Openconnect with PKCS11 on Ubunbtu 12.10

David Woodhouse dwmw2 at
Wed Sep 26 06:51:07 EDT 2012

On Fri, 2012-09-21 at 17:25 +0000, Lee Matthews wrote:
> I have made some progress. My 1st issue was there was 
> no /etc/gnutls/pkcs11.conf.
> Once I created that and added load=/usr/lib/ things started to 
> progress.
> sudo ptool11 --list-all --login does not give the segmentation fault now.
> I figured out what to pass in the pkcs11 URL and I am getting farther along 
> now.
> Thanks again for your help, suggestions, patience and quick responses. I will 
> test some more tonight when offsite. 

Is this all working OK now? You should still file the bug about the SEGV
when you have no /etc/gnutls/pkcs11.conf. And I think it should be
configured in /etc/pkcs11/modules/ in fact, so it works for all p11-kit
users and not *just* GnuTLS.

We definitely ought to have a better way to choose certificates. It's a
serious usability issue. NetworkManager-openconnect can work with
PKCS#11 certificates, but you have to manually edit its configuration
file to set it up; the UI doesn't let you set it up at all.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list