On Fri, 2013-11-15 at 11:34 +0000, David Woodhouse wrote: > Christof, what distribution are you using? > Perhaps I can give you a statically linked version (with newer > libnettle, newer gnutls, etc.) to test and make sure this works > correctly? http://david.woodhou.se//openconnect-f19-x64-cert-chain-from-p11 sha1sum 36ff645e63b23974cd0d55c9cb1f888d3fbcf3eb It should attempt to pull the issuer cert from PKCS#11 in the same way that Nikos' code was trying to do it. Please remember to remove the required cert from your --cafile argument (and perhaps check that the original openconnect is failing as expected), before reporting that it works! :) -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20131115/27a98fad/attachment.bin>
