Certificate auth issue in 0.2.2

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Dec 11 04:22:49 EST 2013


On Wed, Dec 11, 2013 at 9:58 AM, Karl <weeker at outlook.com> wrote:
> If it only have digital signature flag, iOS client will complain error
> like: "EKU not found", "CERTIFICATE_ERROR_VERIFY_KEYUSAGE_FAILED:The
> certificate did not contain the required Key Usages", after added the
> other flags, no more errors like these.

So I guess iOS requires the "TLS Web Client Authentication" as well
(the other flags you mentioned are really unrelated). That's
interesting as the client isn't using the certificate for web
authentication (but rather for VPN). Nevertheless, it's nice to know
there are more implementations that enforce the certificate flags.

regards,
Nikos



More information about the openconnect-devel mailing list