OpenConnect 7.08 release

Mike Miller mtmiller at
Tue Dec 13 15:32:34 PST 2016

On Tue, Dec 13, 2016 at 22:50:55 +0000, David Woodhouse wrote:
> On Tue, 2016-12-13 at 14:42 -0800, Mike Miller wrote:
> > Any thoughts about how to make the contents of softhsm2.module more
> > distro-agnostic?
> Build it (from the distro's own one) at configure time? We already
> build softhsm2.conf from anyway.

Sorry, I was jumping back to the .module file here, not the .conf file.

The softhsm2.module file in the release has a hardcoded path to
/usr/lib64. It's a one-liner and easy enough to overwrite here, but will
probably trip up others too.

On Tue, Dec 13, 2016 at 23:00:33 +0000, David Woodhouse wrote:
> But ocserv isn't even *using* SoftHSM. Is it failing to start up purely
> because SoftHSM is broken?

Sorry, you're right, it doesn't have to be in ocserv's environment, that
was a bad assumption on my part, but something about the way that
command line is constructed is not working here. I don't know what the
difference here is, but this patch also fixes it for me

>From 780a9b35fd7a9a4ec162db972591a236a33ee142 Mon Sep 17 00:00:00 2001
From: Mike Miller <mtmiller at>
Date: Tue, 13 Dec 2016 14:51:28 -0800
Subject: [PATCH] Ensure test suite uses local softhsm2.conf

Add SOFTHSM2_CONF to the test environment so it is picked up by

Signed-off-by: Mike Miller <mtmiller at>
 tests/auth-pkcs11 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/auth-pkcs11 b/tests/auth-pkcs11
index adc40f5..230b800 100755
--- a/tests/auth-pkcs11
+++ b/tests/auth-pkcs11
@@ -36,7 +36,8 @@ for TOKEN in ${pkcs11_tokens}; do
     for KEY in ${pkcs11_keys}; do
 	echo -n "Connecting to obtain cookie (token ${TOKEN} key ${KEY})... "
-	( echo "test" | HOME=${srcdir} SOFTHSM2_CONF=softhsm2.conf \
+	export SOFTHSM2_CONF=softhsm2.conf
+	( echo "test" | HOME=${srcdir} \
 			    $OPENCONNECT -q $ADDRESS:443 -u test -c \"${CERTURI}\" --key-password 1234 --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly --passwd-on-stdin ) ||
 	    fail $PID "Could not connect with token ${TOKEN} key ${KEY##*/}!"


More information about the openconnect-devel mailing list