Smartcard (pkcs11) support?
Sven Geggus
lists at fuchsschwanzdomain.de
Thu Mar 1 05:21:06 EST 2012
Hello,
unfortunately our network people are about to migrate from ipsec/vpnc VPN to
Annyconnect but the official Annyconnect client for Linux does not seem to
support Smartcard authentication. Neither does annyconnect AFAIK.
Currently my smartcard works fine on Linux (firefox,thunderbird) using a
(proprietary) pkcs11 library.
As I definitely do not intend to switch to Windows I am wondering about how much
work it would be to add Smartcard support to annyconnect.
Unfortunately I'm currently unable to use my pkcs11 library in both openssl
and gnutls. On the first glance it looks like gnutls does have a better
interface for pkcs11 stuff[1] than openssl (only third party engine
available).
I think the probability to get this to work with gnutls is much higher in my
case. Which effort would be needed to extend openconnect in a way to either
use openssl or gnutls?
Would it be an option to directly support pkcs11?
Sven
[1] http://www.gnu.org/software/gnutls/manual/html_node/Client-using-a-smart-card-with-TLS.html
--
/*
* Wirzenius wrote this portably, Torvalds fucked it up :-)
*/ (taken from /usr/src/linux/lib/vsprintf.c)
/me is giggls at ircnet, http://sven.gegg.us/ on the Web
More information about the openconnect-devel
mailing list