Update translations from Transifex

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add upload-pot make target

It happens automatically too, but sometimes it's useful to do it immediately,
for instance when preparing a release...

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add sanity check that libopenconnect matches the openconnect executable

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Move openconnect to sbin

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix HTML converter output in out-of-tree builds

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Build version.c correctly in out-of-tree builds

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Avoid use of $(wildcard) in version.c dependencies

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Don't remove version.c in distclean

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix GNUism in dependencies for version.c

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add OpenIndiana to supported platform list

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update changelog

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix Solaris/OpenIndiana warning: no previous declaration for 'local_strcasestr'

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove unneeded inclusion of <arpa/inet.h> from cstp.c and mainloop.c

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix OpenBSD build warning when printing off_t

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove all _xxx_SOURCE macros from source, do it in configure.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix NetBSD ctype warnings.

We have to cast to int via unsigned char. Ick.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix GNUism in po/Makefile.am handling of $(LINGUAS)

We can't use $(shell...). Make the configure script do it instead.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix GNUism in Makefile.am handling of NODISTHOOK

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Attempt to find zlib if no pkgconfig for it

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make version.sh find git metadata only for openconnect itself, not parent dirs

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Drop $(GETTEXT_PACKAGE) and just use $(PACKAGE)

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use AC_LINK_IFELSE to check for working NLS support

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix build with -ansi and without optimisation.

strdup(), strcasecmp(), vsyslog(), and other things need feature macros
defined. For some reason this only bites when optimisation is disabled.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update changelog

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Revamp NLS support. Drop intltool, code po/Makefile.am manually

Using $(shell ...) probably isn't portable, so may need to be expanded by
the configure script. But this is a start...

Using gettextize seemed to pull in a bunch of other crap; I'd rather just
disable NLS support on crappy platforms where the msgfmt tool doesn't exist,
or where dgettext() isn't even available in -lintl.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix out-of-source-tree invocation of version.sh

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix out-of-source-tree build of web pages

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove -Wundef and -Wmissing-noreturn from default CFLAGS

These just cause unwanted noise.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Attempt to build without NLS if intltool isn't available

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Pointers to translated strings must be const

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix arithmetic on void pointers in cstp.c

This is a gccism and not portable. And could have been dereferencing an
unaligned pointer too. Thanks to Florian Wobbe for pointing it out.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update translations from Transifex

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix newlines in nl translations

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update translations from Transifex

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make usage help output translatable

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add maintainer mode

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make more strings translatable

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix newlines in nl translations

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update translations from Transifex

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update translations from Transifex

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add update-translations make target

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tag version 3.13

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add openconnect_set_cert_expiry_warning() to library

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update translations from Transifex

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update changelog

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add --cert-expire-warning,-e option to set warning level

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make certificate expiry warning time variable (still default 60 days)

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Clean up DTLS Session-ID length warning

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Switch to using PNG image in web site. Android can't show SVG. Still!

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update transations from Transifex

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add OpenSuSE to distribution status list

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Man page update: clarify which fsid is used, forget Solaris tuntap IPv6 patch.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add links to manual page, don't number 'started' subpages

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix header on connecting page

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix up distro status page.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use automake for www/ directory

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update new web pages in release, not openconnect.html

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add new version of web pages

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Translatability fix for 'Discard bad split xxclude' message

Thanks to Jussi Kukkonen for pointing it out.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add Transifex config file so 'tx pull' works in any checkout.

Would be nicer if it worked anonymously rather than having to have an account.
For that see http://trac.transifex.org/ticket/740

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add (empty) translation files from Transifex

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add error message when SSL cert fails

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix build instructions on web page.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Reduce certificate warning to PRG_INFO

We're going to call back into the validate_peer_cert() function anyway.
Let it handle things properly.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Use dgettext() so the domain is always correct even in libopenconnect

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make user-visible strings translatable

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add translation support

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix libproxy build.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix DTLS-may-fail warning when built against OpenSSL 1.0.0e and run with older

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Update changelog

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Refactor xmlnode_msg() not to use server-provided string as asprintf() format.

auth.c: In function 'xmlnode_msg':
auth.c:287:2: warning: format not a string literal, argument types not checked [-Wformat-nonliteral]

There wasn't actually a problem here; we *were* vetting the string. But this
is cleaner and stops the compiler bitching.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix handling of vpninfo->ifname. Always strdup()

We don't actually free it; there will only be one instance during the whole
lifetime of the openconnect process. But stop the compiler bitching about it.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make in_ex and route args to process_split_xxclude const

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix another const char warning in start_cstp_connection()

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make vpninfo->quit_reason const to avoid compiler complaints

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Avoid unused 'autoproxy' variable when built without libproxy support.

If we change the way we detect and abort, we can *check* that variable
that the compiler is complaining about.

I just noticed that libproxy support isn't working; OPENCONNECT_LIBPROXY
is never being defined. Will fix that shortly...

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make 'base' arg to openconnect_create_useragent() const

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make usage() static to avoid compiler complaints

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix compiler warnings about constness of csd_argv[]

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make parse_xml_response() method and request_body_type args const

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make 'print_equals' string const to avoid compiler complaints

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix char pointers in check_certificate_expiry() to be const

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make match_cert_hostname() static to avoid compiler complaints

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Enable various compiler warnings

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Enable AM_SILENT_RULES so that warnings are more visible.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Clean up DTLS timer workaround to make it work with Debian OpenSSL, hopefully

The Debian libraries don't export dtls1_stop_timer() since it's supposed to
be an internal function. But thankfully I think we can do it manually. This
sucks; it means that a misguided attempt at restricting us has forced us
into poking at even *more* internal stuff than we ever wanted to. Yay Debian.

Try to make it slightly less insane by putting upper and lower bounds on
the versions for which we'll do it: We know that OpenSSL 1.0.0e and
above won't be resending the ChangeCipherSpec messages anyway, because
of the fix for OpenSSL RT#2505. I'm dubious about that being the correct
thing to do, but it's working and it matches the Cisco client so I'm going
to try not to think about it too hard.

Also stop *defining* SSL_OP_CISCO_ANYCONNECT for ourselves, and simply
refuse to build DTLS support if it's absent. That patch is merged into
OpenSSL long ago, so we are effectively requiring 0.9.8m or above.

That version is, by coincidence, also the first version where our own
dirty reimplementation of dtls1_stop_timer() is valid. If someone does
backport the Cisco compatibility patch to even-more-ancient OpenSSL than
that, they'd best make sure they backport the other fixes too.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tag version 3.12

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Print SHA1 fingerprint with server certificate details.

...so that it can be used with --servercert next time.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add --pid-file option

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix DTLS compatibility with ASA firmware 8.4.1(11) and above.

It seems to get very upset when we resend our ChangeCipherSpec messages,
as the RFC says we're supposed to do. Without a periodic resend, if the
original did get lost in transit, the server wouldn't be able to decrypt
any of our data packets.

Perhaps there's something "wrong" with our packets; the ChangeCipherSpec
messages is is one of the areas in which Cisco's "speshul" version of
DTLS differs from RFC4347. But the Cisco client doesn't seem to resend it
at all, ever. Making it hard to tell what Cisco want it to look like,
unless we wanted to reverse-engineer their code. Which we don't.

If Cisco get away without resending, I suppose we can, until/unless we
work it out. DPD should mostly let us get away with it, because if the
first packet *does* get lost, DPD will soon tell us that the DTLS
connection is dead and we'll make a new one. Sucks, but that's what you
get for using crappy not-quite-RFC-compliant kit. Yay Cisco. Why not join
us in 2006 and start using the proper standard? It's not even as if it'd
be hard to support both in parallel for a while.

Thanks to Eric Barkie for the initial diagnosis.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Changelog entry for build fixes

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix build failure with ancient OpenSSL lacking SSL_OP_NO_TICKET

If it doesn't support the ticket extension, that means we don't need
to stop it from *sending* the ticket extension...

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix build failure on GNU Hurd (Debian bug #637362)

Currently openconnect does not compile on hurd-i386. The problem is a
missing inclusion of sys/statfs.h in ssl.c. The inlined patch fixes
this issue.

Signed-off-by: svante.signell@telia.com
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add zlib to linker line to fix building on Debian

Signed-off-by: Ilia Kats <ilia-kats@gmx.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tag version 3.11

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Output to stderr too in Android's syslog_progress()

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Mention Android in supported platforms

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

android: fix typo in #include header

Signed-off-by: Jason Cooper <cyanogen@lakedaemon.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Android build support.

[dwmw2: Clean up file lists, define IF_TUN_HDR]

Signed-off-by: Jason Cooper <cyanogen@lakedaemon.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add Android logging support

[dwmw2: make it use the --syslog option instead of removing it]

Signed-off-by: Jason Cooper <cyanogen@lakedaemon.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>