[PATCH] Add openconnect_get_client_cert() to API

David Woodhouse dwmw2 at infradead.org
Mon Sep 19 03:48:23 EDT 2011


On Mon, 2011-09-19 at 09:45 +0300, Jussi Kukkonen wrote:
> Ah, I see. That explains why it was seemingly so complex...

Yeah. OpenSSL makes me sad sometimes...
http://www.advogato.org/person/dwmw2/diary/205.html

> I don't want to change the user interaction here -- it seems quite
> standard and logical -- so either we just live with the expiry warning
> appearing at only connection time or provide early warnings only when it
> happens to be easy.
> 
> I still think it would make sense to make the certificate expiry date
> available to the application if possible (I suggested _get_client_cert()
> because I imagined other details in the cert could be useful as well).
> Creating user messages without the date is doable but not really optimal.

Yeah, I'm more than happy adding _get_client_cert(), which could even
call load_certificate() if the cert hasn't already been loaded. So you
*could* call it before connection if you really wanted to, or you can
call it when you receive a certificate warning message.

Want to let me have an updated patch for that, and then we can look at
the ->progress() status code and translations next?

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5818 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20110919/624769f1/attachment.bin>


More information about the openconnect-devel mailing list