Openconnect with PKCS11 on Ubunbtu 12.10
David Woodhouse
dwmw2 at infradead.org
Wed Sep 26 06:51:07 EDT 2012
On Fri, 2012-09-21 at 17:25 +0000, Lee Matthews wrote:
> I have made some progress. My 1st issue was there was
> no /etc/gnutls/pkcs11.conf.
> Once I created that and added load=/usr/lib/opensc-pksc11.so things started to
> progress.
> sudo ptool11 --list-all --login does not give the segmentation fault now.
> I figured out what to pass in the pkcs11 URL and I am getting farther along
> now.
>
> Thanks again for your help, suggestions, patience and quick responses. I will
> test some more tonight when offsite.
Is this all working OK now? You should still file the bug about the SEGV
when you have no /etc/gnutls/pkcs11.conf. And I think it should be
configured in /etc/pkcs11/modules/ in fact, so it works for all p11-kit
users and not *just* GnuTLS.
We definitely ought to have a better way to choose certificates. It's a
serious usability issue. NetworkManager-openconnect can work with
PKCS#11 certificates, but you have to manually edit its configuration
file to set it up; the UI doesn't let you set it up at all.
https://bugzilla.gnome.org/show_bug.cgi?id=679860
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120926/fd851542/attachment.bin>
More information about the openconnect-devel
mailing list