On Thu, 2012-03-01 at 20:57 +0000, Sven Geggus wrote: > Hm, I asked because gnutls seems to have a clean native pkcs11 Interface > with a unified key/cert adressing scheme. > Using the sourcecode at > http://www.gnu.org/software/gnutls/manual/html_node/Client-using-a-smart-card-with-TLS.html > I have been able now to use my smartcard out of the box adding my > proprietary pkcs11 library to the pool of available pkcs11 libraries. If you want to have a go at making OpenConnect use gnutls as a build-time option, just for the TCP connections, that would give me the extra motivation to fix up the DTLS bits. Strictly speaking you only need your token for the *authentication* part over HTTPS; we could still use OpenSSL for the DTLS bit. But to start with I'd just disable DTLS in the gnutls build. It shouldn't be hard to fix that up once we're done with the other bits. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5818 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120302/0236e36e/attachment.bin>
