On Fri, 2012-05-25 at 22:45 +0200, Michael Biebl wrote: > If only openconnect would have used gnutls...
If only gnutls would have given a sane way to use a certificate from a TPM, and supported DTLS. Hey, maybe I wouldn't have had to write HTTP client support for myself at all; I could have used one of the multitude of existing libraries! Looking to the future though: gnutls does have DTLS support now, and it shouldn't be that hard to make it support the slightly nonstandard version of DTLS that Cisco use in AnyConnect. And I'd settle for generic PKCS#11 module support (even though there's still no sane PKCS#11 module for TPM access). Patches to openconnect to make it optionally use gnutls instead of openssl would be most welcome... and it could be done incrementally; using gnutls just for the TCP connection first and still using OpenSSL for DTLS (which happens in openconnect(8) not in libopenconnect). That would be enough to solve this issue, and adding PKCS#11 support and DTLS support could come later. -- dwmw2
Description: S/MIME cryptographic signature
_______________________________________________ pkg-kde-extras mailing list email@example.com http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras