[PATCH] Load "app:" keys by URL
Kevin Cernekee
cernekee at gmail.com
Wed May 4 09:42:06 PDT 2016
On Wed, May 4, 2016 at 8:20 AM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Wed, May 4, 2016 at 1:23 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
>> On Sun, 2016-04-24 at 22:50 -0700, Kevin Cernekee wrote:
>>>
>>> - key_is_sys = !strncmp(vpninfo->sslkey, "system:", 7);
>>> - cert_is_sys = !strncmp(vpninfo->cert, "system:", 7);
>>> + key_is_sys = !strncmp(vpninfo->sslkey, "system:", 7) ||
>>> + !strncmp(vpninfo->sslkey, "app:", 4);
>>> + cert_is_sys = !strncmp(vpninfo->cert, "system:", 7) ||
>>> + !strncmp(vpninfo->cert, "app:", 4);
>> On further reflection... rather than hard-coding knowledge of which
>> things GnuTLS might or might not recognise, can we please have an API
>> to *ask* it?
>
> That is already there. Check gnutls_url_is_supported().
So, I could have libopenconnect call gnutls_url_is_supported() on
"foo:" if the path looks like "foo:bar" to figure out whether to
handle it as a filename or a URL. Or I could have the libopenconnect
caller explicitly register "foo:" to be handled the same way as
"system:" URLs.
Any preference?
More information about the openconnect-devel
mailing list