Review Request: Remove licence-incompatible OpenSSL usage from OpenConnect support

David Woodhouse dwmw2 at infradead.org
Thu Jun 14 00:35:02 UTC 2012 


> On June 12, 2012, 12:38 p.m., Lamarque Vieira Souza wrote:
> > vpnplugins/openconnect/openconnectauth.cpp, line 298
> > <http://git.reviewboard.kde.org/r/105185/diff/1/?file=66780#file66780line298>
> >
> >     Doesn't exist a #define we can use instead of hardcoding the number 41 here?

The problem is that the #defines belong to the crypto libraries — GnuTLS or OpenSSL. And the libopenconnect library has been modified to avoid exposing them. If I added a #define to openconnect.h then using it would break the build against older libraries... unless we add more #ifdefs to cope with that.

On the whole, since the size of a SHA1 is never going to change, I'm most inclined to leave it as it is. It's quite clear what it's for, since the call to openconnect_get_cert_sha1() is within three lines in both cases.

Unless you strongly object, let's leave this as it is.


- David


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/105185/#review14655
-----------------------------------------------------------


On June 9, 2012, 8:41 a.m., David Woodhouse wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/105185/
> -----------------------------------------------------------
> 
> (Updated June 9, 2012, 8:41 a.m.)
> 
> 
> Review request for Network Management.
> 
> 
> Description
> -------
> 
>     OpenConnect: Eliminate OpenSSL dependencies, support new libopenconnect
>     
>     Making libopenconnect support GnuTLS, required for licence compatibility
>     with KDE, means retrospectively changing the ABI so that the certificate
>     is treated as an opaque pointer. The library now provides a get_details()
>     method to get the certificate information in text form, so use that instead
>     of "knowing" that it's an OpenSSL X509 structure.
>     
>     Cope with a couple of other minor API changes which the change of soname
>     gave us the opportunity to introduce.
> 
> 
> Diffs
> -----
> 
>   vpnplugins/openconnect/CMakeLists.txt 3ea15bd5b343b05ac20eb2e94f012d4a14848a25 
>   vpnplugins/openconnect/openconnectauth.h 417bd7eb3898011243e320b5ec095fcfc89db596 
>   vpnplugins/openconnect/openconnectauth.cpp cd9504b0bd100d37fe3c7d09463893f966986239 
>   vpnplugins/openconnect/openconnectauthworkerthread.h 7aa8dfc866a9ea554329c4b3d14a116da74fc0ea 
>   vpnplugins/openconnect/openconnectauthworkerthread.cpp ec93ab2ca2481b8c2d58450a041414b75a1c8f6a 
> 
> Diff: http://git.reviewboard.kde.org/r/105185/diff/
> 
> 
> Testing
> -------
> 
> Building against both old and new libopenconnect, ensuring that OpenSSL is not linked directly when building against new.
> 
> Connecting to VPN from KDE with new libopenconnect (linked against GnuTLS).
> 
> 
> Thanks,
> 
> David Woodhouse
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-networkmanager/attachments/20120614/7653c13d/attachment-0001.html>

More information about the kde-networkmanager mailing list