On Fri, 2017-04-28 at 12:02 +0200, David Raison wrote: > > On 28/04/17 11:38, David Woodhouse wrote: > > > > PKCS#11 is the local module for your smart card. It's not about the > > server's certificate. > That's what I thought at first, but then it worked with anyconnect when > I had made that change, so I believed it might be related. > > And it had worked before? for like 2 days before it started failing for > everyone using this client certificate provider and VPN gateway on > Linux. The smartcards haven't changed, so it must be some external factor. What is the PKCS#11 provider module you're using?? It's possible that something in the exchange over the network is causing us to trigger a latent bug... hard to say before we see more debugging info really. We should also try with pkcs11-spy. > > > > Can you run with --gnutls-debug=99 > Which version of openconnect does this work on? I'm using 6.00 and > installing 7.08 from apt on debian would mean upgrading libstdc++6 and a > whole bunch of dependencies. I can try this on a random machine though. Trying it on a random Fedora machine would be best, if that's possible. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4938 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170428/3b4cbf6a/attachment-0001.bin>
