http:// -> https://

I have left out: - sites that have not moved to HTTPS - URLs found in XML and SVG files Signed-off-by: Dimitri Papadopoulos <3350651+DimitriPapadopoulos@users.noreply.gitlab.com>
sailfishos-mirror · Jun 27, 2021 · 0ae6852 · 0ae6852
1 parent e2434fe
commit 0ae6852
Show file tree

Hide file tree

Showing 28 changed files with 58 additions and 58 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # OpenConnect
 
-OpenConnect is an SSL VPN client initially created to support [Cisco's AnyConnect SSL VPN](http://www.cisco.com/go/asm).
+OpenConnect is an SSL VPN client initially created to support [Cisco's AnyConnect SSL VPN](https://www.cisco.com/go/asm).
 
 It has since been ported to support the Juniper SSL VPN (which is now known as [Pulse Connect Secure](https://www.pulsesecure.net/products/connect-secure/)),
 the [Palo Alto Networks GlobalProtect SSL VPN](https://www.paloaltonetworks.com/features/vpn)

diff --git a/acinclude.m4 b/acinclude.m4
@@ -61,7 +61,7 @@ AC_DEFUN([AS_COMPILER_FLAGS],
 ])
 
 # ===========================================================================
-#    http://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html
+#    https://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html
 # ===========================================================================
 #
 # SYNOPSIS

diff --git a/android/Makefile b/android/Makefile
@@ -292,7 +292,7 @@ stoken: $(STOKEN_DEPS)
 #
 # Build liboath
 #
-# http://download.savannah.nongnu.org/releases/oath-toolkit/
+# https://download.savannah.nongnu.org/releases/oath-toolkit/
 OATH_VER := 2.6.7
 OATH_TAR := oath-toolkit-$(OATH_VER).tar.gz
 OATH_SHA := 36eddfce8f2f36347fb257dbf878ba0303a2eaafe24eaa071d5cd302261046a9

diff --git a/compat.c b/compat.c
@@ -301,7 +301,7 @@ int openconnect__win32_inet_pton(int af, const char *src, void *dst)
 	 * inet_aton() (and WSAStringToAddress()) will support, but
 	 * which inet_pton() should not. Not to mention the fact that
 	 * Wine's implementation will even succeed for strings like
-	 * "2001::1" (http://bugs.winehq.org/show_bug.cgi?id=36991) */
+	 * "2001::1" (https://bugs.winehq.org/show_bug.cgi?id=36991) */
 	if (af == AF_INET) {
 		char canon[16];
 		unsigned char *a = (unsigned char *)&sa.s4.sin_addr;
@@ -417,7 +417,7 @@ OPENCONNECT_CMD_SOCKET dumb_socketpair(OPENCONNECT_CMD_SOCKET socks[2], int make
         if  (getsockname(listener, &a.addr, &addrlen) == SOCKET_ERROR)
             break;
         // win32 getsockname may only set the port number, p=0.0005.
-        // ( http://msdn.microsoft.com/library/ms738543.aspx ):
+        // ( https://docs.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-getsockname ):
         a.inaddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
         a.inaddr.sin_family = AF_INET;
 

diff --git a/gnutls.c b/gnutls.c
@@ -381,7 +381,7 @@ static int check_certificate_expiry(struct openconnect_info *vpninfo, struct cer
 		/*
 		 * Windows doesn't have gmtime_r but apparently its gmtime()
 		 * *is* thread-safe because it uses a per-thread static buffer.
-		 * cf. http://sourceforge.net/p/mingw/bugs/1625/
+		 * cf. https://sourceforge.net/p/mingw/bugs/1625/
 		 *
 		 * We also explicitly say 'GMT' because %Z would give us the
 		 * Microsoft stupidity "GMT Standard Time". Which is not only
@@ -2310,7 +2310,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
 	* is specified.
 	*
 	* Discussion:
-	* http://www.ietf.org/mail-archive/web/tls/current/msg10423.html
+	* https://www.ietf.org/mail-archive/web/tls/current/msg10423.html
 	*
 	* GnuTLS commits:
 	* b6d29bb1737f96ac44a8ef9cc9fe7f9837e20465

diff --git a/java/README b/java/README
@@ -19,4 +19,4 @@ non-root user and it should be pingable from across the VPN.
 Test/demo code is in src/com/example/
 OpenConnect wrapper library is in src/org/infradead/libopenconnect/
 
-[1] http://repo.or.cz/w/ocproxy.git
+[1] https://repo.or.cz/w/ocproxy.git
diff --git a/jni.c b/jni.c
@@ -75,7 +75,7 @@ static jstring dup_to_jstring(JNIEnv *jenv, const char *in)
 	/*
 	 * Many implementations of NewStringUTF() will return NULL on
 	 * NULL input, but that isn't guaranteed:
-	 * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35979
+	 * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=35979
 	 */
 	return in ? (*jenv)->NewStringUTF(jenv, in) : NULL;
 }

diff --git a/main.c b/main.c
@@ -140,7 +140,7 @@ static void __attribute__ ((format(printf, 3, 4)))
 #elif defined(_WIN32) || defined(__native_client__)
 /*
  * FIXME: Perhaps we could implement syslog_progress() using these APIs:
- * http://msdn.microsoft.com/en-us/library/windows/desktop/aa364148%28v=vs.85%29.aspx
+ * https://docs.microsoft.com/en-us/windows/win32/etw/tracing-events
  */
 #else /* !__ANDROID__ && !_WIN32 && !__native_client__ */
 #include <syslog.h>

diff --git a/openconnect.nsi.in b/openconnect.nsi.in
@@ -3,7 +3,7 @@
 # This is an NSIS Installer Command Script generated automatically
 # by the Fedora nsiswrapper program.  For more information see:
 #
-#   http://fedoraproject.org/wiki/MinGW
+#   https://fedoraproject.org/wiki/MinGW
 #
 # To build an installer from the script you would normally do:
 #

diff --git a/openssl.c b/openssl.c
@@ -1920,7 +1920,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
 	 * packets by silently disabling extensions such as SNI.
 	 *
 	 * Discussion:
-	 * http://www.ietf.org/mail-archive/web/tls/current/msg10423.html
+	 * https://www.ietf.org/mail-archive/web/tls/current/msg10423.html
 	 *
 	 * OpenSSL commits:
 	 * 4fcdd66fff5fea0cfa1055c6680a76a4303f28a2

diff --git a/ssl.c b/ssl.c
@@ -127,7 +127,7 @@ static int cancellable_connect(struct openconnect_info *vpninfo, int sockfd,
 		 !vpninfo->got_pause_cmd);
 
 	/* Check whether connect() succeeded or failed by using
-	   getpeername(). See http://cr.yp.to/docs/connect.html */
+	   getpeername(). See https://cr.yp.to/docs/connect.html */
 	if (!getpeername(sockfd, (void *)&peer, &peerlen))
 		return 0;
 

diff --git a/www/anyconnect.xml b/www/anyconnect.xml
@@ -13,7 +13,7 @@
 <h2>How the VPN works</h2>
 
 <p>The VPN is extremely simple, based almost entirely on the standard
-HTTPS and <a href="http://www.rfc-editor.org/rfc/rfc4347.txt">DTLS</a>
+HTTPS and <a href="https://www.rfc-editor.org/rfc/rfc4347.txt">DTLS</a>
 protocols. You connect to the secure web server, authenticate using
 certificates and/or arbitrary web forms, and you are rewarded with a
 standard HTTP cookie named <tt>webvpn</tt>.</p>

diff --git a/www/building.xml b/www/building.xml
@@ -28,13 +28,13 @@ libraries and tools installed:</p>
 </ul>
 And <em>optionally</em> also:
 <ul>
-  <li><b><tt><a href="http://p11-glue.freedesktop.org/p11-kit.html">p11-kit</a></tt></b> <i>(for PKCS#11 support)</i></li>
+  <li><b><tt><a href="https://p11-glue.github.io/p11-glue/p11-kit.html">p11-kit</a></tt></b> <i>(for PKCS#11 support)</i></li>
   <li><b><tt><a href="https://github.com/OpenSC/libp11/wiki">libp11</a></tt></b> <i>(also needed for PKCS#11 support if using OpenSSL)</i></li>
-  <li><b><tt><a href="http://code.google.com/p/libproxy/">libproxy</a></tt></b></li>
+  <li><b><tt><a href="https://code.google.com/archive/p/libproxy/">libproxy</a></tt></b></li>
   <li><b><tt><a href="http://trousers.sourceforge.net/">trousers</a></tt></b> <i>(for TPMv1 support if using GnuTLS)</i></li>
-  <li><b><tt><a href="https://www.gnu.org/software/libtasn1/">libtasn1</a></tt></b> and <em>either</em> <b><tt><a href="https://github.com/tpm2-software/tpm2-tss">tss2-esys</a></tt></b> or <b><tt><a href="http://sourceforge.net/projects/ibmtpm20tss/">IBM's TPM 2.0 TSS</a></tt></b>. <i>(for TPMv2 support if using GnuTLS)</i></li>
-  <li><b><tt><a href="http://stoken.sourceforge.net/">libstoken</a></tt></b> <i>(for SecurID software token support)</i></li>
-  <li><b><tt><a href="http://www.nongnu.org/oath-toolkit/">libpskc</a></tt></b> <i>(for RFC6030 PSKC file storage of HOTP/TOTP keys)</i></li>
+  <li><b><tt><a href="https://www.gnu.org/software/libtasn1/">libtasn1</a></tt></b> and <em>either</em> <b><tt><a href="https://github.com/tpm2-software/tpm2-tss">tss2-esys</a></tt></b> or <b><tt><a href="https://sourceforge.net/projects/ibmtpm20tss/">IBM's TPM 2.0 TSS</a></tt></b>. <i>(for TPMv2 support if using GnuTLS)</i></li>
+  <li><b><tt><a href="http://stoken.sf.net/">libstoken</a></tt></b> <i>(for SecurID software token support)</i></li>
+  <li><b><tt><a href="https://www.nongnu.org/oath-toolkit/">libpskc</a></tt></b> <i>(for RFC6030 PSKC file storage of HOTP/TOTP keys)</i></li>
   <li><b><tt><a href="https://pcsclite.alioth.debian.org/pcsclite.html">libpcsclite</a></tt></b> <i>(for Yubikey hardware HOTP/HOTP support)</i></li>
 </ul>
 <p>OpenConnect supports the use of HTTP and SOCKS proxies to connect to the
@@ -118,7 +118,7 @@ require additional kernel modules to be installed.</p>
 <p>Solaris/OpenIndiana users will need the <a href="http://www.whiteboard.ne.jp/~admin2/tuntap/">Solaris TAP driver</a>.
 Note that for IPv6 support, the Solaris tun/tap driver from 16th Nov 2009 or newer is required.</p>
 
-<p>On Windows, version 9.9 or later of the <a href="https://community.openvpn.net/openvpn/wiki/ManagingWindowsTAPDrivers">TAP-Windows driver</a> from the <a href="http://www.openvpn.net/">OpenVPN project</a> is required. The easiest way to install the driver is to use the Windows installer from the <a href="http://openvpn.net/index.php/download/community-downloads.html">Community Downloads page</a>. The 64-bit installer contains signed drivers suitable for use on Windows 7 and later versions.</p>
+<p>On Windows, version 9.9 or later of the <a href="https://community.openvpn.net/openvpn/wiki/ManagingWindowsTAPDrivers">TAP-Windows driver</a> from the <a href="https://openvpn.net/">OpenVPN project</a> is required. The easiest way to install the driver is to use the Windows installer from the <a href="https://openvpn.net/index.php/download/community-downloads.html">Community Downloads page</a>. The 64-bit installer contains signed drivers suitable for use on Windows 7 and later versions.</p>
 
 	<INCLUDE file="inc/footer.tmpl" />
 </PAGE>

diff --git a/www/changelog.xml b/www/changelog.xml
@@ -241,7 +241,7 @@
      <ul>
        <li>Fix alignment issue which broke LZS compression on ARM etc.</li>
        <li>Support HTTP authentication to servers, not just proxies.</li>
-       <li>Work around Yubikey <a href="http://forum.yubico.com/viewtopic.php?f=26&amp;t=1601#p6807">issue</a> with non-ASCII passphrase set on pre-KitKat Android.</li>
+       <li>Work around Yubikey <a href="https://forum.yubico.com/viewtopic.php?f=26&amp;t=1601#p6807">issue</a> with non-ASCII passphrase set on pre-KitKat Android.</li>
        <li>Add SHA256/SHA512 support for OATH.</li>
        <li>Remove liboath dependency.</li>
        <li>Support DTLS v1.2 and AES-GCM with OpenSSL 1.0.2.</li>
@@ -296,7 +296,7 @@
        <li>Support <tt>utun</tt> driver on OS X.</li>
        <li>Change library API so string ownership is never transferred.</li>
        <li>Support new NDIS6 TAP-Windows driver shipped with OpenVPN 2.3.4.</li>
-       <li>Support using PSKC <i>(<a href="http://tools.ietf.org/html/rfc6030">RFC6030</a>)</i> token files for HOTP/TOTP tokens.</li>
+       <li>Support using PSKC <i>(<a href="https://tools.ietf.org/html/rfc6030">RFC6030</a>)</i> token files for HOTP/TOTP tokens.</li>
        <li>Support for updating HOTP token storage when token is used.</li>
        <li>Support for reading OTP token data from a file.</li>
        <li>Add full <a href="charset.html">character set handling</a> for legacy non-UTF8 systems <i>(including Windows)</i>.</li>
@@ -326,7 +326,7 @@
   <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-5.99.tar.gz">OpenConnect v5.99</a></b>
      <i>(<a href="https://www.infradead.org/openconnect/download/openconnect-5.99.tar.gz.asc">PGP signature</a>)</i> &#8212; 2014-03-05
      <ul>
-       <li>Add <a href="http://tools.ietf.org/html/rfc4226">RFC4226</a> HOTP token support.</li>
+       <li>Add <a href="https://tools.ietf.org/html/rfc4226">RFC4226</a> HOTP token support.</li>
        <li>Tolerate servers closing connection uncleanly after HTTP/1.0 response <a href="https://bugs.launchpad.net/bugs/1225276"><i>(Ubuntu #1225276)</i></a>.</li>
        <li>Add support for IPv6 split tunnel configuration.</li>
        <li>Add Windows support with MinGW <i>(tested with both IPv6 and Legacy IP with latest <a href="https://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script-win.js">vpnc-script-win.js</a>)</i></li>
@@ -377,7 +377,7 @@
        <li>Use original URL when falling back to non-XML POST mode.</li>
        <li>Add <tt>--no-xmlpost</tt> option to revert to older, compatible behaviour.</li>
        <li>Close connection before falling back to non-xmlpost mode <a href="https://bugzilla.redhat.com/show_bug.cgi?id=964650"><i>(RH#964650)</i></a>.</li>
-       <li>Improve error handling when server closes connection <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708928"><i>(Debian #708928)</i></a>.</li>
+       <li>Improve error handling when server closes connection <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708928"><i>(Debian #708928)</i></a>.</li>
      </ul><br/>
   </li>
   <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-5.00.tar.gz">OpenConnect v5.00</a></b>
@@ -388,7 +388,7 @@
        <li>Fix compatibility issues with XML POST authentication.</li>
        <li>Fix memory leaks on <tt>realloc()</tt> failure.</li>
        <li>Fix certificate validation problem caused by hostname canonicalisation.</li>
-       <li>Add <a href="http://tools.ietf.org/html/rfc6238">RFC6238</a> TOTP token support using <a href="http://www.nongnu.org/oath-toolkit/">liboath</a>.</li>
+       <li>Add <a href="https://tools.ietf.org/html/rfc6238">RFC6238</a> TOTP token support using <a href="https://www.nongnu.org/oath-toolkit/">liboath</a>.</li>
        <li>Replace <tt>--stoken</tt> option with more generic <tt>--token-mode</tt> and <tt>--token-secret</tt> options.</li>
      </ul><br/>
   </li>
@@ -397,7 +397,7 @@
      <ul>
        <li>Add <tt>--os</tt> switch to report a different OS type to the gateway.</li>
        <li>Support new XML POST format.</li>
-       <li>Add SecurID token support using <a href="http://stoken.sourceforge.net/">libstoken</a>.</li>
+       <li>Add SecurID token support using <a href="http://stoken.sf.net/">libstoken</a>.</li>
      </ul><br/>
   </li>
   <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-4.08.tar.gz">OpenConnect v4.08</a></b>
@@ -616,7 +616,7 @@
   <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-3.00.tar.gz">OpenConnect v3.00</a></b> &#8212; 2011-03-09
      <ul>
        <li>Create libopenconnect.a for GUI authentication dialog to use.</li>
-       <li>Remove auth-dialog, which now lives in the <a href="http://git.gnome.org/browse/network-manager-openconnect/">network-manager-openconnect</a> package.</li>
+       <li>Remove auth-dialog, which now lives in the <a href="https://gitlab.gnome.org/GNOME/NetworkManager-openconnect">network-manager-openconnect</a> package.</li>
        <li>Cope with more entries in authentication forms.</li>
        <li>Add <tt>--csd-wrapper</tt> option to wrap CSD trojan.</li>
        <li>Report error and abort if CA file cannot be opened.</li>

diff --git a/www/features.xml b/www/features.xml
@@ -10,11 +10,11 @@
 	<h1>Features</h1>
 
 <ul>
-  <li>Connection through HTTP proxy, including <a href="http://code.google.com/p/libproxy/">libproxy</a> support for automatic proxy configuration.</li>
+  <li>Connection through HTTP proxy, including <a href="https://code.google.com/archive/p/libproxy/">libproxy</a> support for automatic proxy configuration.</li>
   <li>Connection through SOCKS5 proxy.</li>
   <li>Automatic detection of IPv4 and IPv6 address, routes.</li>
   <li>Authentication via HTTP forms.</li>
-  <li>Authentication using SSL certificates &#8212; from local file, <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">Trusted Platform Module</a> and PKCS#11 smartcards.</li>
+  <li>Authentication using SSL certificates &#8212; from local file, <a href="https://en.wikipedia.org/wiki/Trusted_Platform_Module">Trusted Platform Module</a> and PKCS#11 smartcards.</li>
   <li>Authentication using SecurID software tokens <i>(when built with libstoken)</i></li>
   <li>Authentication using OATH TOTP or HOTP software tokens.</li>
   <li>Authentication using Yubikey OATH tokens <i>(when built with libpcsclite)</i></li>

diff --git a/www/gui.xml b/www/gui.xml
@@ -14,15 +14,15 @@
 
 <p>Support for OpenConnect in NetworkManager has been integrated into
 GNOME git and is released alongside NetworkManager's other VPN modules:
-<a href="http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openconnect/">
-http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openconnect/</a>.</p>
+<a href="https://download.gnome.org/sources/NetworkManager-openconnect/">
+https://download.gnome.org/sources/NetworkManager-openconnect/</a>.</p>
 
 <p>OpenConnect is also supported in KDE Plasma NM as well as the older
 widget-based NetworkManagement applet.</p>
 
 <h2>ConnMan</h2>
 
-<p><a href="http://connman.net/">ConnMan</a> has core OpenConnect functionality
+<p><a href="https://01.org/connman">ConnMan</a> has core OpenConnect functionality
 as from version 0.48, and the corresponding support is also in the
 <a href="http://meego.gitorious.org/meego-netbook-ux/meego-panel-networks">meego-panel-networks</a>
 user interface. Other ConnMan UI front ends may lack VPN support.</p>

diff --git a/www/images/openconnect.svg b/www/images/openconnect.svg
diff --git a/www/index.xml b/www/index.xml
@@ -39,8 +39,8 @@ written.</p>
 <p>Development of OpenConnect was started after a trial of the Cisco AnyConnect
 client under Linux found it to have many deficiencies:</p>
 <ul>
-  <li>Inability to use SSL certificates from a <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">TPM</a> or
-  <a href="http://en.wikipedia.org/wiki/PKCS11">PKCS#11</a> smartcard, or even use a passphrase.</li>
+  <li>Inability to use SSL certificates from a <a href="https://en.wikipedia.org/wiki/Trusted_Platform_Module">TPM</a> or
+  <a href="https://en.wikipedia.org/wiki/PKCS11">PKCS#11</a> smartcard, or even use a passphrase.</li>
   <li>Lack of support for Linux platforms other than i386.</li>
   <li>Lack of integration with NetworkManager on the Linux desktop.</li>
   <li>Lack of proper (RPM/DEB) packaging for Linux distributions.</li>

diff --git a/www/mail.xml b/www/mail.xml
@@ -59,7 +59,7 @@
 
 	<p>There is also an IRC channel
 	<a href="ircs://irc.oftc.net:6697/#openconnect"><tt>#openconnect</tt></a>
-	on the <a HREF="http://www.oftc.net/">OFTC</a> network. You can access it via the
+	on the <a href="https://www.oftc.net/">OFTC</a> network. You can access it via the
 	<a href="https://webchat.oftc.net/">OFTC webchat</a> if you don't have an
 	IRC client.</p>
 

diff --git a/www/nonroot.xml b/www/nonroot.xml
@@ -58,7 +58,7 @@ modify the system's network configuration.  Instead, OpenConnect can
 spawn a user-supplied program, passing all data traffic through a UNIX
 socket to that program.</p>
 <p>This option can be used in conjunction with a userspace TCP stack
-such as <a href="http://savannah.nongnu.org/projects/lwip/">lwip</a>
+such as <a href="https://savannah.nongnu.org/projects/lwip/">lwip</a>
 to provide SOCKS access to the VPN, without requiring root privileges
 at all.</p>
 <p>SOCKS proxy implementions suitable for being used from OpenConnect

diff --git a/www/packages.xml b/www/packages.xml
@@ -53,7 +53,7 @@
   </li>
   <li><h2>FreeBSD</h2>
     <p>
-      An <tt>openconnect</tt> <a href="http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openconnect/">port</a> is available for FreeBSD.
+      An <tt>openconnect</tt> <a href="https://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openconnect/">port</a> is available for FreeBSD.
     </p>
   </li>
   <li><h2>OpenBSD</h2>

diff --git a/www/pkcs11.xml b/www/pkcs11.xml
@@ -28,7 +28,7 @@ hopefully assist you in working it out.</p>
 <h2>Identifying the token</h2>
 <p>In order to use a PKCS#11 token with OpenConnect, first it must be installed
 appropriately in the system's
-<a href="http://p11-glue.freedesktop.org/doc/p11-kit/config.html">p11-kit configuration</a>.
+<a href="https://p11-glue.github.io/p11-glue/p11-kit/manual/config.html">p11-kit configuration</a>.
 You shouldn't need to worry about this; it should automatically be the case for
 properly packaged software on any modern operating system.</p>
 
@@ -40,7 +40,7 @@ the OpenSC module with p11-kit by creating a file such as
 
 <p>In order to query the available PKCS#11 modules, and the certificates
 stored therein, the best tool to use is the
-<a href="http://www.gnutls.org/manual/html_node/p11tool-Invocation.html">p11tool</a>
+<a href="https://www.gnutls.org/manual/html_node/p11tool-Invocation.html">p11tool</a>
 distributed with GnuTLS. In Fedora it's in the <tt>gnutls-utils</tt> package.</p>
 
 <p>First identify the PKCS#11 modules which are available by using the <tt>--list-tokens</tt> option:</p>