openconnect with Belgian EID

David Woodhouse dwmw2 at
Fri Nov 8 07:44:51 EST 2013

On Fri, 2013-11-08 at 13:13 +0100, Christof Haerens wrote:
> Well you helped me getting things to work, so if you need someone to
> test these things with the Belgian EID, let me know.

Thanks. I think I can probably reproduce this here, though.

Intel uses a string of intermediate certs too, and if I deliberately
remove one of them from my cafile and make sure it's present on my USB
key, I can test the code which needs to look it up.

I can make sure there's another CA with the *same* name in my key too,
to make sure the code is picking the *right* one. Something which
software has often got wrong.

Once we think we have it working, then I'll get you to test without the
explicit addition to your cafile, just to make sure.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list