Getting "SSL connection failure: PKCS #11 error." even when supplying the correct CA file
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Wed Sep 20 03:08:53 PDT 2017
On Tue, Sep 19, 2017 at 9:42 PM, David Raison <david at tentwentyfour.lu> wrote:
> On 19/09/17 10:02, David Raison wrote:
>> If this is the way to do it, then I have to sort out this Segmentation
>> fault, maybe try it on fedora instead of debian, as you initially suggested:
>>
>>> LD_PRELOAD=/usr/lib/x86_64-linux-gnu/pkcs11-spy.so OPENSC_DEBUG=9 PKCS11SPY_OUTPUT=logfile PKCS11SPY=/usr/lib/pkcs11/libgclib.so openconnect --gnutls-debug=99 -v --script /usr/share/vpnc-scripts/vpnc-script -c …
>> At least it does create a logfile, up until the point where it segfaults.
>
> Unfortunately, I have the exact same behavior on Fedora:
>
>> Initializing PKCS #11 modules
>> Segmentation fault (core dumped)
>
> Which means I'm stuck again. I have the same "SSL connection failure:
> PKCS #11 error" on debian and fedora and I have the exact same
> segmentation fault.
> The version of opensc on debian is 0.16.0-3 while the one on fedora is
> 0.17.0-1fc26
That doesn't matter as you don't use opensc. Most likely the crash is
in libgclib.so. Try running the same command under valgrind to verify
that. In that case, there is not much to do except reporting that to
the provider of the pkcs11 module (gemalto).
regards,
Nikos
More information about the openconnect-devel
mailing list