libp11-kit0

David Woodhouse dwmw2 at infradead.org
Wed Feb 24 04:38:53 PST 2016


On Thu, 2015-10-01 at 15:55 +0000, Edwards, Kristofer wrote:
> I am running into an issue if libp11-kit0 is above version 0.20.7-1
> openconnect will no longer allow juniper connections.  It will go
> through the entire process and show that it established the
> connection
> but the resources are not available. 
> 
> it shows the response of 
> Connected to HTTPS on vpn.myconnection.com
> SSL negotiation with vpn.myconnection.com
> Connected to HTTPS on vpn.myconnection.com
> Connected tun0 as x.x.x.x, using SSL 
> ESP session established with server
> 
> drop to command line attempt connection to my workstation and it will
> not resolve nor ping.
> 
> Rollback the libp11-kit0 version to 0.20.7-1 and everything is
> working as normal.

That's bizarre, especially if you aren't even *using* PKCS#11

Does the problem go away if you rebuild GnuTLS and/or OpenConnect
against the newer p11-kit? What version did you upgrade to?

I note that libp11-kit didn't bump its soname between the 0.20.7
release and later releases, and if there *was* an incompatible change
then it probably should have. But I'm still confused as to how an ABI
incompatibility in libp11-kit would lead to the symptoms you describe.

-- 
dwmw2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160224/8fa74d44/attachment.bin>


More information about the openconnect-devel mailing list