OpenConnect 7.08 release

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Dec 13, 2016 at 16:28:38 +0000, David Woodhouse wrote:
> I've added a certificate torture test suite and fixed a number of the
> bugs it showed with various esoteric (and not so esoteric) file
> formats. Distributors, please ensure you run 'make check' in your
> package build, and chase up any failures caused by the libraries you're
> building against.

I am unable to get `auth-pkcs11` to pass. The first problem is the
hardcoded Fedora path in tests/.config/pkcs11/modules/softhsm2.module.

After fixing that for my system (/usr/lib/softhsm/libsofthsm2.so), the
test fails with:

Testing PKCS#11 auth... 
warning: skipping unknown option 'cookie-validity'
Parsing plain auth method subconfig using legacy format
note: setting 'certificate+plain' as primary authentication method
note: setting 'file' as supplemental config option
listening (TCP) on 0.0.0.0:443...
listening (TCP) on [::]:443...
listening (UDP) on 0.0.0.0:443...
listening (UDP) on [::]:443...
ocserv[14837]: main: not using control unix socket
ocserv[14837]: main: initialized ocserv 0.11.6
ocserv[14847]: sec-mod: reading supplemental config from files
ocserv[14847]: sec-mod: sec-mod initialized (socket: ./ocserv-socket.14837)
ocserv[14837]: main: processed 1 CA certificate(s)
Connecting to obtain cookie (token openconnect-test key object=RSA)... error in setrlimit(1024): Operation not permitted
p11-kit: softhsm2: module failed to initialize, skipping: Internal error
Error loading certificate from PKCS#11: The requested data were not available.
Loading certificate failed. Aborting.
Failed to open HTTPS connection to 127.0.0.2
Failed to obtain WebVPN cookie
ocserv[14920]: GnuTLS error (at worker-vpn.c:595): The TLS connection was non-properly terminated.
ocserv[14837]: main: 127.0.0.2:24871 user disconnected (reason: unspecified, rx: 0, tx: 0)
Failure: Could not connect with token openconnect-test key object=RSA!
ocserv[14837]: main: termination request received; waiting for children to die
FAIL auth-pkcs11 (exit status: 1)

I'm happy to run more tests if there is something worth debugging here,
but I don't know what to look at.

-- 
mike
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux