OTP stop working since ocserv 0.11.9

Hi, I'm using ocserv for a long time already, together with Cisco AnyConnect 4.x. For some reason, OTP stop working, since 0.11.9 (using EPEL repository), now I've installed 0.11.10-2.el7 from epel-testing, symptoms the same:

Jan 29 19:05:37 main ocserv[23012]: worker: client certificate verification succeeded Jan 29 19:05:38 main ocserv[21382]: sec-mod: using 'certificate+plain' authentication to authenticate user (session: +lDq7R) Jan 29 19:05:48 main ocserv[21382]: sec-mod: auth cont received for (session: +lDq7R) but we are on state 1! Jan 29 19:05:48 main ocserv[23012]: worker[]: <IP?> worker-auth.c:1577: failed authentication for <'user'>

I'm using, acutaally thee authentication methods in /etc/ocserv.conf:

auth = "certificate"
auth = "plain[passwd=/etc/ocserv/ocpasswd,otp=/etc/users.otp]"

In AnyConnect windows I see input for username, password and OTP, everything is correct.

Once, I've downgreded ocserv to 0.11.8 everything became working.

Versins:

ocserv -version

ocserv 0.11.8

Compiled with: seccomp, tcp-wrappers, oath, radius, gssapi, PAM, PKCS#11, AnyConnect GnuTLS version: 3.3.26 (compiled with 3.3.24)

ocserv -version

ocserv 0.11.9

Compiled with: seccomp, tcp-wrappers, oath, radius, gssapi, PAM, PKCS#11, AnyConnect GnuTLS version: 3.3.26

ocserv -version

ocserv 0.11.10

Compiled with: seccomp, tcp-wrappers, oath, radius, gssapi, PAM, PKCS#11, AnyConnect GnuTLS version: 3.3.26

Edited Jan 29, 2018 by Dmitry