Smartcard (pkcs11) support?
Sven Geggus
lists at fuchsschwanzdomain.de
Mon Mar 5 10:08:54 EST 2012
David Woodhouse <dwmw2 at infradead.org> wrote:
> If you want to have a go at making OpenConnect use gnutls as a
> build-time option, just for the TCP connections, that would give me the
> extra motivation to fix up the DTLS bits.
Puh, don't overestimate my programming skills. Is there anything like a
documentation of the state-machine running in Anyconnect during connection
establishment? Am I right in the assumption that the authorization part of
the protocoll is pure https?
As connection via gnutls-cli and talking http manually works, I just took a
slightly adapted Version of
http://www.gnu.org/software/gnutls/manual/html_node/Client-using-a-smart-card-with-TLS.html
and tried to connect to the VPN Server.
Looks like this already succeed somehow, because here is what I get when I
request "/+CSCOE+/logon.html?fcadbadd=1":
Location: /+CSCOE+/logon.html
Set-Cookie: tg=0SSLVPN_IOSB_TG; path=/; secure
As IOSB is the name of my OU the system already seems to know my target.
This Information seems to be mapped from the smartcard OU.
Sven
--
Der "normale Bürger" ist nicht an der TU Dresden und schreibt auch
nicht mit mutt. (Ulli Kuhnle in de.comp.os.unix.discussion)
/me is giggls at ircnet, http://sven.gegg.us/ on the Web
--
Das Internet ist kein rechtsfreier Raum, das Internet ist aber auch
kein bürgerrechtsfreier Raum. (Wolfgang Wieland Bündnis 90/Die Grünen)
/me is giggls at ircnet, http://sven.gegg.us/ on the Web
More information about the openconnect-devel
mailing list