PKCS11 / smartcard
David Woodhouse
dwmw2 at infradead.org
Thu Dec 1 11:55:24 EST 2011
On Thu, 2011-12-01 at 16:25 +0000, David Woodhouse wrote:
> I'd recommend you start with getting OpenSSL and the engine working.
> Once you have that, the OpenConnect parts should be easy and I'd be
> very keen to support it.
Btw now that GNUTLS has DTLS support, I've been looking at what it would
take to make it support Cisco's "speshul" pre-standardisation version of
the protocol, and offering the choice of GNUTLS or OpenSSL at build time
for OpenConnect.
It *might* be the case that PKCS#11 support is easier in GNUTLS. But I
suspect the majority of your pain is going to be on the OpenSC side
anyway.
--
dwmw2
More information about the openconnect-devel
mailing list