Getting "SSL connection failure: PKCS #11 error." even when supplying the correct CA file

David Raison david at
Tue Sep 19 01:02:54 PDT 2017

On 19/09/17 09:48, David Raison wrote:
> I'm not sure I've actually been able to get pkcs11-spy output. It's not
> really clear to me how to do this and setting the env vars alone (as
> described on the opensc wiki, does not output anything for me).

If this is the way to do it, then I have to sort out this Segmentation
fault, maybe try it on fedora instead of debian, as you initially suggested:

> LD_PRELOAD=/usr/lib/x86_64-linux-gnu/ OPENSC_DEBUG=9 PKCS11SPY_OUTPUT=logfile PKCS11SPY=/usr/lib/pkcs11/ openconnect --gnutls-debug=99 -v --script /usr/share/vpnc-scripts/vpnc-script -c …

At least it does create a logfile, up until the point where it segfaults.


TenTwentyFour S.à r.l.
T: +352 20 211 1024
F: +352 20 211 1023
3 Avenue du Blues
L-4368 Belvaux

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openconnect-devel mailing list