Dimitry, many thanks, gnutls-dev was missing. It's strange, because I compiled the previous v8.10 build on this machine.
Now I can compare the debug logs. With GnuTLS it looks better in v.9.00, at least there is a step of asking the Token PIN. But it failed. May I ask you to look... Old v.8.10 LOGs: (p11-kit:7409) sys_C_GetTokenInfo: in (p11-kit:7409) sys_C_GetTokenInfo: out: 0x0 gnutls[2]: p11: No login requested. Trying PKCS#11 key URL pkcs11:model=eToken;manufacturer=SafeNet%2C%20Inc.;serial=02xxxeb42;token=GSTEST01;id=%B6%XXXXXXXX%5C%0C%FD%7E;object=No%20Friendly%20Name%20Available;type=private (p11-kit:7409) sys_C_GetSlotList: in (p11-kit:7409) sys_C_GetSlotList: out: 0x0 (p11-kit:7409) sys_C_GetTokenInfo: in (p11-kit:7409) sys_C_GetTokenInfo: out: 0x0 PIN required for GSTEST01 Enter PIN: gnutls[2]: p11: Login result = ok (0) (p11-kit:7409) sys_C_GetSlotList: in (p11-kit:7409) sys_C_GetSlotList: out: 0x0 (p11-kit:7409) sys_C_GetTokenInfo: in (p11-kit:7409) sys_C_GetTokenInfo: out: 0x0 Using PKCS#11 key pkcs11:model=eToken;manufacturer=SafeNet%2C%20Inc.;serial=02xxx42;token=GSTEST01;id=%B6%A2%74%B2xxxxxxxxxx%D6%5C%0C%FD%7E;object=No%20Friendly%20Name%20Available;type=private Using client certificate 'xxxx xxx\ ' (p11-kit:7409) sys_C_GetSlotList: in New v9.00 LOGs: (p11-kit:8449) sys_C_GetTokenInfo: in (p11-kit:8449) sys_C_GetTokenInfo: out: 0x0 gnutls[2]: p11: No login requested. gnutls[2]: p11: Skipped object, missing attrs. <------------------------------------------------- looks like some kind of ERROR gnutls[3]: ASSERT: ../../lib/pkcs11.c[find_single_obj_cb]:2261 gnutls[3]: ASSERT: ../../lib/pkcs11.c[find_single_obj_cb]:2222 gnutls[3]: ASSERT: ../../lib/pkcs11.c[gnutls_pkcs11_obj_import_url]:2350 gnutls[3]: ASSERT: ../../lib/pkcs11.c[_gnutls_x509_crt_import_pkcs11_url]:3613 (p11-kit:8449) sys_C_GetSlotList: in (p11-kit:8449) sys_C_GetSlotList: out: 0x0 (p11-kit:8449) sys_C_GetTokenInfo: in (p11-kit:8449) sys_C_GetTokenInfo: out: 0x0 PIN required for xxx Enter PIN: gnutls[2]: p11: Login result = ok (0) gnutls[2]: p11: Skipped object, missing attrs. <------------------------------------------------- looks like some kind of ERROR gnutls[3]: ASSERT: ../../lib/pkcs11.c[find_single_obj_cb]:2261 gnutls[3]: ASSERT: ../../lib/pkcs11.c[find_single_obj_cb]:2222 gnutls[3]: ASSERT: ../../lib/pkcs11.c[gnutls_pkcs11_obj_import_url]:2350 gnutls[3]: ASSERT: ../../lib/pkcs11.c[_gnutls_x509_crt_import_pkcs11_url]:3613 Error loading certificate from PKCS#11: The requested data were not available. Loading certificate failed. Aborting. Failed to complete authentication (p11-kit:8449) uninit_common: uninitializing library (p11-kit:8449) uninit_common: uninitializing library Regards, Pavel From: Dimitri Papadopoulos Orfanos <[email protected]> Sent: Wednesday, June 29, 2022 10:57 AM To: Pavel Gavronsky <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: Openconnect supporting SafeNet eToken 5300 Please make sure the GnuTLS dev packages are installed. OpenConnect will build against GnuTLS by default, provided the dev packages are installed: $ configure --help [...] --without-gnutls Do not attempt to use GnuTLS; use OpenSSL instead --with-openssl Location of OpenSSL build dir [...] $ Dimitri Le 29/06/2022 à 10:52, Pavel Gavronsky a écrit : > Thank you, Dimitri, > > I used the proposed way to build, how can I do it stating the usage of > GnuTLS? > > Regards, > Pavel _______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
