Certificate auth issue in 0.2.2

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Dec 10 02:48:25 EST 2013

On Mon, Dec 9, 2013 at 11:04 PM, Karl <weeker at outlook.com> wrote:
> That works great on Android now. Thanks, Nikos.
> On iOS client, it still fails at infinite username prompt, log:
> ocserv[14809]: [MYIP]:61337 accepted connection
> ocserv[14809]: GnuTLS error (at worker-vpn.c:571): The TLS connection
> was non-properly terminated.
> ocserv[14807]: [MYIP]:61337 command socket closed
> tls-debug log: http://pastebin.com/9SAjZJ79
> iOS client complains : No valid certificates available for
> authentication. Which Cisco doc said: "The secure gateway did not
> accept any of the certificates AnyConnect provided. No more
> certificates remain."

Well, I cannot tell much from the log as I don't know to which gnutls
version it corresponds to. However what I see there is the client
receiving the certificate request and (possibly) bailing out. That
could mean that the client didn't like the CA certificate that was
sent be the server (possibly it didn't correspond to its client
certificate?). Is there debugging output available on the ios client?


More information about the openconnect-devel mailing list