The --version command is report 3.15 -----Original Message----- From: mike.t.miller at gmail.com [mailto:mike.t.miller at gmail.com] On Behalf Of Mike Miller Sent: Monday, July 16, 2012 3:26 PM To: Mcclelland, Michael B Mr CTR USN USA Cc: David Woodhouse; openconnect-devel at lists.infradead.org Subject: Re: CAC modules On Mon, Jul 16, 2012 at 1:17 PM, Mcclelland, Michael B Mr CTR USN USA wrote: > I've almost got things working on Ubuntu but I'm having the same issue > I did under fedora with the tokens being visible via p11tool but the > Openconnect client not being able to pull them. LIBGNUTLS28-DEV is > installed. Are you installing binaries from my PPA now or are you still building from source? Are you still working with 4.04 or have you switched to 4.05 since that was released? > view at view-virtual-machine:~$ sudo p11tool --list-certs --login [...] > view at view-virtual-machine:~$ openconnect -c > 'pkcs11:token=MCCLELLAND.MICHAEL.BLAIR.1250312;id=%00%03;object=CAC%20 > Email%20Encryption%20Certificate' https://server.domain Attempting to > connect to 198.253.24.115:443 Failed to open certificate file pkcs11:token=MCCLELLAND.MICHAEL.BLAIR.1250312;id=%00%03;object=CAC%20Email%20Encryption%20Certificate: No such file or directory Loading certificate failed. Aborting. > Failed to open HTTPS connection to server.domain Failed to obtain > WebVPN cookie This looks like OpenConnect is using OpenSSL for the certificate argument rather than GnuTLS. What does 'openconnect --version' display? -- mike
