On Wed, 2016-07-13 at 14:52 -0400, Oliver Hernandez wrote: > Quick testing of the build at > > https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ce3a833dca > > revealed a couple issues: > > 1. Server certificate validation no longer works using the --cafile > option. OpenConnect still warns that verification failed. Hm, that's odd. Can you (offline) send me the CAs in question and the server address? Since it's (necessarily) public-facing it'll be receiving thousands of probe connections daily anyway; no harm in me doing one or two more to test this. What was the previous version of OpenConnect that you are comparing with, where this worked as expected? > 2. Not an issue really, but improved behavior: if the --cookie option > is used, along with the -c option to load a cert from a PKCS#11 token, > OpenConnect is now smart enough to know authenticating is not > necessary, and will ignore -c option and not prompt for a CAC PIN. Hm, I don't remember changing that but OK... -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5760 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160713/bbf6c400/attachment.bin>
