OpenConnect 5.99 release

David Woodhouse dwmw2 at infradead.org
Thu Mar 6 04:08:32 EST 2014


On Wed, 2014-03-05 at 21:54 -0500, Mike Miller wrote:
> On Wed, Mar 05, 2014 at 11:29:59 +0000, David Woodhouse wrote:
> > I'm not entirely convinced that the x.99 "releases" actually get that
> > much worthwhile testing, but they certainly don't hurt. Mostly this is a
> > call for Kevin and Nikos to bug me about anything they still have
> > outstanding that they really want in the 6.00 release...
> 
> Well, fails to build on Debian with gnutls 2.12.23 (I know, I know):
> 
> gnutls.c: In function 'openconnect_SSL_read':
> gnutls.c:119:22: error: 'GNUTLS_E_PREMATURE_TERMINATION' undeclared (first use in this function)
>
> Does this bump the requirement for minimum gnutls version or can we work
> around this?

Thanks for catching that. Yes, we can work around it easily enough:
https://git.gnome.org/browse/network-manager-openconnect/commit/?id=1b2e3e8c

This does raise the question of whether we should consider dropping
GnuTLS 2.x support altogether. There's a bunch of evil in the
certificate handling code — especially for the TPM — which could be
dropped. And anyone using GnuTLS 2.x, unless they eschew DTLS
completely, is going to have to link against OpenSSL *anyway*.

The disadvantages are that existing GnuTLS 2.x users would lose PKCS#11
support, and the licensing issue of using OpenSSL from within KDE's
NetworkManager tool.

Any idea how long you're going to need to support GnuTLS 2.x?

> Also reminds me to send this patch on, removes the W3C icons from the
> html doc (but not necessarily because the docs aren't valid HTML :)

Applied; thanks.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140306/8c6e1c65/attachment.bin>


More information about the openconnect-devel mailing list