Certificate auth issue in 0.2.2

Karl weeker at outlook.com
Wed Dec 11 04:35:32 EST 2013


Yes, "TLS Web Client Authentication" I put also, tried different user
certs, but all failed to connect.

On Wed, Dec 11, 2013 at 5:22 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On Wed, Dec 11, 2013 at 9:58 AM, Karl <weeker at outlook.com> wrote:
>> If it only have digital signature flag, iOS client will complain error
>> like: "EKU not found", "CERTIFICATE_ERROR_VERIFY_KEYUSAGE_FAILED:The
>> certificate did not contain the required Key Usages", after added the
>> other flags, no more errors like these.
>
> So I guess iOS requires the "TLS Web Client Authentication" as well
> (the other flags you mentioned are really unrelated). That's
> interesting as the client isn't using the certificate for web
> authentication (but rather for VPN). Nevertheless, it's nice to know
> there are more implementations that enforce the certificate flags.
>
> regards,
> Nikos



More information about the openconnect-devel mailing list