On Thu, 2018-05-10 at 21:45 +0000, Ryan Taylor wrote: > Fedora 27. The stuff in /etc/pki, specifically /etc/pki/ca- > trust/extracted/openssl/ca-bundle.trust.crt I believe, from the > ca-certificates-2018.2.22-1.0.fc27.noarch package. OK, then it's expected to work. If you'd said "Ubuntu" we would mostly just point and laugh; coherent system trust doesn't work there. Did you install a new CA there or is it one of the standard ones that are shipped in Fedora? Precisely what is the failure mode when the cert isn't trusted? Can you point me at the server (in private if you must, but it'll be getting thousands of portscans a day anyway). If you can drop into irc.oftc.net #openconnect we can perhaps reduce latency a little... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5213 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20180510/eeaf2476/attachment-0001.bin>
