Getting "SSL connection failure: PKCS #11 error." even when supplying the correct CA file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2017-04-28 at 12:02 +0200, David Raison wrote:
> 
> On 28/04/17 11:38, David Woodhouse wrote:
> > 
> > PKCS#11 is the local module for your smart card. It's not about the
> > server's certificate.
> That's what I thought at first, but then it worked with anyconnect when
> I had made that change, so I believed it might be related.
> 
> And it had worked before? for like 2 days before it started failing for
> everyone using this client certificate provider and VPN gateway on
> Linux. The smartcards haven't changed, so it must be some external factor.

What is the PKCS#11 provider module you're using??

It's possible that something in the exchange over the network is
causing us to trigger a latent bug... hard to say before we see more
debugging info really.

We should also try with pkcs11-spy.

> > 
> > Can you run with --gnutls-debug=99
> Which version of openconnect does this work on? I'm using 6.00 and
> installing 7.08 from apt on debian would mean upgrading libstdc++6 and a
> whole bunch of dependencies. I can try this on a random machine though.

Trying it on a random Fedora machine would be best, if that's possible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4938 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170428/3b4cbf6a/attachment-0001.bin>


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux