On Thu, 2011-12-01 at 16:25 +0000, David Woodhouse wrote: > I'd recommend you start with getting OpenSSL and the engine working. > Once you have that, the OpenConnect parts should be easy and I'd be > very keen to support it. Btw now that GNUTLS has DTLS support, I've been looking at what it would take to make it support Cisco's "speshul" pre-standardisation version of the protocol, and offering the choice of GNUTLS or OpenSSL at build time for OpenConnect. It *might* be the case that PKCS#11 support is easier in GNUTLS. But I suspect the majority of your pain is going to be on the OpenSC side anyway. -- dwmw2