OpenConnect stopped working after the latest update.
root@hard:~$ openconnect -i vpn0 -v --certificate=‘pkcs11:id=%4D%41%43%4F%4D%4E%45%54’ vpn.office.macomnet.ru
POST https://vpn.office.macomnet.ru/
Attempting to connect to server 87.118.220.25:443
Connected to 87.118.220.25:443
Using PKCS#11 certificate pkcs11:id=%4D%41%43%4F%4D%4E%45%54;type=cert
PIN required for System Trust
root@hard:/home/serg/$ p11tool --login --list-tokens
Token 0:
URL: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust
Label: System Trust
Type: Trust module
Flags: uPIN uninitialized
Manufacturer: PKCS#11 Kit
Model: p11-kit-trust
Serial: 1
Module: p11-kit-trust.so
Token 1:
URL: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=Default%20Trust
Label: Default Trust
Type: Trust module
Flags: uPIN uninitialized
Manufacturer: PKCS#11 Kit
Model: p11-kit-trust
Serial: 1
Module: p11-kit-trust.so
root@hard:/home/serg/$
Enter PIN:
root@hard:~$ p11tool --login --list-tokens --debug=999
Setting log level to 999
|<2>| p11: Initializing module: p11-kit-trust
|<2>| p11: Module p11-kit-trust is initialized in a thread-safe mode
|<2>| p11: Initializing module: JaCarta
|<3>| ASSERT: ../../lib/pkcs11.c[pkcs11_provider_init]:301
|<3>| ASSERT: ../../lib/pkcs11.c[auto_load]:1019
|<2>| Cannot initialize PKCS #11 module: JaCarta
|<2>| p11: Initializing module: opensc
|<2>| p11: Module opensc is initialized in a thread-safe mode
|<2>| Loading PKCS #11 libraries from /etc/gnutls/pkcs11.conf
|<2>| p11: Initializing module: JaCarta
|<3>| ASSERT: ../../lib/pkcs11.c[pkcs11_provider_init]:301
|<3>| ASSERT: ../../lib/pkcs11.c[gnutls_pkcs11_add_provider]:503
|<3>| ASSERT: ../../lib/pkcs11.c[compat_load]:990
|<2>| Cannot load provider: /lib64/libASEP11.so
|<2>| p11: No login requested.
Token 0:
URL: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust
Label: System Trust
|<2>| p11: No login requested.
Type: Trust module
Flags: uPIN uninitialized
Manufacturer: PKCS#11 Kit
Model: p11-kit-trust
Serial: 1
|<2>| p11: No login requested.
Module: p11-kit-trust.so
|<2>| p11: No login requested.
|<2>| p11: No login requested.
Token 1:
URL: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=Default%20Trust
Label: Default Trust
|<2>| p11: No login requested.
Type: Trust module
Flags: uPIN uninitialized
Manufacturer: PKCS#11 Kit
Model: p11-kit-trust
Serial: 1
|<2>| p11: No login requested.
|<3>| ASSERT: ../../lib/pkcs11.c[find_token_modname_cb]:2454
|<2>| p11: No login requested.
Module: p11-kit-trust.so
|<2>| p11: No login requested.
|<2>| p11: No login requested.
|<3>| ASSERT: ../../lib/pkcs11.c[find_token_num_cb]:2422
|<3>| ASSERT: ../../lib/pkcs11.c[_gnutls_pkcs11_token_get_url]:2502
root@hard:~$
root@hard:~$ less /etc/gnutls/pkcs11.conf
load=/lib64/libASEP11.so
/etc/gnutls/pkcs11.conf (END)
root@hard:~$ pkcs11-tool --module /lib64/libASEP11.so -L
Available slots:
Slot 0 (0x0): Aladdin R.D. JaCarta [SCR Interface] (000000000000) 00 00
token label : etk#122
token manufacturer : Aladdin R.D.
token model : JaCarta Laser
token flags : login required, rng, token initialized, PIN initialized
hardware version : 1.0
firmware version : 1.0
serial num : 4E46000255323933
pin min/max : 4/16
uri : pkcs11:model=JaCarta%20Laser;manufacturer=Aladdin%20R.D.;serial=4E46000255323933;token=etk%23122
root@hard:~$