[PATCH] Add Android keystore support
David Woodhouse
dwmw2 at infradead.org
Sun Jun 17 20:28:41 EDT 2012
On Thu, 2011-12-29 at 01:22 +0000, Vilmos Nebehaj wrote:
>
> I have actually implemented Anyconnect support in android 2.3 as a
> system feature using the built-in VPN framework & openconnect. See the
> repositories android_external_openconnect, android_frameworks_base,
> android_system_core, android_packages_apps_Settings and
> android_external_openssl at https://github.com/ldx. This openconnect
> repository contains further commits for further integration. The gingerbread
> branches from the repos can be used with cyanogenmod7 to build a full
> ROM with openconnect and the GUI bits in the Settings app. Works
> great for me with both certificate based and 2-factor password based
> authentication against a Cisco ASA 55xx. I'll write a few lines about
> how to build it step by step.
I've just been taking another look at this. I like the way you handle
the callbacks from openconnect via the control socket. With OpenConenct
4.00 it's not the OpenSSL UI any more; we have the ->process_auth_form()
callback in the vpninfo.
Did you ever get round to revising it for the new VpnService in Android
4.0?
It looks like it should be relatively simple — you just need to make
openconnect dup() and pass the file descriptors over the control socket
for the Java code to call protect() on them, and also it'll need to get
its file descriptor for the tun device from the establish() call on the
Java side.
That's easy enough in the C code, and it looks simple if you have access
to the LocalSocket object on the Java side. So as long as you don't use
DaemonProxy, which keeps its mControlSocket private and doesn't let you
send/receive file descriptors over it, you should be fine. It's not that
hard to use LocalSocket for the control socket direclty and then you can
use its getAncillaryFileDescriptors() and setFileDescriptorsForSend()
methods, right?
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120618/92d6a066/attachment.bin>
More information about the openconnect-devel
mailing list