Hello, Dimitri, I would like to renew the thread if possible.
I made several changes/upgradeds/etc and now the picture is a little differ. Can you suggest how can I debug this: Good Example (openconnect using SmartCard, several initial lines): # /usr/local/sbin/openconnect --protocol=pulse xxx.xxx.xxx.xxx:443/xxx --servercert "pin-sha256:25xxwM=" -c 'pkcs11:model=eToken;serial=02345aac;object=15833D4D0138E8F9' -vvv gnutls[2]: Enabled GnuTLS 3.7.1 logging... gnutls[2]: getrandom random generator was detected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: unable to access: /etc/gnutls/config: 2 Attempting to connect to server xxx.xxx.xxx.xxx:443 Connected to xxx.xxx.xxx.xxx:443 Using PKCS#11 certificate pkcs11:model=eToken;serial=02345aac;object=15833D4D0138E8F9;type=cert gnutls[2]: Initializing all PKCS #11 modules gnutls[2]: p11: Initializing module: p11-kit-trust gnutls[2]: p11: Initializing module: opensc gnutls[2]: p11: Initializing module: opensc-pkcs11 gnutls[2]: p11: Initializing module: softhsm2 gnutls[3]: ASSERT: ../../lib/pkcs11.c[compat_load]:896 gnutls[2]: p11: No login requested. Trying PKCS#11 key URL pkcs11:model=eToken;serial=02345aac;object=15833D4D0138E8F9;type=private PIN required for GSTEST Enter PIN: gnutls[2]: p11: Login result = ok (0) gnutls[3]: ASSERT: ../../lib/pkcs11_privkey.c[gnutls_pkcs11_privkey_import_url]:561 gnutls[2]: p11: No login requested. Trying PKCS#11 key URL pkcs11:model=eToken;manufacturer=SafeNet%2C%20Inc.;serial=02345aac;token=GSTEST;object=15833D4D0138E8F9;type=private gnutls[2]: p11: Login result = ok (0) gnutls[3]: ASSERT: ../../lib/pkcs11_privkey.c[gnutls_pkcs11_privkey_import_url]:561 Trying PKCS#11 key URL pkcs11:model=eToken;manufacturer=SafeNet%2C%20Inc.;serial=02345aac;token=GSTEST;id=%3Bdfgsdfv96%B1%32%2C%88%52;type=private gnutls[2]: p11: Login result = ok (0) Good Example (openconnect using USB SafeNet eToken 5300, several initial lines): /usr/local/sbin/openconnect --protocol=pulse xxx.xxx.xxx.xxx:443/xxx --servercert "pin-sha256:25xxwM" -c 'pkcs11:model=ID%20Prime%20MD;serial=09E850133ABF3E39;object=No%20Friendly%20Name%20Available' -vvvv gnutls[2]: Enabled GnuTLS 3.7.1 logging... gnutls[2]: getrandom random generator was detected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: unable to access: /etc/gnutls/config: 2 Attempting to connect to server xxx.xxx.xxx.xxx:443 Connected to xxx.xxx.xxx.xxx:443 Using PKCS#11 certificate pkcs11:model=ID%20Prime%20MD;serial=09E850133ABF3E39;object=No%20Friendly%20Name%20Available;type=cert gnutls[2]: Initializing all PKCS #11 modules gnutls[2]: p11: Initializing module: p11-kit-trust gnutls[2]: p11: Initializing module: opensc gnutls[2]: p11: Initializing module: opensc-pkcs11 gnutls[2]: p11: Initializing module: softhsm2 gnutls[3]: ASSERT: ../../lib/pkcs11.c[compat_load]:896 gnutls[2]: p11: No login requested. Trying PKCS#11 key URL pkcs11:model=ID%20Prime%20MD;serial=09E850133ABF3E39;object=No%20Friendly%20Name%20Available;type=private PIN required for Pavel Gavronsky Enter PIN: gnutls[2]: p11: Login result = ok (0) Using PKCS#11 key pkcs11:model=ID%20Prime%20MD;serial=09E850133ABF3E39;object=No%20Friendly%20Name%20Available;type=private gnutls[3]: ASSERT: ../../lib/pkcs11_privkey.c[_gnutls_pkcs11_privkey_sign]:416 gnutls[3]: ASSERT: ../../lib/privkey.c[privkey_sign_and_hash_data]:1300 Error signing test data with private key: PKCS #11 error. <------------------------------------------------- How can I debug this error? Loading certificate failed. Aborting. Failed to complete authentication Thank you in advance, Pavel _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
