On Sun, 5 Apr 2020 at 23:11, David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote: > > On Sun, 2020-04-05 at 23:08 +0200, Kai G wrote: > > On Sun, 5 Apr 2020 at 23:03, David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote: > > > > > > On Sun, 2020-04-05 at 22:49 +0200, Kai G wrote: > > > > After Client Hello and Server Hello the server sends a certificate > > > > request and this is the answer sent by the anyconnect client. > > > > Should't there be certificates visible? When the server sends its cert > > > > it has a length of 1709 but here in the clients response the > > > > certificates length is 0. > > > > > > Yeah, I'd expect to see it there, if you have the right part of the > > > exchange. > > > > > > Can you try OpenConnect 8.07? There's a possibility this was fixed by > > > https://gitlab.com/openconnect/openconnect/-/merge_requests/76 > > > > Thanks, I will try that. Any chance to even get that running on that > > Ubuntu 18.04 machine regarding dependencies > > or will I need something newer? > > https://launchpad.net/~dwmw2/+archive/ubuntu/openconnect Thank god - I was already downloading sources and deps :) No change in behaviour however with 8.07. But: I captured again using wireshark after completely restarting the anyconnect client and this time it sent the cert *and* an intermediate cert! Yay! That was the problem, you were right all along. For reference, I now copied both certs to a PEM file and call openconnect like that: $ openconnect -c exported-cert.crt -k 'pkcs11:manufacturer=xxxxx;id=%11' https://vpngw.gw.xx.xx/ Works like a charm! Thanks! _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
