Certificate auth issue in 0.2.2
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Dec 11 04:22:49 EST 2013
On Wed, Dec 11, 2013 at 9:58 AM, Karl <weeker at outlook.com> wrote:
> If it only have digital signature flag, iOS client will complain error
> like: "EKU not found", "CERTIFICATE_ERROR_VERIFY_KEYUSAGE_FAILED:The
> certificate did not contain the required Key Usages", after added the
> other flags, no more errors like these.
So I guess iOS requires the "TLS Web Client Authentication" as well
(the other flags you mentioned are really unrelated). That's
interesting as the client isn't using the certificate for web
authentication (but rather for VPN). Nevertheless, it's nice to know
there are more implementations that enforce the certificate flags.
regards,
Nikos
More information about the openconnect-devel
mailing list