On Thu, 2014-03-06 at 10:02 +0100, Nikos Mavrogiannopoulos wrote: > > I believe you can get away with it by doing a: > #if GNUTLS_VERSION_NUMBER < 0x030000 > #define GNUTLS_E_PREMATURE_TERMINATION GNUTLS_E_UNEXPECTED_PACKET_LENGTH > #endif I pondered that. However, it would require satisfying myself that in *all* cases that it occurs, treating GNUTLS_E_UNEXPECTED_PACKET_LENGTH as a non-error is acceptable and secure. And given how much I care about GnuTLS 2.x, coupled with the fact that this behaviour has never actually been seen from an *AnyConnect* server (it turned out to be a Juniper VPN), I just didn't think it was worth the effort of even thinking it through :) -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140306/a0a88d43/attachment-0001.bin>
