On 7 March 2024 19:03:33 GMT, traxto...@gmail.com wrote: >David, >tried to patch it no luck >i.e. >diff -ur openconnect-9.12.orig/gnutls_tpm2_esys.c openconnect- >9.12/gnutls_tpm2_esys.c >--- openconnect-9.12.orig/gnutls_tpm2_esys.c 2022-04-28 >17:58:05.000000000 +0200 >+++ openconnect-9.12/gnutls_tpm2_esys.c 2024-03-07 16:03:54.521631835 >+0100 >@@ -498,12 +498,11 @@ > case SHA1_SIZE: inScheme.details.ecdsa.hashAlg = >TPM2_ALG_SHA1; break; > case SHA256_SIZE: inScheme.details.ecdsa.hashAlg = >TPM2_ALG_SHA256; break; > case SHA384_SIZE: inScheme.details.ecdsa.hashAlg = >TPM2_ALG_SHA384; break; >- case SHA512_SIZE: inScheme.details.ecdsa.hashAlg = >TPM2_ALG_SHA512; break; >+ case SHA512_SIZE: inScheme.details.ecdsa.hashAlg = >TPM2_ALG_SHA512; digest.size = 32 ; break; > default: >- vpn_progress(vpninfo, PRG_ERR, >- _("Unknown TPM2 EC digest size %d for >algo 0x%x\n"), >- data->size, algo); >- return GNUTLS_E_PK_SIGN_FAILED; >+ inScheme.details.ecdsa.hashAlg = TPM2_ALG_SHA512;
That wants to be SHA256 too. >+ digest.size = 32; >+ break; > } > > memcpy(digest.buffer, data->data, data->size); > >I am on Fedora 39 using gnutls-3.8.3-1.fc39.x86_64 Ah, by v3.8 GnuTLS actually includes my TPMv2 code natively. Can you test with gnutls-cli connecting to the same server with the same key? _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel