Findings With Latest 7.07-2.el6
Oliver Hernandez
mr.oliver.hernandez at gmail.com
Wed Jul 13 11:52:34 PDT 2016
Quick testing of the build at
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ce3a833dca
revealed a couple issues:
1. Server certificate validation no longer works using the --cafile
option. OpenConnect still warns that verification failed. This only
occurs with a VPN server with a cert signed by an intermediate CA. I
tried with both the intermediate CA cert and root CA cert, and it
still prompts if I want to accept. When connecting to a VPN with a
server cert signed by a root CA, server cert validation passes.
2. Not an issue really, but improved behavior: if the --cookie option
is used, along with the -c option to load a cert from a PKCS#11 token,
OpenConnect is now smart enough to know authenticating is not
necessary, and will ignore -c option and not prompt for a CAC PIN.
More information about the openconnect-devel
mailing list