On Fri, 2012-06-01 at 01:51 +0100, David Woodhouse wrote: > I've just pushed GnuTLS support for OpenConnect to the git repository. > > This isn't entirely feature-complete yet. It doesn't support DTLS, and > in fact it the openconnect executable doesn't build at all right now > because it still uses the OpenSSL "UI" abstraction for user > interaction. Both of those are now fixed. There's an experimental patch against the GnuTLS 3.0 branch to provide Cisco-compatible DTLS support, at http://david.woodhou.se/gnutls-cisco-dtls-working-2.patch Thanks Nikos for your assistance and your patience. I would appreciate some more widespread testing, and then I think we're getting close to the point where we can release OpenConnect v4.00 with GnuTLS support. The main thing I have left to do is finish cleaning up the OpenSSL side so that we *never* use the OpenSSL 'UI' abstraction to interact with the user. That's already fixed for everything but the TPM PIN request. I would also like to do some basic testing of PKCS#11 modules with GnuTLS, and I'll need to set up the PIN request handling for that too. Are there any simple PKCS#11 modules that we can use for testing? If I could just have a trivial PKCS#11 module which is hard-coded with a single certificate, and requests the PIN when I try to use it, that would do nicely. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6171 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120607/63fbdbbf/attachment.bin>
