On 28/04/17 12:17, David Woodhouse wrote: > >> And it had worked before? for like 2 days before it started failing for >> everyone using this client certificate provider and VPN gateway on >> Linux. The smartcards haven't changed, so it must be some external factor. > What is the PKCS#11 provider module you're using? It's a gemalto middleware, version 7.2.0-b04: > gemalto: /usr/lib/pkcs11/libgclib.so > library-description: PKCS#11 Cryptoki Multiplexer > library-manufacturer: Gemplus > library-version: 5.1 > It's possible that something in the exchange over the network is > causing us to trigger a latent bug... hard to say before we see more > debugging info really. > > We should also try with pkcs11-spy. OK, I will try to get both some debugging output from pkcs11-spy and --gnutls-debug over the next few days. Thanks for the help so far! David -- TenTwentyFour S.? r.l. W: www.tentwentyfour.lu T: +352 20 211 1024 F: +352 20 211 1023 9 av. des Hauts-Fourneaux 4362 Esch-sur-Alzette -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170428/9af8343d/attachment.sig>
