On Wed, May 4, 2016 at 8:20 AM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: > On Wed, May 4, 2016 at 1:23 PM, David Woodhouse <dwmw2 at infradead.org> wrote: >> On Sun, 2016-04-24 at 22:50 -0700, Kevin Cernekee wrote: >>> >>> - key_is_sys = !strncmp(vpninfo->sslkey, "system:", 7); >>> - cert_is_sys = !strncmp(vpninfo->cert, "system:", 7); >>> + key_is_sys = !strncmp(vpninfo->sslkey, "system:", 7) || >>> + !strncmp(vpninfo->sslkey, "app:", 4); >>> + cert_is_sys = !strncmp(vpninfo->cert, "system:", 7) || >>> + !strncmp(vpninfo->cert, "app:", 4); >> On further reflection... rather than hard-coding knowledge of which >> things GnuTLS might or might not recognise, can we please have an API >> to *ask* it? > > That is already there. Check gnutls_url_is_supported(). So, I could have libopenconnect call gnutls_url_is_supported() on "foo:" if the path looks like "foo:bar" to figure out whether to handle it as a filename or a URL. Or I could have the libopenconnect caller explicitly register "foo:" to be handled the same way as "system:" URLs. Any preference?
