Smartcard (pkcs11) support?

David Woodhouse dwmw2 at infradead.org
Thu Mar 1 11:01:12 EST 2012


On Thu, 2012-03-01 at 10:21 +0000, Sven Geggus wrote:
> I think the probability to get this to work with gnutls is much higher in my
> case. Which effort would be needed to extend openconnect in a way to either
> use openssl or gnutls? 

This is a lot more feasible now than it used to be — at least gnutls has
DTLS support now. You'd just need to add the hacks to make it compatible
with Cisco's bastardised version of the protocol.

Alternatively, use an OpenSSL "Engine". OpenConnect has worked with a
TPM from the very beginning, that way.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5818 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120301/a04c8ddb/attachment.bin>


More information about the openconnect-devel mailing list