David Woodhouse
David Woodhouse
How does #139 look?
I guess this is probably a combination of lack of support for gzip'd certificates (see commit 3dce5b06e07) and poor error reporting from `do_store_cert()` when it can't read the cert.
It's `d2i_X509()` which is failing. Which is hardly surprising really, when you feed it something that looks like this... ``` 0000: 0x70 0x82 0x05 0x84 0x1f 0x8b 0x08 0x00 0x41...
Proof of concept gets me to the next step... ``` --- a/ykcs11/openssl_utils.c +++ b/ykcs11/openssl_utils.c @@ -33,16 +33,43 @@ #include "../tool/util.h" // TODO: share this better? #include "debug.h" #include +#include CK_RV...
... and this finally makes it work for my first real test case ``` --- a/ykcs11/objects.c +++ b/ykcs11/objects.c @@ -476,7 +476,7 @@ CK_RV get_doa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { /* Get...
Quoting from https://github.com/Yubico/yubico-piv-tool/issues/94#issuecomment-251117387: > For example regarding #93 linking against zlib is fine, but I think that that part should be moved from the module into libykpiv. Note that in...
https://gitlab.com/openconnect/openconnect/-/issues/425
The SAML support is merged in OpenConnect v9.01 and the latest version of the GNOME NetworkManager authentication dialog has support for the webview part. We'd be very interested in hearing...
You need NetworkManager-openconnect from git; it isn't released yet.
> journalctl output is not helpful. Yeah, we should fix that. In the short term since you're building it anyway (thanks) you can try something like this: ``` diff --git...