openconnect with Belgian EID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 7, 2013 at 5:08 PM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com> wrote:
>> If either of them are responsible for signing your personal cert, then
>> OpenConnect will include them in its SSL negotiation, and that can often
>> 'help' the server to realise that it actually *does* trust the cert in
>> question.
>> If that's the issue, then perhaps OpenConnect needs to be taught to go
>> looking for these 'supporting' certs in the PKCS#11 store, as well as
>> the --cafile. But then again, perhaps GnuTLS ought to do that for
>> itself.
>> Nikos?
> Indeed, that's a nice feature and not too difficult to be implemented
> as PKCS #11 allows searching stored certificates using a DN. It is on
> my todo-list for quite some time but never found the time for that.
> Patches are (of course) more than welcome!

Ok, it seems I've managed to implement it. If you're using
gnutls_certificate_set_x509_key_file() then the full chain will be
loaded when using the version at the git repository (or 3.2.7 when
that is released).

regards,
Nikos



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux