Closed l2dy closed 8 years ago
Please provide more information, for example the type of the key (curve), and the public key. It should have worked for P256, P384 and P521 keys.
System: Windows 10
Error message:
Error importing system key system:win:id=**********;type=privkey;name=****: The requested data were not available.
Key info:
ECC (256 Bits) ECDSA_P256 in Certificates - Current User -> Personal -> Certificates
This functionality has not been tested in windows 10.
After adding uid to the user certificate, the error changed:
Using system key system:win:id=*;type=privkey;name=*
Error importing system key system:win:id=*;type=privkey;name=*: An unknown public key algorithm was encountered.
Could you set into environment GNUTLS_DEBUG_LEVEL=4 and run the program again? That will display the public key algorithm that was not supported.
btw. what do you mean by adding UID to the certificate? Isn't that done by default?
after setting GNUTLS_DEBUG_LEVEL=4:
gnutls[3]: ASSERT: system-keys-win.c:426
Error importing system key system:win:id=xxx;type=privkey;name=xxx: The requested data were not available.
adding UID means adding the line uid = "1" into user.tmpl.
Thanks. Most likely that's not a CNG key but a key which uses the old CAPI.That will be supported in a future version of openconnect.
Most likely including a gnutls library with this patch applied will address the issue: https://gitlab.com/gnutls/gnutls/commit/fc1e62399a296e7beb7a79081c32a6e086105c37
@l2dy you can test whether this works by copying the libgnutls-30.dll and libnettle-6-2.dll, libhogweed-4-2.dll to your openconnect installed directory. It should address your issue.
I'm busy right now, will test when I get back home.
I'm using v1.3.