On Thu, Jun 7, 2012 at 4:40 PM, David Woodhouse <dwmw2 at infradead.org> wrote: >> I've just pushed GnuTLS support for OpenConnect to the git repository. >> This isn't entirely feature-complete yet. It doesn't support DTLS, and >> in fact it the openconnect executable doesn't build at all right now >> because it still uses the OpenSSL "UI" abstraction for user >> interaction. > Both of those are now fixed. There's an experimental patch against the > GnuTLS 3.0 branch to provide Cisco-compatible DTLS support, at > http://david.woodhou.se/gnutls-cisco-dtls-working-2.patch I'll include it in gnutls master. > I would also like to do some basic testing of PKCS#11 modules with > GnuTLS, and I'll need to set up the PIN request handling for that too. > Are there any simple PKCS#11 modules that we can use for testing? I use libopensc with some tokens and smart-cards I got from gooze.eu (they give some for free to free software developers). You can also try softhsm (though I've never tried it myself). https://wiki.opendnssec.org/display/SoftHSMDOCS/SoftHSM+Documentation+Home > If I could just have a trivial PKCS#11 module which is hard-coded with a > single certificate, and requests the PIN when I try to use it, that > would do nicely. If you find something like that let me know, I'm also interested! regards, Nikos
