OpenConnect 7.08 release

[David Woodhouse]

On Tue, 2016-12-13 at 12:02 -0800, Mike Miller wrote:
> On Tue, Dec 13, 2016 at 16:28:38 +0000, David Woodhouse wrote:
> > I've added a certificate torture test suite and fixed a number of the
> > bugs it showed with various esoteric (and not so esoteric) file
> > formats. Distributors, please ensure you run 'make check' in your
> > package build, and chase up any failures caused by the libraries you're
> > building against.
> 
> I am unable to get `auth-pkcs11` to pass. The first problem is the
> hardcoded Fedora path in tests/.config/pkcs11/modules/softhsm2.module.

We might do better on IRC to work through this...

Is SoftHSM installed correctly with a p11-kit .module file in
/usr/share/p11-kit/modules/softhsm.module (or I suppose that should be
$(pkgconfig --variable=p11_module_configs p11-kit-1)/softhsm.module ? 

If not, we probably want to file a bug against it because it won't show
up in applications by default.

> After fixing that for my system (/usr/lib/softhsm/libsofthsm2.so), the
> test fails with:
> 
> Connecting to obtain cookie (token openconnect-test key object=RSA)... error in setrlimit(1024): Operation not permitted
> p11-kit: softhsm2: module failed to initialize, skipping: Internal error
> Error loading certificate from PKCS#11: The requested data were not available.

Hm, is SoftHSM working at all, as packaged? Is it the setrlimit which
is causing a hard failure, or something else?

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20161213/b676aa51/attachment.bin>