[Bug 212517] security/openconnect: PKCS#11 support

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212517

            Bug ID: 212517
           Summary: security/openconnect: PKCS#11 support
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: zi at FreeBSD.org
          Reporter: dwmw2 at infradead.org
          Assignee: zi at FreeBSD.org
             Flags: maintainer-feedback?(zi at FreeBSD.org)

This should work:

# pkg install softhsm2
# softhsm2-util --init-token --slot 0 --label mytoken --pin 1234 --so-pin
12345678
# yes "" | openssl req -x509 -new -days 3650 -out cert.pem -nodes
# softhsm2-util --import privkey.pem --slot 0 --pin 1234 --label mykey --id 01
# openconnect -c cert.pem -k 'pkcs11:token=mytoken;object=mykey;pin-value=1234'
auth.startssl.com

It fails with 
This version of OpenConnect was built without PKCS#11 support

Firstly, please build with libp11 support (or against GnuTLS) by default.
That'll fix the complete lack of PKCS#11 support. But then you will hit the
problem that the softhsm2 — like the OpenSC package and others — fails to
install a p11-kit module file to register itself to be available to
applications. Should we file separate bugs for those?

-- 
You are receiving this mail because:
You are the assignee for the bug.