API to get ciphersuite

David Woodhouse dwmw2 at infradead.org
Tue Oct 28 04:10:05 PDT 2014


On Mon, 2014-10-27 at 23:40 +0100, Nikos Mavrogiannopoulos wrote:
> That should be fixed with the attached patch. I read also you comment in
> openconnect.h, and I made both strings consistent based on the library
> in use.

Applied and pushed; thanks. I've now renamed the cstp_cipher field to
gnutls_cstp_cipher alongside gnutls_dtls_cipher, since OpenSSL retusn a
static string and doesn't need to cache/free it.


> What remains in my list is to allow disabling the system trust. A
> proposed API for that is attached.

Looks sane enough. I prefer to avoid '== 0' in conditionals; would
prefer to see 'if (!vpninfo->no_system_trust)' instead. And it needs
exposing to Java along the same lines as commit de759ad5.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141028/f49837d1/attachment.bin>


More information about the openconnect-devel mailing list