Re: Openconnect supporting SafeNet eToken 5300

Wed, 29 Jun 2022 01:38:30 -0700 

Hi,
GNUTLS_DEBUG_LEVEL has no effect because you have built OpenConnect against OpenSSL instead of GnuTLS: 

        OpenConnect version v9.00
        Using OpenSSL 1.1.1n  15 Mar 2022. [...]


It is probably better to compare different versions of OpenConnect built 
against the same crypto library.


Dimitri

Le 29/06/2022 à 09:59, Pavel Gavronsky a écrit :

Nikos many thanks,

I tried to compare the debug output from the old and new builds.
Indeed, there are some differences.
Any ideas why GNUTLS_DEBUG_LEVEL flag is not working in the v9.00 release? I 
see no gnutls output at all, while in the previous  v8.10 it was OK

Thank you in advance,
Pavel


From: Nikos Mavrogiannopoulos <n.mavrogiannopou...@gmail.com>
Sent: Tuesday, June 28, 2022 4:02 PM
To: Pavel Gavronsky <kamm...@hotmail.com>
Cc: Dimitri Papadopoulos <dimitri.papadopou...@cea.fr>; 
openconnect-devel@lists.infradead.org <openconnect-devel@lists.infradead.org>
Subject: Re: Openconnect supporting SafeNet eToken 5300

  
On Tue, Jun 28, 2022 at 3:53 PM Pavel Gavronsky <kamm...@hotmail.com> wrote:


Hi Dimitri,

Sorry for the late response, I had no access to my system to try the new 
installation.

Finally, I have installed 9.00:

openconnect -V
OpenConnect version v9.00
Using OpenSSL 1.1.1n  15 Mar 2022. Features present: TPM (OpenSSL ENGINE not 
present), PKCS#11, HOTP software token, TOTP software token, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
Default vpnc-script (override with --script): 
/usr/share/vpnc-scripts/vpnc-script

Unfortunately, I am not able to connect, the following error appears when I try 
to use a SmartCard or USB Token:

Failed to enumerate PKCS#11 slots
140593529243456:error:81071054:PKCS#11 module:pkcs11_init_slot:Function not 
supported:p11_slot.c:428:
Loading certificate failed. Aborting.
Failed to complete authentication


Often the creators of the proprietary pkcs11 modules make them
implement the minimum necessary functionality to do 1-2 things and
most other use cases will fail. It may be the same here. You can debug
further pkcs11 by setting P11_KIT_DEBUG=all but I suspect there is
little one can do with openconnect, as it is the pkcs11 module that
misbehaves. You can try contacting the creator of the proprietary
module, and if you have a (big) contract with them you may be able to
solve it.

regards,
Nikos


_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel






















					Reply via email to