Certificate auth issue in 0.2.2

Karl weeker at outlook.com
Sun Dec 8 10:35:42 EST 2013

certtool --verify --load-ca-certificate ca-cert.pem --infile user-cert.pem
Chain verification output: Verified. The certificate is trusted.

I found it quite different between iOS and Android AnyConnect client,
both failed to connect, but Android looks go further, iOS always
prompts username, Android will prompt password after input username.

Android client's log: http://pastebin.com/VxubQJQv
iOS client's log: http://pastebin.com/XNYK6iRk

On Sun, Dec 8, 2013 at 3:41 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Sun, 2013-12-08 at 03:53 +0800, Karl wrote:
>> Yes, sure, ca-cert set, log shows "[main] processed 1 CA
>> certificate(s)", and the cert-user-oid set to use CN too, but no luck.
> Try verifying the certificate that is sent by the client manually using
> certtool and the CA file. What is the output? If it is verified
> correctly try enabling debugging (--tls-debug) in ocserv to pin-point
> the issue, and if it is not obvious send the relevant parts of the log
> here.
> As I see you error is not a verification failure, but a failure of the
> verification function which is quite uncommon.
> regards,
> Nikos

More information about the openconnect-devel mailing list