On Wed, 2014-03-05 at 21:54 -0500, Mike Miller wrote: > On Wed, Mar 05, 2014 at 11:29:59 +0000, David Woodhouse wrote: > > I'm not entirely convinced that the x.99 "releases" actually get that > > much worthwhile testing, but they certainly don't hurt. Mostly this is a > > call for Kevin and Nikos to bug me about anything they still have > > outstanding that they really want in the 6.00 release... > > Well, fails to build on Debian with gnutls 2.12.23 (I know, I know): > > gnutls.c: In function 'openconnect_SSL_read': > gnutls.c:119:22: error: 'GNUTLS_E_PREMATURE_TERMINATION' undeclared (first use in this function) > > Does this bump the requirement for minimum gnutls version or can we work > around this? Thanks for catching that. Yes, we can work around it easily enough: https://git.gnome.org/browse/network-manager-openconnect/commit/?id=1b2e3e8c This does raise the question of whether we should consider dropping GnuTLS 2.x support altogether. There's a bunch of evil in the certificate handling code ? especially for the TPM ? which could be dropped. And anyone using GnuTLS 2.x, unless they eschew DTLS completely, is going to have to link against OpenSSL *anyway*. The disadvantages are that existing GnuTLS 2.x users would lose PKCS#11 support, and the licensing issue of using OpenSSL from within KDE's NetworkManager tool. Any idea how long you're going to need to support GnuTLS 2.x? > Also reminds me to send this patch on, removes the W3C icons from the > html doc (but not necessarily because the docs aren't valid HTML :) Applied; thanks. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140306/8c6e1c65/attachment.bin>
