OpenConnect 5.99 release

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2014-03-06 at 10:02 +0100, Nikos Mavrogiannopoulos wrote:
> 
> I believe you can get away with it by doing a:
> #if GNUTLS_VERSION_NUMBER < 0x030000
> #define GNUTLS_E_PREMATURE_TERMINATION GNUTLS_E_UNEXPECTED_PACKET_LENGTH
> #endif

I pondered that. However, it would require satisfying myself that in
*all* cases that it occurs, treating GNUTLS_E_UNEXPECTED_PACKET_LENGTH
as a non-error is acceptable and secure.

And given how much I care about GnuTLS 2.x, coupled with the fact that
this behaviour has never actually been seen from an *AnyConnect* server
(it turned out to be a Juniper VPN), I just didn't think it was worth
the effort of even thinking it through :)

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140306/a0a88d43/attachment-0001.bin>


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux