Getting "SSL connection failure: PKCS #11 error." even when supplying the correct CA file
David Raison
david at tentwentyfour.lu
Fri Apr 28 03:02:09 PDT 2017
On 28/04/17 11:38, David Woodhouse wrote:
> PKCS#11 is the local module for your smart card. It's not about the
> server's certificate.
That's what I thought at first, but then it worked with anyconnect when
I had made that change, so I believed it might be related.
And it had worked before… for like 2 days before it started failing for
everyone using this client certificate provider and VPN gateway on
Linux. The smartcards haven't changed, so it must be some external factor.
> Can you run with --gnutls-debug=99
Which version of openconnect does this work on? I'm using 6.00 and
installing 7.08 from apt on debian would mean upgrading libstdc++6 and a
whole bunch of dependencies. I can try this on a random machine though.
regards,
David
--
TenTwentyFour S.à r.l.
W: www.tentwentyfour.lu
T: +352 20 211 1024
F: +352 20 211 1023
9 av. des Hauts-Fourneaux
4362 Esch-sur-Alzette
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170428/daf23e5f/attachment.sig>
More information about the openconnect-devel
mailing list