Forgot to mention, this is happening on a Juniper VPN. On Wed, Jul 13, 2016 at 4:05 PM, David Woodhouse <dwmw2 at infradead.org> wrote: > On Wed, 2016-07-13 at 14:52 -0400, Oliver Hernandez wrote: >> Quick testing of the build at >> >> https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ce3a833dca >> >> revealed a couple issues: >> >> 1. Server certificate validation no longer works using the --cafile >> option. OpenConnect still warns that verification failed. > > Hm, that's odd. Can you (offline) send me the CAs in question and the > server address? Since it's (necessarily) public-facing it'll be > receiving thousands of probe connections daily anyway; no harm in me > doing one or two more to test this. > > What was the previous version of OpenConnect that you are comparing > with, where this worked as expected? > >> 2. Not an issue really, but improved behavior: if the --cookie option >> is used, along with the -c option to load a cert from a PKCS#11 token, >> OpenConnect is now smart enough to know authenticating is not >> necessary, and will ignore -c option and not prompt for a CAC PIN. > > Hm, I don't remember changing that but OK... > > -- > dwmw2
