Commit a8d550ec authored by David Woodhouse's avatar David Woodhouse

Update licence and TPM docs

Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent 0201cdda
/*
* OpenConnect (SSL + DTLS) VPN client
*
* Copyright © 2018 David Woodhouse.
*
* Author: David Woodhouse <dwmw2@infradead.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* version 2.1, as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*/
/* Portions taken from tpm2-tss-engine, copyright as below: */
/*******************************************************************************
* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
* All rights reserved.
......
......@@ -5,7 +5,7 @@ CONV = "$(srcdir)/html.py"
FTR_PAGES = csd.html charset.html token.html pkcs11.html tpm.html features.html gui.html nonroot.html hip.html
START_PAGES = building.html connecting.html manual.html vpnc-script.html
INDEX_PAGES = changelog.html download.html index.html packages.html platforms.html
INDEX_PAGES = changelog.html download.html index.html packages.html platforms.html licence.html
PROTO_PAGES = anyconnect.html juniper.html globalprotect.html
TOPLEVEL_PAGES = contribute.html mail.html
......
......@@ -31,7 +31,8 @@ And <em>optionally</em> also:
<li><b><tt><a href="http://p11-glue.freedesktop.org/p11-kit.html">p11-kit</a></tt></b> <i>(for PKCS#11 support)</i></li>
<li><b><tt><a href="https://github.com/OpenSC/libp11/wiki">libp11</a></tt></b> <i>(also needed for PKCS#11 support if using OpenSSL)</i></li>
<li><b><tt><a href="http://code.google.com/p/libproxy/">libproxy</a></tt></b></li>
<li><b><tt><a href="http://trousers.sourceforge.net/">trousers</a></tt></b> <i>(for TPM support if using GnuTLS)</i></li>
<li><b><tt><a href="http://trousers.sourceforge.net/">trousers</a></tt></b> <i>(for TPMv1 support if using GnuTLS)</i></li>
<li><b><tt><a href="https://github.com/tpm2-software/tpm2-tss">tss2-esys</a></tt></b> and <b><tt><a href="https://www.gnu.org/software/libtasn1/">libtasn1</a></tt></b> <i>(for TPMv2 support if using GnuTLS)</i></li>
<li><b><tt><a href="http://stoken.sourceforge.net/">libstoken</a></tt></b> <i>(for SecurID software token support)</i></li>
<li><b><tt><a href="http://www.nongnu.org/oath-toolkit/">libpskc</a></tt></b> <i>(for RFC6030 PSKC file storage of HOTP/TOTP keys)</i></li>
<li><b><tt><a href="https://pcsclite.alioth.debian.org/pcsclite.html">libpcsclite</a></tt></b> <i>(for Yubikey hardware HOTP/HOTP support)</i></li>
......
......@@ -13,7 +13,7 @@
It has since been ported to support the Juniper SSL VPN (which is now known as <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a>),
and to the <a href="https://www.paloaltonetworks.com/features/vpn">Palo Alto Networks GlobalProtect SSL VPN</a>.</p>
<p>OpenConnect is released under the GNU Lesser Public License, version 2.1.</p>
<p>OpenConnect is released under the <a href="licence.html">GNU Lesser Public License, version 2.1</a>.</p>
<p>Like <a href="http://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a>,
OpenConnect is not officially supported by, or associated in any way
......
This diff is collapsed.
......@@ -5,5 +5,6 @@
<MENU topic="Download" link="download.html" mode="VAR_SEL_DOWNLOAD" />
<MENU topic="Packages" link="packages.html" mode="VAR_SEL_PACKAGES" />
<MENU topic="Changelog" link="changelog.html" mode="VAR_SEL_CHANGELOG" />
<MENU topic="Licence" link="licence.html" mode="VAR_SEL_LICENCE" />
<ENDMENU />
</PAGE>
......@@ -16,18 +16,20 @@ typical PKCS#11 keys, the key is encrypted by the TPM and handed back
to the user to be saved in a PEM file. Only the same TPM can decrypt
the file, and use the private key.</p>
<p>Use of TPM-wrapped keys is entirely transparent with GnuTLS. If built with
TPM support, OpenConnect will automatically use the TPM when presented with
an approprate PEM file with a TPM-wrapped key.</p>
<p>For OpenSSL, the appropriate TPM ENGINE must be installed correctly on the system,
and OpenConnect will load and use it automatically when appropriate.
<p>Use of TPM-wrapped keys is intended to be entirely
transparent. OpenConnect will automatically use the TPM when presented
with an appropriate PEM file with a TPM-wrapped key.</p>
<p>When OpenConnect is built with OpenSSL, the appropriate TPM ENGINE
must be installed correctly on the system, and OpenConnect will load
and use it automatically when appropriate.
</p>
<p>For GnuTLS builds of OpenConnect, it needs to have been built with
the appropriate TPM (v1 or v2) support built-in.</p>
<h2>TPM v1</h2>
<p>TPM v1 wrapped keys are supported with both OpenSSL and GnuTLS builds of OpenConnect.
These keys appear in the form of a PEM file marked with the tag:
<p>TPM v1 wrapped keys appear in the form of a PEM file marked with the tag:
<pre>-----BEGIN TSS KEY BLOB-----</pre>
These files can be created by the <tt>create_tpm_key</tt> tool which is
part of the
......@@ -45,7 +47,7 @@ The <a href="https://github.com/tpm2-software/tpm2-tss-engine">tpm2-tss-engine</
Both of these OpenSSL engines can be used by OpenConnect if they are installed.</p>
<p>GnuTLS support for TPM v2 has not yet been implemented but is being worked on.</p>
<p>The GnuTLS build of OpenConnect supports the former variant, when built with the <tt>libtasn1</tt> and <tt>tss2-esys</tt> libraries.</p>
<INCLUDE file="inc/footer.tmpl" />
</PAGE>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment