Nikos Mavrogiannopoulos
Nikos Mavrogiannopoulos
The UI could still support PKCS#11 directly via gnutls and list the available keys, but I do not know what impact would have that on windows (I'd have expected all...
Have you tried the command line openconnect.exe client? Is there some difference in output there?
One more question, is the command line the command line included in openconnect-gui or another one? If it's the latter, could you try with the included one?
Couldn't immediately figure the issue. I suspect that may be a timing issue. There will be some changes in the TUN device allocation and DTLS setup in newer libopenconnect which...
E.g., https://github.com/nmav/openconnect-mine/commit/19379c7c1545788186e02815b9bb7a0d7cf0eda3
I have no idea how easy would be creating such a provider, but if done, would it help to address #102? That is, would it allow running the VPN as...
What is the reason of this feature? What is the functionality or security advantages of this approach? The fact that anyconnect client has it, is not very compelling (to me...
That could be if openconnect-gui was relying on PKIX. However openconnect is primarily trust on first use and PKIX is only used as fallback.
To add more to that. In VPN space, there is very little PKIX (i.e., the trusted CA list browsers and OS' bring) can do. On most servers you don't want...
So if I understand correctly, your proposal is to offer the choice to switch from "TOFU + PKIX" to "PKIX only". If Lubomir agrees too, I wouldn't object to an...