broken certificate authentication under 2.20 and newer
David Woodhouse
dwmw2 at infradead.org
Sat Feb 27 16:44:46 EST 2010
On Sat, 27 Feb 2010, Chaskiel Grundman wrote:
> The openconnect (2.01) in debian testing works mostly OK for me, but I wanted
> DTLS to work, so I upgraded to the git head and built it against openssl
> 1.0.0-beta5. When I connect with this version, certificate authentication
> does not seem to occur, and openconnect prompts me for a username and
> password:
> I attempted a git bisect and the problem seems to be somewhere between
> f900f637b9956f3f2fd0a78977784a1655ec2bc4 Fix handling of 'HTTP/1.1 100
> Continue' response and
> cc64d59d8132350cadf7adf91857597795eb9090 Fix handling of HTTP 1.0 responses
> with Connection: Keep-Alive
>
> The intermediate versions all hang in the first https request, presumably due
> to the Connection: Keep-Alive issue
Hm, odd. Sorry about that.
I'm away this week, with fairly much no connectivity. Away the week after
too, but should at least be more connected so I can take a look.
Try this and see if it's the HTTP/1.0 stuff. Then if not you can try the
other commits in between (which may need a little massaging, but not a
lot):
git reset --hard 7733c517d7d22ef9b706176b21e1e5e270c65aa5
git show cc64d59d8132350cadf7adf91857597795eb9090 | sed s/strcasecmp/strcmp/g | patch -p1
--
dwmw2
More information about the openconnect-devel
mailing list