libp11-kit0
David Woodhouse
dwmw2 at infradead.org
Wed Feb 24 12:38:53 UTC 2016
On Thu, 2015-10-01 at 15:55 +0000, Edwards, Kristofer wrote:
> I am running into an issue if libp11-kit0 is above version 0.20.7-1
> openconnect will no longer allow juniper connections. It will go
> through the entire process and show that it established the
> connection
> but the resources are not available.
>
> it shows the response of
> Connected to HTTPS on vpn.myconnection.com
> SSL negotiation with vpn.myconnection.com
> Connected to HTTPS on vpn.myconnection.com
> Connected tun0 as x.x.x.x, using SSL
> ESP session established with server
>
> drop to command line attempt connection to my workstation and it will
> not resolve nor ping.
>
> Rollback the libp11-kit0 version to 0.20.7-1 and everything is
> working as normal.
That's bizarre, especially if you aren't even *using* PKCS#11
Does the problem go away if you rebuild GnuTLS and/or OpenConnect
against the newer p11-kit? What version did you upgrade to?
I note that libp11-kit didn't bump its soname between the 0.20.7
release and later releases, and if there *was* an incompatible change
then it probably should have. But I'm still confused as to how an ABI
incompatibility in libp11-kit would lead to the symptoms you describe.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/p11-glue/attachments/20160224/8fa74d44/attachment-0001.bin>
More information about the p11-glue
mailing list