This should work: # pkg install softhsm2 # softhsm2-util --init-token --slot 0 --label mytoken --pin 1234 --so-pin 12345678 # yes "" | openssl req -x509 -new -days 3650 -out cert.pem -nodes # softhsm2-util --import privkey.pem --slot 0 --pin 1234 --label mykey --id 01 # openconnect -c cert.pem -k 'pkcs11:token=mytoken;object=mykey;pin-value=1234' auth.startssl.com It fails with This version of OpenConnect was built without PKCS#11 support Firstly, please build with libp11 support (or against GnuTLS) by default. That'll fix the complete lack of PKCS#11 support. But then you will hit the problem that the softhsm2 — like the OpenSC package and others — fails to install a p11-kit module file to register itself to be available to applications. Should we file separate bugs for those?
Filed bug 212518 for the softhsm2 part.
PR #212518 is fixed.
(In reply to dwmw2 from comment #0) Did you build security/openconnect with the P11 option enabled? By default (and in the package) it is disabled.
Was the wrong statement. I only want know what's happend with this PR. Maintainer feedback?
(In reply to w.schwarzenfeld from comment #4) Not sure what you are asking.