Findings With Latest 7.07-2.el6

Oliver Hernandez mr.oliver.hernandez at
Wed Jul 13 18:22:48 PDT 2016

I'll send you the requested info.

I'm comparing to v7.06 built for EL6, posted by Nikos
Mavrogiannopoulos to the mailing list in an earlier thread I started.

On Wed, Jul 13, 2016 at 4:05 PM, David Woodhouse <dwmw2 at> wrote:
> On Wed, 2016-07-13 at 14:52 -0400, Oliver Hernandez wrote:
>> Quick testing of the build at
>> revealed a couple issues:
>> 1. Server certificate validation no longer works using the --cafile
>> option.  OpenConnect still warns that verification failed.
> Hm, that's odd. Can you (offline) send me the CAs in question and the
> server address? Since it's (necessarily) public-facing it'll be
> receiving thousands of probe connections daily anyway; no harm in me
> doing one or two more to test this.
> What was the previous version of OpenConnect that you are comparing
> with, where this worked as expected?
>> 2. Not an issue really, but improved behavior: if the --cookie option
>> is used, along with the -c option to load a cert from a PKCS#11 token,
>> OpenConnect is now smart enough to know authenticating is not
>> necessary, and will ignore -c option and not prompt for a CAC PIN.
> Hm, I don't remember changing that but OK...
> --
> dwmw2

More information about the openconnect-devel mailing list