On Fri, 2012-05-25 at 22:45 +0200, Michael Biebl wrote:
> If only openconnect would have used gnutls... 

If only gnutls would have given a sane way to use a certificate from a
TPM, and supported DTLS. Hey, maybe I wouldn't have had to write HTTP
client support for myself at all; I could have used one of the multitude
of existing libraries!

Looking to the future though: gnutls does have DTLS support now, and it
shouldn't be that hard to make it support the slightly nonstandard
version of DTLS that Cisco use in AnyConnect. And I'd settle for generic
PKCS#11 module support (even though there's still no sane PKCS#11 module
for TPM access).

Patches to openconnect to make it optionally use gnutls instead of
openssl would be most welcome... and it could be done incrementally;
using gnutls just for the TCP connection first and still using OpenSSL
for DTLS (which happens in openconnect(8) not in libopenconnect). That
would be enough to solve this issue, and adding PKCS#11 support and DTLS
support could come later.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

pkg-kde-extras mailing list

Reply via email to