This should work:
# pkg install softhsm2
# softhsm2-util --init-token --slot 0 --label mytoken --pin 1234 --so-pin 12345678
# yes "" | openssl req -x509 -new -days 3650 -out cert.pem -nodes
# softhsm2-util --import privkey.pem --slot 0 --pin 1234 --label mykey --id 01
# openconnect -c cert.pem -k 'pkcs11:token=mytoken;object=mykey;pin-value=1234' auth.startssl.com
It fails with
This version of OpenConnect was built without PKCS#11 support
Firstly, please build with libp11 support (or against GnuTLS) by default. That'll fix the complete lack of PKCS#11 support. But then you will hit the problem that the softhsm2 — like the OpenSC package and others — fails to install a p11-kit module file to register itself to be available to applications. Should we file separate bugs for those?
Filed bug 212518 for the softhsm2 part.
PR #212518 is fixed.
(In reply to dwmw2 from comment #0)
Did you build security/openconnect with the P11 option enabled? By default (and in the package) it is disabled.
Was the wrong statement. I only want know what's happend with this PR.
(In reply to w.schwarzenfeld from comment #4)
Not sure what you are asking.