Findings With Latest 7.07-2.el6

Oliver Hernandez mr.oliver.hernandez at gmail.com
Wed Jul 13 11:52:34 PDT 2016


Quick testing of the build at

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ce3a833dca

revealed a couple issues:

1. Server certificate validation no longer works using the --cafile
option.  OpenConnect still warns that verification failed.  This only
occurs with a VPN server with a cert signed by an intermediate CA.  I
tried with both the intermediate CA cert and root CA cert, and it
still prompts if I want to accept.  When connecting to a VPN with a
server cert signed by a root CA, server cert validation passes.

2. Not an issue really, but improved behavior: if the --cookie option
is used, along with the -c option to load a cert from a PKCS#11 token,
OpenConnect is now smart enough to know authenticating is not
necessary, and will ignore -c option and not prompt for a CAC PIN.



More information about the openconnect-devel mailing list