Review Request: Remove licence-incompatible OpenSSL usage from OpenConnect support

Lamarque Vieira Souza lamarque at kde.org
Thu Jun 14 14:06:28 UTC 2012 


> On June 14, 2012, 1 a.m., Lamarque Vieira Souza wrote:
> > vpnplugins/openconnect/openconnectauth.cpp, line 298
> > <http://git.reviewboard.kde.org/r/105185/diff/1/?file=66780#file66780line298>
> >
> >     Looking in /usr/include/openconnect.h I am really not comfortable in not seeing any documentation about how big the buffer for openconnect_get_cert_sha1 should be. You could add a comment explaining that, then this patch is good to go.
> 
> David Woodhouse wrote:
>     I've pushed that change, and it'll appear in the imminent OpenConnect 4.0 release:
>     http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/ce8df71d2a
>     
>     I'm working on improved documentation for the library, which started off as purely internal code with the GNOME auth-dialog being built as part of the openconnect package itself. Does it show? :)
>     
>     Thanks.

Ok, that is enough for me. Ship it :)


- Lamarque Vieira


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/105185/#review14719
-----------------------------------------------------------


On June 9, 2012, 8:41 a.m., David Woodhouse wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/105185/
> -----------------------------------------------------------
> 
> (Updated June 9, 2012, 8:41 a.m.)
> 
> 
> Review request for Network Management.
> 
> 
> Description
> -------
> 
>     OpenConnect: Eliminate OpenSSL dependencies, support new libopenconnect
>     
>     Making libopenconnect support GnuTLS, required for licence compatibility
>     with KDE, means retrospectively changing the ABI so that the certificate
>     is treated as an opaque pointer. The library now provides a get_details()
>     method to get the certificate information in text form, so use that instead
>     of "knowing" that it's an OpenSSL X509 structure.
>     
>     Cope with a couple of other minor API changes which the change of soname
>     gave us the opportunity to introduce.
> 
> 
> Diffs
> -----
> 
>   vpnplugins/openconnect/CMakeLists.txt 3ea15bd5b343b05ac20eb2e94f012d4a14848a25 
>   vpnplugins/openconnect/openconnectauth.h 417bd7eb3898011243e320b5ec095fcfc89db596 
>   vpnplugins/openconnect/openconnectauth.cpp cd9504b0bd100d37fe3c7d09463893f966986239 
>   vpnplugins/openconnect/openconnectauthworkerthread.h 7aa8dfc866a9ea554329c4b3d14a116da74fc0ea 
>   vpnplugins/openconnect/openconnectauthworkerthread.cpp ec93ab2ca2481b8c2d58450a041414b75a1c8f6a 
> 
> Diff: http://git.reviewboard.kde.org/r/105185/diff/
> 
> 
> Testing
> -------
> 
> Building against both old and new libopenconnect, ensuring that OpenSSL is not linked directly when building against new.
> 
> Connecting to VPN from KDE with new libopenconnect (linked against GnuTLS).
> 
> 
> Thanks,
> 
> David Woodhouse
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-networkmanager/attachments/20120614/e4732da0/attachment.html>

More information about the kde-networkmanager mailing list