OpenConnect 7.08 release
Mike Miller
mtmiller at debian.org
Tue Dec 13 12:02:56 PST 2016
On Tue, Dec 13, 2016 at 16:28:38 +0000, David Woodhouse wrote:
> I've added a certificate torture test suite and fixed a number of the
> bugs it showed with various esoteric (and not so esoteric) file
> formats. Distributors, please ensure you run 'make check' in your
> package build, and chase up any failures caused by the libraries you're
> building against.
I am unable to get `auth-pkcs11` to pass. The first problem is the
hardcoded Fedora path in tests/.config/pkcs11/modules/softhsm2.module.
After fixing that for my system (/usr/lib/softhsm/libsofthsm2.so), the
test fails with:
Testing PKCS#11 auth...
warning: skipping unknown option 'cookie-validity'
Parsing plain auth method subconfig using legacy format
note: setting 'certificate+plain' as primary authentication method
note: setting 'file' as supplemental config option
listening (TCP) on 0.0.0.0:443...
listening (TCP) on [::]:443...
listening (UDP) on 0.0.0.0:443...
listening (UDP) on [::]:443...
ocserv[14837]: main: not using control unix socket
ocserv[14837]: main: initialized ocserv 0.11.6
ocserv[14847]: sec-mod: reading supplemental config from files
ocserv[14847]: sec-mod: sec-mod initialized (socket: ./ocserv-socket.14837)
ocserv[14837]: main: processed 1 CA certificate(s)
Connecting to obtain cookie (token openconnect-test key object=RSA)... error in setrlimit(1024): Operation not permitted
p11-kit: softhsm2: module failed to initialize, skipping: Internal error
Error loading certificate from PKCS#11: The requested data were not available.
Loading certificate failed. Aborting.
Failed to open HTTPS connection to 127.0.0.2
Failed to obtain WebVPN cookie
ocserv[14920]: GnuTLS error (at worker-vpn.c:595): The TLS connection was non-properly terminated.
ocserv[14837]: main: 127.0.0.2:24871 user disconnected (reason: unspecified, rx: 0, tx: 0)
Failure: Could not connect with token openconnect-test key object=RSA!
ocserv[14837]: main: termination request received; waiting for children to die
FAIL auth-pkcs11 (exit status: 1)
I'm happy to run more tests if there is something worth debugging here,
but I don't know what to look at.
--
mike
More information about the openconnect-devel
mailing list