GnuTLS support in OpenConnect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2012-06-01 at 01:51 +0100, David Woodhouse wrote:
> I've just pushed GnuTLS support for OpenConnect to the git repository.
> 
> This isn't entirely feature-complete yet. It doesn't support DTLS, and
> in fact it the openconnect executable doesn't build at all right now
> because it still uses the OpenSSL "UI" abstraction for user
> interaction. 

Both of those are now fixed. There's an experimental patch against the
GnuTLS 3.0 branch to provide Cisco-compatible DTLS support, at
http://david.woodhou.se/gnutls-cisco-dtls-working-2.patch

Thanks Nikos for your assistance and your patience.

I would appreciate some more widespread testing, and then I think we're
getting close to the point where we can release OpenConnect v4.00 with
GnuTLS support.

The main thing I have left to do is finish cleaning up the OpenSSL side
so that we *never* use the OpenSSL 'UI' abstraction to interact with the
user. That's already fixed for everything but the TPM PIN request.

I would also like to do some basic testing of PKCS#11 modules with
GnuTLS, and I'll need to set up the PIN request handling for that too.
Are there any simple PKCS#11 modules that we can use for testing? If I
could just have a trivial PKCS#11 module which is hard-coded with a
single certificate, and requests the PIN when I try to use it, that
would do nicely.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120607/63fbdbbf/attachment.bin>


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux