On Sun, 2012-06-10 at 20:57 -0400, Mike Miller wrote: > >> Both of those are now fixed. There's an experimental patch against the > >> GnuTLS 3.0 branch to provide Cisco-compatible DTLS support, at > >> http://david.woodhou.se/gnutls-cisco-dtls-working-2.patch > > > > I'll include it in gnutls master. > > Hey guys, trying to build gnutls master tonight in an effort to help > test OpenConnect but I'm failing at: I've just pushed support to the repository for building with *both* GnuTLS and OpenSSL simultaneously. It'll use GnuTLS for the HTTPS connections, including all the PKCS#11 goodness.. Since that's all that's included in the libopenconnect library, it's enough to fix the KDE licensing problem. And if your version of GnuTLS doesn't include the Cisco DTLS support, it'll *also* link the openconnect executable against OpenSSL and use that for DTLS. So now you should have everything working? even if your GnuTLS is as old as 2.12.16. Unfortunately, Fedora *still* isn't shipping GnuTLS 3.0, and isn't even planning to do so in Fedora 18, citing the libnettle requirement and alleged patent problems with the unconditional elliptic curve support as reasons?. -- dwmw2 ? The one thing that doesn't work with 2.12.x is warning the user that their certificate is about to expire, and working around an OpenSSL but on the server, *if* the private key comes from PKCS#11. Not many people will care about that... and I could even fix the expiry check. ? https://bugzilla.redhat.com/show_bug.cgi?id=726886#c24 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6171 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120611/6e17dbc6/attachment.bin>
