unable to use RSA SecureID on Unbuntu 14.04 LTS 64 bit

David Woodhouse dwmw2 at infradead.org
Thu Jul 31 10:44:44 PDT 2014


On Thu, 2014-07-31 at 10:28 -0700, Kevin Cernekee wrote:
> On Thu, Jul 31, 2014 at 9:29 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
> > On Tue, 2014-07-29 at 12:05 -0700, Kevin Cernekee wrote:
> >>
> >> 2) If --token-secret points to a file, read the file contents into
> >> token_str.  This would allow sdtid (XML) tokens to be used directly;
> >> it may also be helpful in keeping token strings (basically keys) from
> >> showing up in "ps".
> >
> > Let me know if the UTF-8 handling required for this is non-obvious.
> >
> > For Windows, hopefully your API accepts UTF-8 and will convert to use
> > the "Unicode" functions internally? :)
> 
> For an input string containing a CTF URI
> (http://127.0.0.1/securid/ctf?ctfData=2328...) I would not expect to
> see any non-ASCII characters.
> 
> For an SDTID XML file, I call xmlReadMemory() with encoding set to
> NULL (UTF-8). 

I'm thinking of the *filename* itself, that will be passed to
stoken_import_rcfile() from libopenconnect (where it currently only
passes NULL). Isn't that what you were proposing?

On POSIX systems, I'd guess you want that filename in the locale
charset, in which case libopenconnect will want to use
openconnect_utf8_to_legacy() before handing it to you. Examples added
recently all over the place :)

On Windows... ick. OpenSSL and libopenconnect handle it by taking UTF-8
then converting to UTF-16 and using the wide-char API for themselves
internally where necessary (for file access, etc.)

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140731/ea16da34/attachment.bin>


More information about the openconnect-devel mailing list