Does anyone care about GnuTLS 2.12 support

David Woodhouse dwmw2 at
Wed Nov 19 00:16:32 PST 2014

On Tue, 2014-11-18 at 20:40 -0500, Mike Miller wrote:
> On Tue, Nov 18, 2014 at 22:03:25 +0000, David Woodhouse wrote:
> > Thanks. It was Debian/Ubuntu I was most concerned about — I see even
> > Ubuntu 14.04 seems to have GnuTLS 2.12 according to
> >
> It does, and is also on OpenConnect 5.02 / I don't
> see any chance of that changing in the official archive, so no need to
> worry about that version from my point of view.
> If others are interested in building new versions of OpenConnect on
> 14.04 for their own use, they should be able to with the GnuTLS 3.2.11
> that is also available, it looks usable to me. OpenConnect won't be
> linked against a GPLv2-compatible GMP and it won't service the version
> of NM in 14.04, but should work otherwise.

OK, thanks.

In fact the 2.12 received a stay of execution in commit b3f306d21 when I
preserved the old-style p11-kit PIN callbacks in parallel with the
native GnuTLS callbacks. It turned out not to be *that* hard to make a
wrapper from one to the other. It's a few more #ifdefs in gnutls.c but
by this point that frog is almost at boiling point anyway.

We'll continue to support GnuTLS 2.12 in the 7.00 release, but won't do
serious work to preserve it after that.

I am aware that we don't really do 'stable bugfix' releases for older
branches, so there isn't a clear upgrade path. For Fedora/RHEL we do
just update OpenConnect *and* the NM auth-dialogs (for GNOME and KDE)
when there's a library change. Although library changes ought to be less
frequent now, hopefully.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list