Windows support
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Feb 12 03:35:35 EST 2014
On Tue, Feb 11, 2014 at 11:09 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
>> I'm currently looking at just how awful it would be to convert to using
>> Windows events. It's either that or spawn a thread just to handle the
>> tun device.
> All done. Not quite as horrid as I anticipated. And lays the foundation
> for us supporting epoll() if we really want to, too.
I guess it wouldn't affect the performance, but if it would be needed,
wouldn't it make sense to use something cross platform like libev?
> I have yet to find an issue with native push/pull functions in the
> 3.1.16 release.
If you ship binaries you could simply use a version that works well
(like the 3.1.16) and simply drop the wrappers.
> And I also finally have interface configuration with 'netsh' working,
> after running the OpenVPN tool which creates a *new* tun/tap device. For
> some reason the first one was playing silly buggers. If I nab
> vpnc-script-win.js from the vpnc distribution and run openconnect with
> '--script "cscript vpnc-script-win.js"', it works.
> Do we have support for using keys in the Windows certificate store?
Only the trusted CAs are loaded from there. For keys I think that this
API would work as a smart card so gnutls_privkey_import_ext2() should
be used (and only the signing function needed). From people that have
already done it, I was told that you need a signing function similar
to:
http://thewalter.net/git/cgit.cgi/p11-capi/tree/module/p11-capi-rsa.c#n180
regards,
Nikos
More information about the openconnect-devel
mailing list