Certificate auth issue in 0.2.2

Karl weeker at outlook.com
Mon Dec 9 17:04:50 EST 2013

That works great on Android now. Thanks, Nikos.

On iOS client, it still fails at infinite username prompt, log:

ocserv[14809]: [MYIP]:61337 accepted connection
ocserv[14809]: GnuTLS error (at worker-vpn.c:571): The TLS connection
was non-properly terminated.
ocserv[14807]: [MYIP]:61337 command socket closed

tls-debug log: http://pastebin.com/9SAjZJ79

iOS client complains : No valid certificates available for
authentication. Which Cisco doc said: "The secure gateway did not
accept any of the certificates AnyConnect provided. No more
certificates remain."

On Tue, Dec 10, 2013 at 5:14 AM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On Tue, 2013-12-10 at 04:11 +0800, Karl wrote:
>> No luck.
>> error verifying client certificate: No
>> certificate was found.
>> ocserv[13873]: sec-mod received request from pid 13878 and uid 65534
>> ocserv[13878]: [MYIP]:37082 TLS handshake completed
>> ocserv[13878]: [MYIP]:37082 sending cookie authentication request
>> ocserv[13872]: [MYIP]:37082 user 'user' presented a certificate from user ''
> I think we are getting closer though (you may try again).
> regards,
> Nikos

More information about the openconnect-devel mailing list