Findings With Latest 7.07-2.el6
David Woodhouse
dwmw2 at infradead.org
Wed Jul 13 13:05:20 PDT 2016
On Wed, 2016-07-13 at 14:52 -0400, Oliver Hernandez wrote:
> Quick testing of the build at
>
> https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ce3a833dca
>
> revealed a couple issues:
>
> 1. Server certificate validation no longer works using the --cafile
> option. OpenConnect still warns that verification failed.
Hm, that's odd. Can you (offline) send me the CAs in question and the
server address? Since it's (necessarily) public-facing it'll be
receiving thousands of probe connections daily anyway; no harm in me
doing one or two more to test this.
What was the previous version of OpenConnect that you are comparing
with, where this worked as expected?
> 2. Not an issue really, but improved behavior: if the --cookie option
> is used, along with the -c option to load a cert from a PKCS#11 token,
> OpenConnect is now smart enough to know authenticating is not
> necessary, and will ignore -c option and not prompt for a CAC PIN.
Hm, I don't remember changing that but OK...
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160713/bbf6c400/attachment.bin>
More information about the openconnect-devel
mailing list