Getting "SSL connection failure: PKCS #11 error." even when supplying the correct CA file

David Raison david at tentwentyfour.lu
Tue Sep 19 12:42:20 PDT 2017


On 19/09/17 10:02, David Raison wrote:
> If this is the way to do it, then I have to sort out this Segmentation
> fault, maybe try it on fedora instead of debian, as you initially suggested:
> 
>> LD_PRELOAD=/usr/lib/x86_64-linux-gnu/pkcs11-spy.so OPENSC_DEBUG=9 PKCS11SPY_OUTPUT=logfile PKCS11SPY=/usr/lib/pkcs11/libgclib.so openconnect --gnutls-debug=99 -v --script /usr/share/vpnc-scripts/vpnc-script -c …
> At least it does create a logfile, up until the point where it segfaults.

Unfortunately, I have the exact same behavior on Fedora:

> Initializing PKCS #11 modules
> Segmentation fault (core dumped)

Which means I'm stuck again. I have the same "SSL connection failure:
PKCS #11 error" on debian and fedora and I have the exact same
segmentation fault.

The version of opensc on debian is 0.16.0-3 while the one on fedora is
0.17.0-1fc26

I'm still stumped by the fact that the connection worked 1-2 times the
first time I tried using openconnect and then a few days later – out of
the blue – stopped working. My smartcard hasn't changed, so I'm still
guessing it must be something on the remote end that has changed,
although everyone tells me that no, nothing has.

Regards,
David


-- 
TenTwentyFour S.à r.l.
W: www.tentwentyfour.lu
T: +352 20 211 1024
F: +352 20 211 1023
3 Avenue du Blues
L-4368 Belvaux

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170919/2b124342/attachment.sig>


More information about the openconnect-devel mailing list