Findings With Latest 7.07-2.el6

Oliver Hernandez mr.oliver.hernandez at
Wed Jul 13 11:52:34 PDT 2016

Quick testing of the build at

revealed a couple issues:

1. Server certificate validation no longer works using the --cafile
option.  OpenConnect still warns that verification failed.  This only
occurs with a VPN server with a cert signed by an intermediate CA.  I
tried with both the intermediate CA cert and root CA cert, and it
still prompts if I want to accept.  When connecting to a VPN with a
server cert signed by a root CA, server cert validation passes.

2. Not an issue really, but improved behavior: if the --cookie option
is used, along with the -c option to load a cert from a PKCS#11 token,
OpenConnect is now smart enough to know authenticating is not
necessary, and will ignore -c option and not prompt for a CAC PIN.

More information about the openconnect-devel mailing list