SSL connection failure: PKCS #11 error

David Woodhouse dwmw2 at infradead.org
Fri Mar 8 04:40:31 PST 2024


On Fri, 2024-03-08 at 11:54 +0100, traxtopel at gmail.com wrote:
> 
> if I attempt the gnutls-cli command, I see the following.
> gnutls-cli --x509certfile=cert.pem --
> x509keyfile="pkcs11:model=%01%01%04%00%02%01%02%00%00%00%00%00%00%00%00
> %00;manufacturer=STMicro;serial=0000000000000000;token=TL_ECC256;id=%55
> %34%65%38%63%66%65%35%64%61%33%66%30%62%33%33;object=KL_ECC256;type=pri
> vate;pin-value=userpin" vpn.com

That's using it via PKCS#11. Can you just use the '-----BEGIN TSS2
PRIVATE KEY-----' PEM file instead? Isn't that what you were using with
OpenConnect?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5965 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20240308/573560fb/attachment.p7s>


More information about the openconnect-devel mailing list