GnuTLS support in OpenConnect
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Jun 7 10:53:03 EDT 2012
On Thu, Jun 7, 2012 at 4:40 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
>> I've just pushed GnuTLS support for OpenConnect to the git repository.
>> This isn't entirely feature-complete yet. It doesn't support DTLS, and
>> in fact it the openconnect executable doesn't build at all right now
>> because it still uses the OpenSSL "UI" abstraction for user
>> interaction.
> Both of those are now fixed. There's an experimental patch against the
> GnuTLS 3.0 branch to provide Cisco-compatible DTLS support, at
> http://david.woodhou.se/gnutls-cisco-dtls-working-2.patch
I'll include it in gnutls master.
> I would also like to do some basic testing of PKCS#11 modules with
> GnuTLS, and I'll need to set up the PIN request handling for that too.
> Are there any simple PKCS#11 modules that we can use for testing?
I use libopensc with some tokens and smart-cards I got from gooze.eu
(they give some for free to free software developers). You can also
try softhsm (though I've never tried it myself).
https://wiki.opendnssec.org/display/SoftHSMDOCS/SoftHSM+Documentation+Home
> If I could just have a trivial PKCS#11 module which is hard-coded with a
> single certificate, and requests the PIN when I try to use it, that
> would do nicely.
If you find something like that let me know, I'm also interested!
regards,
Nikos
More information about the openconnect-devel
mailing list