support for HOTP/TOTP keys from Yubikey NEO devices.
  • Add ---no-system-trust option to disable default certificate authorities.
  • Improve libiconv and libintl detection.
  • Stop calling setenv() from library functions.
  • Support utun driver on OS X.
  • Change library API so string ownership is never transferred.
  • Support new NDIS6 TAP-Windows driver shipped with OpenVPN 2.3.4.
  • Support using PSKC (RFC6030) token files for HOTP/TOTP tokens.
  • Support for updating HOTP token storage when token is used.
  • Support for reading OTP token data from a file.
  • Add full character set handling for legacy non-UTF8 systems (including Windows).
  • Fix legacy (i.e. not XML POST) submission of non-ASCII form entries (even in UTF-8 locales).
  • Add support for 32-bit Windows XP.
  • Avoid retrying without XML POST, when we failed to even reach the server.
  • Fix off-by-one in parameter substitution in error messages.
  • Improve reporting when GSSAPI auth requested but not compiled in.
  • Fix parsing of split include routes on Windows.
  • Fix crash on invocation with --token-mode but no --token-secret.
  
  
• OpenConnect v6.00 (PGP signature) — 2014-07-08
  • Support SOCKS proxy authentication (password, GSSAPI).
  • Support HTTP proxy authentication (Basic, Digest, NTLM and GSSAPI).
  • Download XML profile in XML POST mode.
  • Fix a couple of bugs involving DTLS rekeying.
  • Fix problems seen when building or connecting without DTLS enabled.
  • Fix tun error handling on Windows hosts.
  • Skip password prompts when using PKCS#8 and PKCS#12 certificates with empty passwords.
  • Fix several minor memory leaks and error paths.
  • Update several Android dependencies, and make the download process more robust.
  
  
• OpenConnect v5.99 (PGP signature) — 2014-03-05
  • Add RFC4226 HOTP token support.
  • Tolerate servers closing connection uncleanly after HTTP/1.0 response (Ubuntu #1225276).
  • Add support for IPv6 split tunnel configuration.
  • Add Windows support with MinGW (tested with both IPv6 and Legacy IP with latest vpnc-script-win.js)
  • Change library API to support updating the auth form when the authgroup is changed (Ubuntu #1229195).
  • Change --os mac to --os mac-intel, to match the identifier used by Cisco clients.
  • Add new API functions to support invoking the VPN mainloop directly from an application.
  • Add JNI interface and sample Java application.
  • Fix junk in --cookieonly output when CSD is enabled.
  • Enable TOTP, stoken, and JNI support in the Android builds.
  • Add --pfs option to enforce perfect forward secrecy.
  • Enable elliptic curves with GnuTLS 3.2.9+, where there is a workaround for certain firewalls that fail with client hellos between 256 and 512 bytes.
  • Add padding when sending password, to avoid leakage of password and username length.
  • Add support for DTLS 1.2 and AES-GCM when connecting to ocserv.
  • Add support for server name indication when compiled with GnuTLS 3.2.9+.
  
  
• OpenConnect v5.03 (PGP signature) — 2014-02-03
  • Fix crash on --authenticate due to freeing --cafile option in argv.
  
  
• OpenConnect v5.02 (PGP signature) — 2014-01-01
  • Fix XML POST issues with authgroups by falling back to old style login.
  • Fix --cookie-on-stdin with cookies from ocserv.
  • Fix reconnection to wrong host after redirect.
  • Reduce limit of queued packets on DTLS socket, to fix VoIP latency.
  • Fix Solaris build breakage due to missing <string.h> includes.
  • Include path in <group-access> node.
  • Include supporting CA certificates from PKCS#11 tokens (with GnuTLS 3.2.7+).
  • Fix possible heap overflow if MTU is increased on reconnection (CVE-2013-7098).
  
  
• OpenConnect v5.01 (PGP signature) — 2013-06-01
  • Attempt to handle <client-cert-request> in aggregate auth mode.
  • Don't include X-Aggregate-Auth: header in fallback mode.
  • Enable AES256 mode for DTLS with GnuTLS (RH#955710).
  • Add --dump-http-traffic option for debugging.
  • Be more permissive in parsing XML forms.
  • Use original URL when falling back to non-XML POST mode.
  • Add --no-xmlpost option to revert to older, compatible behaviour.
  • Close connection before falling back to non-xmlpost mode (RH#964650).
  • Improve error handling when server closes connection (Debian #708928).
  
  
• OpenConnect v5.00 (PGP signature) — 2013-05-15
  • Use GnuTLS by default instead of OpenSSL.
  • Avoid using deprecated gnutls_pubkey_verify_data() function.
  • Fix compatibility issues with XML POST authentication.
  • Fix memory leaks on realloc() failure.
  • Fix certificate validation problem caused by hostname canonicalisation.
  • Add RFC6238 TOTP token support using liboath.
  • Replace --stoken option with more generic --token-mode and --token-secret options.
  
  
• OpenConnect v4.99 (PGP signature) — 2013-02-07
  • Add --os switch to report a different OS type to the gateway.
  • Support new XML POST format.
  • Add SecurID token support using libstoken.
  
  
• OpenConnect v4.08 (PGP signature) — 2013-02-13
  • Fix overflow on HTTP request buffers (CVE-2012-6128)
  • Fix connection to servers with round-robin DNS with two-stage auth/connect.
  • Impose minimum MTU of 1280 bytes.
  • Fix some harmless issues reported by Coverity.
  • Improve "Attempting to connect..." message to be explicit when it's connecting to a proxy.
  
  
• OpenConnect v4.07 (PGP signature) — 2012-08-31
  • Fix segmentation fault when invoked with -p argument.
  • Fix handling of write stalls on CSTP (TCP) socket.
  
  
• OpenConnect v4.06 (PGP signature) — 2012-07-23
  • Fix default CA location for non-Fedora systems with old GnuTLS.
  • Improve error handing when vpnc-script exits with error.
  • Handle PKCS#11 tokens which won't list keys without login.
  
  
• OpenConnect v4.05 (PGP signature) — 2012-07-12
  • Use correct CSD script for Mac OS X.
  • Fix endless loop in PIN cache handling with multiple PKCS#11 tokens.
  • Fix PKCS#11 URI handling to preserve all attributes.
  • Don't forget key password on GUI reconnect.
  • Fix GnuTLS v3 build on OpenBSD.
  
  
• OpenConnect v4.04 (PGP signature) — 2012-07-05
  • Fix GnuTLS password handling for PKCS#8 files.
  
  
• OpenConnect v4.03 (PGP signature) — 2012-07-02
  • Fix --no-proxy option.
  • Fix handling of requested vs. received MTU settings.
  • Fix DTLS MTU for GnuTLS 3.0.21 and newer.
  • Support more ciphers for OpenSSL encrypted PEM keys, with GnuTLS.
  • Fix GnuTLS compatibilty issue with servers that insist on TLSv1.0 or non-AES ciphers (RH#836558).
  
  
• OpenConnect v4.02 (PGP signature) — 2012-06-28
  • Fix build failure due to unconditional inclusion of <gnutls/dtls.h>.
  
  
• OpenConnect v4.01 (PGP signature) — 2012-06-28
  • Fix DTLS MTU issue with GnuTLS.
  • Fix reconnect crash when compression is disabled.
  • Fix build on systems like FreeBSD 8 without O_CLOEXEC.
  • Add --dtls-local-port option.
  • Print correct error when /dev/net/tun cannot be opened.
  • Fix openconnect.pc pkg-config file not to require zlib.pc on systems which lack it (like RHEL5).
  
  
• OpenConnect v4.00 (PGP signature) — 2012-06-20
  • Add support for OpenSSL's odd encrypted PKCS#1 files, for GnuTLS.
  • Fix repeated passphrase retry for OpenSSL.
  • Add keystore support for Android.
  • Support TPM, and also additional checks on PKCS#11 certs, even with GnuTLS 2.12.
  • Fix library references to OpenSSL's ERR_print_errors_cb() when built against GnuTLS v2.12.
  
  
• OpenConnect v3.99 (PGP signature) — 2012-06-13
  • Enable native TPM support when built with GnuTLS.
  • Enable PKCS#11 token support when built with GnuTLS.
  • Eliminate all SSL library exposure through libopenconnect.
  • Parse split DNS information, provide $CISCO_SPLIT_DNS environment variable to vpnc-script.
  • Attempt to provide new-style MTU information to server (on Linux only, unless specified on command line).
  • Allow building against GnuTLS, including DTLS support.
  • Add --with-pkgconfigdir= option to configure for FreeBSD's benefit (fd#48743).
  
  
• OpenConnect v3.20 (PGP signature) — 2012-05-18
  • Cope with non-keepalive HTTP response on authentication success.
  • Fix progress callback with incorrect cbdata which caused KDE crash.
  
  
• OpenConnect v3.19 (PGP signature) — 2012-05-17
  • Add --config option for reading options from file.
  • Improve OpenSSL DTLS compatibility to work on Ubuntu 10.04.
  • Flush progress logging output promptly after each message.
  • Add symbol versioning for shared library (on sane platforms).
  • Add openconnect_set_cancel_fd() function to allow clean cancellation.
  • Fix corruption of URL in openconnect_parse_url() if it specifies a port number.
  • Fix inappropriate exit() calls from library code.
  • Library namespace cleanup — all symbols now have the prefix openconnect_ on platforms where symbol versioning works.
  • Fix --non-inter option so it still uses login information from command line.
  
  
• OpenConnect v3.18 (PGP signature) — 2012-04-25
  • Fix autohate breakage with --disable-nls... hopefully.
  • Fix buffer overflow in banner handling.
  
  
• OpenConnect v3.17 (PGP signature) — 2012-04-20
  • Work around time() brokenness on Solaris.
  • Fix interface plumbing on Solaris 10.
  • Provide asprintf() function for (unpatched) Solaris 10.
  • Make vpnc-script mandatory, like it is for vpnc
  • Don't set Legacy IP address on tun device; let vpnc-script do it.
  • Detect OpenSSL even without pkg-config.
  • Stop building static library by default.
  • Invoke vpnc-script with "pre-init" reason to load tun module if necessary.
  
  
• OpenConnect v3.16 (PGP signature) — 2012-04-08
  • Fix build failure on Debian/kFreeBSD and Hurd.
  • Fix memory leak of deflated packets.
  • Fix memory leak of zlib state on CSTP reconnect.
  • Eliminate memcpy() calls on packets from DTLS and tunnel device.
  • Use I_LINK instead of I_PLINK on Solaris to plumb interface for Legacy IP.
  • Plumb interface for IPv6 on Solaris, instead of expecting vpnc-script to do it.
  • Refer to vpnc-script and help web pages in openconnect output.
  • Fix potential crash when processing libproxy results.
  • Be more conservative in detecting libproxy without pkg-config.
  
  
• OpenConnect v3.15 (PGP signature) — 2011-11-25
  • Fix for reading multiple packets from Solaris tun device.
  • Call bindtextdomain() to ensure that translations are found in install path.
  
  
• OpenConnect v3.14 (PGP signature) — 2011-11-08
  • Move executable to $prefix/sbin.
  • Fix build issues on OSX, OpenIndiana, DragonFlyBSD, OpenBSD, FreeBSD & NetBSD.
  • Fix non-portable (void *) arithmetic.
  • Make more messages translatable.
  • Attempt to make NLS support more portable (with fewer dependencies).
  
  
• OpenConnect v3.13 (PGP signature) — 2011-09-30
  • Add --cert-expire-warning option.
  • Give visible warning when server dislikes client SSL certificate.
  • Add localisation support.
  • Fix build on Debian systems where dtls1_stop_timer() is not available.
  • Fix libproxy detection.
  • Enable a useful set of compiler warnings by default.
  • Fix various minor compiler warnings.
  
  
• OpenConnect v3.12 — 2011-09-12
  • Fix DTLS compatibility with ASA firmware 8.4.1(11) and above.
  • Fix build failures on GNU Hurd, on systems with ancient OpenSSL, and on Debian.
  • Add --pid-file option.
  • Print SHA1 fingerprint with server certificate details.
  
  
• OpenConnect v3.11 — 2011-07-20
  • Add Android.mk file for Android build support
  • Add logging support for Android, in place of standard syslog().
  • Switch back to using TLSv1, but without extensions.
  • Make TPM support optional, dependent on OpenSSL ENGINE support.
  
  
• OpenConnect v3.10 — 2011-06-30
  • Switch to using GNU autoconf/automake/libtool.
  • Produce shared library for authentication.
  • Improve library API to make life easier for C++ users.
  • Be more explicit about requiring pkg-config.
  • Invoke script with reason=reconnect on CSTP reconnect.
  • Add --non-inter option to avoid all user input.
  
  
• OpenConnect v3.02 — 2011-04-19
  • Install man page in make install target.
  • Add openconnect_vpninfo_free() to libopenconnect.
  • Clear cached peer_addr to avoid reconnecting to wrong host.
  
  
• OpenConnect v3.01 — 2011-03-09
  • Add libxml2 to pkg-config requirements.
  
  
• OpenConnect v3.00 — 2011-03-09
  • Create libopenconnect.a for GUI authentication dialog to use.
  • Remove auth-dialog, which now lives in the network-manager-openconnect package.
  • Cope with more entries in authentication forms.
  • Add --csd-wrapper option to wrap CSD trojan.
  • Report error and abort if CA file cannot be opened.
  
  
• OpenConnect v2.26 — 2010-09-22
  • Fix potential crash on relative HTTP redirect.
  • Use correct TUN/TAP device node on Android.
  • Check client certificate expiry date.
  • Implement CSTP and DTLS rekeying (both by reconnecting CSTP).
  • Add --force-dpd option to set minimum DPD interval.
  • Don't print webvpn cookie in debug output.
  • Fix host selection in NetworkManager auth dialog.
  • Use SSLv3 instead of TLSv1; some servers (or their firewalls) don't accept any ClientHello options.
  • Never include address family prefix on script-tun connections.
  
  
• OpenConnect v2.25 — 2010-05-15
  • Always validate server certificate, even when no extra --cafile is provided.
  • Add --no-cert-check option to avoid certificate validation.
  • Check server hostname against its certificate.
  • Provide text-mode function for reviewing and accepting "invalid" certificates.
  • Fix libproxy detection on NetBSD.
  
  
• OpenConnect v2.24 — 2010-05-07
  • Forget preconfigured password after a single attempt; don't retry infinitely if it's failing.
  • Set $CISCO_BANNER environment variable when running script.
  • Better handling of passphrase failure on certificate files.
  • Fix NetBSD build (thanks to Pouya D. Tafti).
  • Fix DragonFly BSD build.
  
  
• OpenConnect v2.23 — 2010-04-09
  • Support "Cisco Secure Desktop" trojan in NetworkManager auth-dialog.
  • Support proxy in NetworkManager auth-dialog.
  • Add --no-http-keepalive option to work around Cisco's incompetence.
  • Fix build on Debian/kFreeBSD.
  • Fix crash on receiving HTTP 404 error.
  • Improve workaround for server certificates lacking SSL_SERVER purpose, so that it also works with OpenSSL older than 0.9.8k.
  
  
• OpenConnect v2.22 — 2010-03-07
  • Fix bug handling port numbers above 9999.
  • Ignore "Connection: Keep-Alive" in HTTP/1.0 to work around server bug with certificate authentication.
  • Handle non-standard port (and full URLs) when used with NetworkManager.
  • Cope with relative redirect and form URLs.
  • Allocate HTTP receive buffer dynamically, to cope with arbitrary size of content.
  • Fix server cert SHA1 comparison to be case-insensitive.
  • Fix build on Solaris and OSX (strndup(), AI_NUMERICSERV).
  • Fix exit code with --background option.
  
  
• OpenConnect v2.21 — 2010-01-10
  • Fix handling of HTTP 1.0 responses with keepalive (RH#553817).
  • Fix case sensitivity in HTTP headers and hostname comparison on redirect.
  
  
• OpenConnect v2.20 — 2010-01-04
  • Fix use-after-free bug in NetworkManager authentication dialog (RH#551665).
  • Allow server to be specified with https:// URL, including port and pathname (which Cisco calls 'UserGroup')
  • Support connection through HTTP and SOCKS proxies.
  • Handle HTTP redirection with port numbers.
  • Handle HTTP redirection with IPv6 literal addresses.
  
  
• OpenConnect v2.12 — 2009-12-07
  • Fix buffer overflow when generating useragent string.
  • Cope with idiotic schizoDNS configurations by not repeating DNS lookup for VPN server on reconnects.
  • Support DragonFlyBSD. Probably.
  
  
• OpenConnect v2.11 — 2009-11-17
  • Add IPv6 support for FreeBSD.
  • Support "split tunnel" mode for IPv6 routing.
  • Fix bug where client certificate's MD5 was only given to the CSD trojan if a PKCS#12 certificate was used.
  
  
• OpenConnect v2.10 — 2009-11-04
  • OpenSolaris support.
  • Preliminary support for IPv6 connectivity.
  • Fix session shutdown on exit.
  • Fix reconnection when TCP connection is closed.
  • Support for "Cisco Secure Desktop" idiocy.
  • Allow User-Agent: to be specified on command line.
  • Fix session termination on disconnect.
  • Fix recognition of certificates from OpenSSL 1.0.0.
  
  
• OpenConnect v2.01 — 2009-06-24
  • Fix bug causing loss of DTLS (and lots of syslog spam about it) after a CSTP reconnection.
  • Don't apply OpenSSL certificate chain workaround if we already have "extra" certificates loaded (e.g. from a PKCS#12 file).
  • Load "extra" certificates from .pem files too.
  • Fix SEGV caused by freeing certificates after processing cert chain.
  
  
• OpenConnect v2.00 — 2009-06-03
  • Add OpenBSD and FreeBSD support.
  • Build with OpenSSL-0.9.7 (Mac OS X, OpenBSD, etc.)
  • Support PKCS#12 certificates.
  • Automatic detection of certificate type (PKCS#12, PEM, TPM).
  • Work around OpenSSL trust chain issues (RT#1942).
  • Allow PEM passphrase to be specified on command line.
  • Allow PEM passphrase automatically generated from the fsid of the file system on which the certificate is stored.
  • Fix certificate comparisons (in NM auth-dialog and --servercert option) to use SHA1 fingerprint, not signature.
  • Fix segfault in NM auth-dialog when changing hosts.
  
  
• OpenConnect v1.40 — 2009-05-27
  • Fix validation of server's SSL certificate when NetworkManager runs openconnect as an unprivileged user (which can't read the real user's trust chain file).
  • Fix double-free of DTLS Cipher option on reconnect.
  • Reconnect on SSL write errors
  • Fix reporting of SSL errors through syslog/UI.
  
  
• OpenConnect v1.30 — 2009-05-13
  • NetworkManager auth-dialog will now cache authentication form options.
  
  
• OpenConnect v1.20 — 2009-05-08
  • DTLS cipher choice fixes.
  • Improve handling of authentication group selection.
  • Export more information to connection script.
  • Add --background option to dæmonize after connection.
  • Detect TCP connection closure.
  
  
• OpenConnect v1.10 — 2009-04-01
  • NetworkManager UI rewrite with many improvements.
  • Support for "UserGroups" where a single server offers multiple configurations according to the URL used to connect.
  
  
• OpenConnect v1.00 — 2009-03-18
  • First non-beta release.