On 28/04/17 11:38, David Woodhouse wrote: > PKCS#11 is the local module for your smart card. It's not about the > server's certificate. That's what I thought at first, but then it worked with anyconnect when I had made that change, so I believed it might be related. And it had worked before? for like 2 days before it started failing for everyone using this client certificate provider and VPN gateway on Linux. The smartcards haven't changed, so it must be some external factor. > Can you run with --gnutls-debug=99 Which version of openconnect does this work on? I'm using 6.00 and installing 7.08 from apt on debian would mean upgrading libstdc++6 and a whole bunch of dependencies. I can try this on a random machine though. regards, David -- TenTwentyFour S.? r.l. W: www.tentwentyfour.lu T: +352 20 211 1024 F: +352 20 211 1023 9 av. des Hauts-Fourneaux 4362 Esch-sur-Alzette -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170428/daf23e5f/attachment.sig>
