# FYI: openconnect upgrade, failed to load certs

## uraes

Hi,

Just lost few hours of vpn-usage-time to figuring out, what happened after openconnect got upgraded to 7.06-r1  ( from 4.08 )

(note, downgrading to =net-misc/openconnect-4.08 still works well)

so maybe this helps others also from losing time

first run: ( note, same cert is used as with 4.08 )

```

POST https://some.vpn.server/

Attempting to connect to server xxxx.yy.zz.www:443

Failed to load PKCS#1 private key: ASN1 parser: Error in DER parsing.

Loading certificate failed. Aborting.

Failed to open HTTPS connection to some.vpn.server

Failed to obtain WebVPN cookie

```

second run, after converting PEM to DER ( note: openssl shows der certificate correctly, so no damage to cert )

```

POST https://some.vpn.server/

Attempting to connect to server xxxx.yy.zz.www:443

Loading certificate failed: No certificate found in file

Loading certificate failed. Aborting.

Failed to open HTTPS connection to some.vpn.server

Failed to obtain WebVPN cookie

```

solution

as info shows

> [ebuild     U  ] net-misc/openconnect-7.06-r1:0/5::gentoo [4.08:0/2::gentoo] USE="gnutls* ...

I just disabled gnutls in /etc/portage/package.use/monolithic :

```

net-misc/openconnect -gnutls

```

and emerged latest openconnect. Everything is ok now.

maybe someone knows some better way, how gnutls needs certificate to be converted so it would eat it?

----------

