GnuTLS support in OpenConnect
David Woodhouse
dwmw2 at infradead.org
Thu Jun 7 10:40:18 EDT 2012
On Fri, 2012-06-01 at 01:51 +0100, David Woodhouse wrote:
> I've just pushed GnuTLS support for OpenConnect to the git repository.
>
> This isn't entirely feature-complete yet. It doesn't support DTLS, and
> in fact it the openconnect executable doesn't build at all right now
> because it still uses the OpenSSL "UI" abstraction for user
> interaction.
Both of those are now fixed. There's an experimental patch against the
GnuTLS 3.0 branch to provide Cisco-compatible DTLS support, at
http://david.woodhou.se/gnutls-cisco-dtls-working-2.patch
Thanks Nikos for your assistance and your patience.
I would appreciate some more widespread testing, and then I think we're
getting close to the point where we can release OpenConnect v4.00 with
GnuTLS support.
The main thing I have left to do is finish cleaning up the OpenSSL side
so that we *never* use the OpenSSL 'UI' abstraction to interact with the
user. That's already fixed for everything but the TPM PIN request.
I would also like to do some basic testing of PKCS#11 modules with
GnuTLS, and I'll need to set up the PIN request handling for that too.
Are there any simple PKCS#11 modules that we can use for testing? If I
could just have a trivial PKCS#11 module which is hard-coded with a
single certificate, and requests the PIN when I try to use it, that
would do nicely.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120607/63fbdbbf/attachment.bin>
More information about the openconnect-devel
mailing list