API to get ciphersuite

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Oct 27 15:40:34 PDT 2014 

On Mon, 2014-10-27 at 17:09 +0100, Nikos Mavrogiannopoulos wrote:
> On Mon, Oct 27, 2014 at 1:51 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
> > On Mon, 2014-10-27 at 10:49 +0100, Nikos Mavrogiannopoulos wrote:
> >> Hello,
> >>  As it is now, a program using libopenconnect cannot get the
> >> ciphersuite in use in a session. This patch adds that API.
> >
> > You have a habit of sending me patches which give me more work to do :)
> >
> > Admittedly, I know I do the same to you, but you definitely won that
> > game by sending me a patch to make it *build* on Win32 without actually
> > doing anything useful, then letting my OCD kick in and figure out the
> > TAP-Windows driver and other issues :)
> :)

I should add for completeness here, that if you had not kicked in and
expected me to fix the remaining issues, we wouldn't have the windows
client today. When I sent the patch I didn't even have access to
windows; everything was done under mingw.

> > One remaining issue: can the cipher change on a rehandshake? If so, your
> > cached vpninfo->cstp_cipher string might get out of date, and it needs
> > to be freed and set to NULL on a renegotiate too.
> Yes, it could change. I'll check to it tomorrow.

That should be fixed with the attached patch. I read also you comment in
openconnect.h, and I made both strings consistent based on the library
in use.

What remains in my list is to allow disabling the system trust. A
proposed API for that is attached.

regards,
Nikos

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Make-the-cipher-strings-consistent-based-on-which-li.patch
Type: text/x-patch
Size: 5670 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141027/870254c8/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Added-openconnect_set_system_trust.patch
Type: text/x-patch
Size: 3659 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141027/870254c8/attachment-0001.bin>

More information about the openconnect-devel mailing list