OpenConnect 5.99 release

David Woodhouse dwmw2 at infradead.org
Thu Mar 6 04:34:34 EST 2014


On Thu, 2014-03-06 at 10:02 +0100, Nikos Mavrogiannopoulos wrote:
> 
> I believe you can get away with it by doing a:
> #if GNUTLS_VERSION_NUMBER < 0x030000
> #define GNUTLS_E_PREMATURE_TERMINATION GNUTLS_E_UNEXPECTED_PACKET_LENGTH
> #endif

I pondered that. However, it would require satisfying myself that in
*all* cases that it occurs, treating GNUTLS_E_UNEXPECTED_PACKET_LENGTH
as a non-error is acceptable and secure.

And given how much I care about GnuTLS 2.x, coupled with the fact that
this behaviour has never actually been seen from an *AnyConnect* server
(it turned out to be a Juniper VPN), I just didn't think it was worth
the effort of even thinking it through :)

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140306/a0a88d43/attachment-0001.bin>


More information about the openconnect-devel mailing list