Bug 212517

Summary: security/openconnect: PKCS#11 support
Product: Ports & Packages Reporter: dwmw2
Component: Individual Port(s)Assignee: Ryan Steinmetz <zi>
Status: New ---    
Severity: Affects Only Me CC: dwmw2, w.schwarzenfeld
Priority: --- Flags: bugzilla: maintainer-feedback? (zi)
Version: Latest   
Hardware: Any   
OS: Any   

Description dwmw2 2016-09-09 11:44:48 UTC
This should work:

# pkg install softhsm2
# softhsm2-util --init-token --slot 0 --label mytoken --pin 1234 --so-pin 12345678
# yes "" | openssl req -x509 -new -days 3650 -out cert.pem -nodes
# softhsm2-util --import privkey.pem --slot 0 --pin 1234 --label mykey --id 01
# openconnect -c cert.pem -k 'pkcs11:token=mytoken;object=mykey;pin-value=1234' auth.startssl.com

It fails with 
This version of OpenConnect was built without PKCS#11 support

Firstly, please build with libp11 support (or against GnuTLS) by default. That'll fix the complete lack of PKCS#11 support. But then you will hit the problem that the softhsm2 — like the OpenSC package and others — fails to install a p11-kit module file to register itself to be available to applications. Should we file separate bugs for those?
Comment 1 dwmw2 2016-09-09 11:54:42 UTC
Filed bug 212518 for the softhsm2 part.
Comment 2 Walter Schwarzenfeld freebsd_triage 2018-01-08 13:35:48 UTC
PR #212518 is fixed.
Comment 3 Ryan Steinmetz freebsd_committer freebsd_triage 2018-01-11 01:13:20 UTC
(In reply to dwmw2 from comment #0)
Did you build security/openconnect with the P11 option enabled?  By default (and in the package) it is disabled.
Comment 4 Walter Schwarzenfeld freebsd_triage 2018-01-11 04:42:34 UTC
Was the wrong statement. I only want know what's happend with this PR.
Maintainer feedback?
Comment 5 Ryan Steinmetz freebsd_committer freebsd_triage 2018-01-11 13:49:41 UTC
(In reply to w.schwarzenfeld from comment #4)
Not sure what you are asking.