GnuTLS support in OpenConnect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've just pushed GnuTLS support for OpenConnect to the git repository.

This isn't entirely feature-complete yet. It doesn't support DTLS, and
in fact it the openconnect executable doesn't build at all right now
because it still uses the OpenSSL "UI" abstraction for user interaction.
That's easily worked around by manually adding -lssl -lcrypto to
LDFLAGS, if you really want to make it build.

But libopenconnect should be working fine. I've retrospectively changed
the API so that the certificate is an opaque pointer. If you build with
OpenSSL, it's still *really* a struct x509_st, so binary compatibility
is preserved. But I've added some helper functions to operate on the
now-theoretically-opaque type. One to get its details in a user-readable
string, and one to get the contents in DER form in case you really want
to do something more complex with it.

I've converted the GNOME auth-dialog to use the new functions and avoid
using OpenSSL, and there's a similar patch for the KDE auth-dialog at
http://git.infradead.org/users/dwmw2/networkmanagement.git

I'll fix the build of the executable at some point in the relatively
near future, and may even make DTLS work too one day.

Until then, you can just build the openconnect executable with OpenSSL.
It's the *library* that people have really wanted GnuTLS for, especially
for GPL compatibility for the KDE auth-dialog.

You can do that like this, for example:

 make distclean
 mkdir build-openssl
 cd build-openssl
 ../configure --disable-shared
 make
 sudo make install-sbinPROGRAMS
 cd ..
 mkdir build-gnutls
 cd build-gnutls
 ../configure --with-gnutls=shibboleet
 make
 sudo make sbinPROGRAMS= install

As an added bonus, if you have smartcard support working with GnuTLS it
*probably* ought to work with libopenconnect now. Although I think we do
need to register a PIN helper with gnutls_pkcs11_set_pin_function().

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120601/0283ab10/attachment.bin>


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux