I've just pushed GnuTLS support for OpenConnect to the git repository. This isn't entirely feature-complete yet. It doesn't support DTLS, and in fact it the openconnect executable doesn't build at all right now because it still uses the OpenSSL "UI" abstraction for user interaction. That's easily worked around by manually adding -lssl -lcrypto to LDFLAGS, if you really want to make it build. But libopenconnect should be working fine. I've retrospectively changed the API so that the certificate is an opaque pointer. If you build with OpenSSL, it's still *really* a struct x509_st, so binary compatibility is preserved. But I've added some helper functions to operate on the now-theoretically-opaque type. One to get its details in a user-readable string, and one to get the contents in DER form in case you really want to do something more complex with it. I've converted the GNOME auth-dialog to use the new functions and avoid using OpenSSL, and there's a similar patch for the KDE auth-dialog at http://git.infradead.org/users/dwmw2/networkmanagement.git I'll fix the build of the executable at some point in the relatively near future, and may even make DTLS work too one day. Until then, you can just build the openconnect executable with OpenSSL. It's the *library* that people have really wanted GnuTLS for, especially for GPL compatibility for the KDE auth-dialog. You can do that like this, for example: make distclean mkdir build-openssl cd build-openssl ../configure --disable-shared make sudo make install-sbinPROGRAMS cd .. mkdir build-gnutls cd build-gnutls ../configure --with-gnutls=shibboleet make sudo make sbinPROGRAMS= install As an added bonus, if you have smartcard support working with GnuTLS it *probably* ought to work with libopenconnect now. Although I think we do need to register a PIN helper with gnutls_pkcs11_set_pin_function(). -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6171 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120601/0283ab10/attachment.bin>
