[Pkg-kde-extras] Bug#669702: Patch to enable openconnect VPN plugin
David Woodhouse
dwmw2 at infradead.org
Fri May 25 21:07:13 UTC 2012
On Fri, 2012-05-25 at 22:45 +0200, Michael Biebl wrote:
> If only openconnect would have used gnutls...
If only gnutls would have given a sane way to use a certificate from a
TPM, and supported DTLS. Hey, maybe I wouldn't have had to write HTTP
client support for myself at all; I could have used one of the multitude
of existing libraries!
Looking to the future though: gnutls does have DTLS support now, and it
shouldn't be that hard to make it support the slightly nonstandard
version of DTLS that Cisco use in AnyConnect. And I'd settle for generic
PKCS#11 module support (even though there's still no sane PKCS#11 module
for TPM access).
Patches to openconnect to make it optionally use gnutls instead of
openssl would be most welcome... and it could be done incrementally;
using gnutls just for the TCP connection first and still using OpenSSL
for DTLS (which happens in openconnect(8) not in libopenconnect). That
would be enough to solve this issue, and adding PKCS#11 support and DTLS
support could come later.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-kde-extras/attachments/20120525/91d7ad4e/attachment.bin>
More information about the pkg-kde-extras
mailing list