• David Woodhouse's avatar
    Cope with lack of gnutls_certificate_set_key() in GnuTLS 2.12 · 25d9be59
    David Woodhouse authored
    We *can* use arbitrary privkeys, by using the cert_callback to provide
    them on demand.
    
    And even without gnutls_privkey_import_ext() to give us a constructed
    privkey that represents the TPM key, we can cope by registering a
    sign_callback on the TLS session.
    
    This means that we can support the TPM, and also fix the lack of extra
    supporting certs and expiry check when using PKCS#11 certs with GnuTLS 2.12.
    
    It also means my code is an even bigger mess of #ifdefs than it was before.
    Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
    25d9be59
openconnect-internal.h 10.4 KB