[Pkg-kde-extras] Bug#669702: Patch to enable openconnect VPN plugin
Hi, Unfortunately it's not that easy. Linking against openssl requires a special exemption which I don't see granted for networkmanagement. So atm we can't enable this plugin. If only openconnect would have used gnutls... [1] http://people.gnome.org/~markmc/openssl-and-the-gpl.html Ouch, that's bad (I hate this lawyer stuff^^). Only the openconnect vpn plugin directly links to OpenSSL - does it suffice for these few files to get a license exemption? The plugin is only loaded at runtime, not actually linked against the rest. Kind regards, Ralf ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#669702: Patch to enable openconnect VPN plugin
On 21.04.2012 12:49, Ralf Jung wrote: tags 669702 patch thanks I attached a patch which adds the necessary Build-Depends and Recommends for openconnect VPNs and installs the vpnplugin files. I tested it locally and successfully connected to a VPN using openconnect. Unfortunately it's not that easy. Linking against openssl requires a special exemption which I don't see granted for networkmanagement. So atm we can't enable this plugin. If only openconnect would have used gnutls... Michael [1] http://people.gnome.org/~markmc/openssl-and-the-gpl.html -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#669702: Patch to enable openconnect VPN plugin
On Fri, 2012-05-25 at 22:45 +0200, Michael Biebl wrote: If only openconnect would have used gnutls... If only gnutls would have given a sane way to use a certificate from a TPM, and supported DTLS. Hey, maybe I wouldn't have had to write HTTP client support for myself at all; I could have used one of the multitude of existing libraries! Looking to the future though: gnutls does have DTLS support now, and it shouldn't be that hard to make it support the slightly nonstandard version of DTLS that Cisco use in AnyConnect. And I'd settle for generic PKCS#11 module support (even though there's still no sane PKCS#11 module for TPM access). Patches to openconnect to make it optionally use gnutls instead of openssl would be most welcome... and it could be done incrementally; using gnutls just for the TCP connection first and still using OpenSSL for DTLS (which happens in openconnect(8) not in libopenconnect). That would be enough to solve this issue, and adding PKCS#11 support and DTLS support could come later. -- dwmw2 smime.p7s Description: S/MIME cryptographic signature ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#669702: Patch to enable openconnect VPN plugin
Hi David, On 25.05.2012 23:07, David Woodhouse wrote: On Fri, 2012-05-25 at 22:45 +0200, Michael Biebl wrote: If only openconnect would have used gnutls... If only gnutls would have given a sane way to use a certificate from a TPM, and supported DTLS. Hey, maybe I wouldn't have had to write HTTP client support for myself at all; I could have used one of the multitude of existing libraries! Oh, yeah, I'm very well aware that gnutls has its own share of issues and peculiarities. Patches to openconnect to make it optionally use gnutls instead of openssl would be most welcome... and it could be done incrementally; using gnutls just for the TCP connection first and still using OpenSSL for DTLS (which happens in openconnect(8) not in libopenconnect). That would be enough to solve this issue, and adding PKCS#11 support and DTLS support could come later. Personally I don't have the time to work on that but would appreciate any efforts in that direction. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#669702: Patch to enable openconnect VPN plugin
tags 669702 patch thanks I attached a patch which adds the necessary Build-Depends and Recommends for openconnect VPNs and installs the vpnplugin files. I tested it locally and successfully connected to a VPN using openconnect. Kind regards, Ralf diff -ur networkmanagement.bak/debian/changelog networkmanagement-0.9.0.1/debian/changelog --- networkmanagement.bak/debian/changelog 2012-04-09 11:38:33.0 +0200 +++ networkmanagement-0.9.0.1/debian/changelog 2012-04-21 11:32:37.595877386 +0200 @@ -1,3 +1,10 @@ +networkmanagement (0.9.0.1-1.1) unstable; urgency=low + + * Add Build-Depends on libopenconnect-dev and libssl-dev to enable the +openconnect vpnplugin. + + -- Ralf Jung p...@ralfj.de Sat, 21 Apr 2012 11:31:48 +0200 + networkmanagement (0.9.0.1-1) unstable; urgency=low * New upstream release. diff -ur networkmanagement.bak/debian/control networkmanagement-0.9.0.1/debian/control --- networkmanagement.bak/debian/control 2012-04-09 11:38:33.0 +0200 +++ networkmanagement-0.9.0.1/debian/control 2012-04-21 12:22:27.632863249 +0200 @@ -6,7 +6,7 @@ Build-Depends: debhelper (= 8), cmake (= 2.6.2), pkg-kde-tools (= 0.5), libqt4-dev (= 4:4.6.0), kdelibs5-dev (= 4:4.6.0), kdebase-workspace-dev (= 4:4.6.0), network-manager-dev (= 0.9.0), libnm-util-dev (= 0.9.0), libnm-glib-dev (= 0.9.0), - mobile-broadband-provider-info + mobile-broadband-provider-info, libopenconnect-dev, libssl-dev Standards-Version: 3.9.3 Vcs-Git: git://git.debian.org/git/pkg-kde/kde-extras/networkmanagement.git Vcs-Browser: http://git.debian.org/?p=pkg-kde/kde-extras/networkmanagement.git @@ -16,7 +16,8 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, network-manager (= 0.9.0), mobile-broadband-provider-info Suggests: kdebase-workspace-bin -Recommends: kwalletmanager, network-manager-vpnc, network-manager-openvpn, network-manager-pptp +Recommends: kwalletmanager, network-manager-vpnc, network-manager-openvpn, network-manager-pptp, + network-manager-openconnect Replaces: knm-runtime Breaks: knm-runtime Description: Network Management widget for KDE Plasma workspaces diff -ur networkmanagement.bak/debian/plasma-widget-networkmanagement.install networkmanagement-0.9.0.1/debian/plasma-widget-networkmanagement.install --- networkmanagement.bak/debian/plasma-widget-networkmanagement.install 2012-04-09 11:38:33.0 +0200 +++ networkmanagement-0.9.0.1/debian/plasma-widget-networkmanagement.install 2012-04-21 12:27:33.698549684 +0200 @@ -3,6 +3,7 @@ usr/lib/kde4/kded_networkmanagement.so usr/lib/kde4/libexec/networkmanagement_configshell usr/lib/kde4/networkmanagement_novellvpnui.so +usr/lib/kde4/networkmanagement_openconnectui.so usr/lib/kde4/networkmanagement_openvpnui.so usr/lib/kde4/networkmanagement_pptpui.so usr/lib/kde4/networkmanagement_strongswanui.so @@ -26,6 +27,7 @@ usr/share/kde4/services/kcm_networkmanagement_tray.desktop usr/share/kde4/services/kded/networkmanagement.desktop usr/share/kde4/services/networkmanagement_novellvpnui.desktop +usr/share/kde4/services/networkmanagement_openconnectui.desktop usr/share/kde4/services/networkmanagement_openvpnui.desktop usr/share/kde4/services/networkmanagement_pptpui.desktop usr/share/kde4/services/networkmanagement_strongswanui.desktop ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras