On Fri, 2011-12-02 at 17:48 +0000, Tony Beets wrote: > I am fairly new to opensc and the use of smart cards but it seemed > actually pretty straight forward to get it to work. I followed some of > the documentation here: > > http://www.gooze.eu/tutorials > > > And here is an example of the pkcs11 engine working with stunnel: > http://www.gooze.eu/howto/using-stunnel-with-smart-cards > > > If you are interested in supporting smartcard tokens in openconnect I > would be happy to contribute to the project by donating a card and a > reader (I can probably ship it to you if you want to give me a post > address off list). That's a kind offer. I do actually have one of the Feitian ePass USB tokens... somewhere. It arrived just before I want to linux.conf.au this year, and travelled with me... and I *think* it made it home, although I can't find it. Really, I ought to be able to test PKCs#11 support in OpenConnect with *just* a software "token", so and I *certainly* ought to be able to find the USB stick amongst the nappies and toys and other paraphernalia that have infested the house since February... eventually :) If you already have the OpenSSL PKCS#11 engine working, you should be able to use it to connect to the AnyConnect server by using 'openssl s_client -crlf' and talking HTTP to it manually (which isn't particularly difficult since you can watch the traffic that openconnect generates). Once *that's* working, converting the TPM code to work with it should be a no-brainer. If you let me have the openssl s_client command line you use (it'll involve -engine pkcs11 and -keyform engine etc., I imagine), then I'll attempt to come up with an openconnect patch for you to test. -- dwmw2
