Nikos many thanks, I tried to compare the debug output from the old and new builds. Indeed, there are some differences. Any ideas why GNUTLS_DEBUG_LEVEL flag is not working in the v9.00 release? I see no gnutls output at all, while in the previous v8.10 it was OK
Thank you in advance, Pavel From: Nikos Mavrogiannopoulos <n.mavrogiannopou...@gmail.com> Sent: Tuesday, June 28, 2022 4:02 PM To: Pavel Gavronsky <kamm...@hotmail.com> Cc: Dimitri Papadopoulos <dimitri.papadopou...@cea.fr>; openconnect-devel@lists.infradead.org <openconnect-devel@lists.infradead.org> Subject: Re: Openconnect supporting SafeNet eToken 5300 On Tue, Jun 28, 2022 at 3:53 PM Pavel Gavronsky <kamm...@hotmail.com> wrote: > > Hi Dimitri, > > Sorry for the late response, I had no access to my system to try the new > installation. > > Finally, I have installed 9.00: > > openconnect -V > OpenConnect version v9.00 > Using OpenSSL 1.1.1n 15 Mar 2022. Features present: TPM (OpenSSL ENGINE not > present), PKCS#11, HOTP software token, TOTP software token, DTLS, ESP > Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array > Default vpnc-script (override with --script): > /usr/share/vpnc-scripts/vpnc-script > > Unfortunately, I am not able to connect, the following error appears when I > try to use a SmartCard or USB Token: > > Failed to enumerate PKCS#11 slots > 140593529243456:error:81071054:PKCS#11 module:pkcs11_init_slot:Function not > supported:p11_slot.c:428: > Loading certificate failed. Aborting. > Failed to complete authentication Often the creators of the proprietary pkcs11 modules make them implement the minimum necessary functionality to do 1-2 things and most other use cases will fail. It may be the same here. You can debug further pkcs11 by setting P11_KIT_DEBUG=all but I suspect there is little one can do with openconnect, as it is the pkcs11 module that misbehaves. You can try contacting the creator of the proprietary module, and if you have a (big) contract with them you may be able to solve it. regards, Nikos _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
