SSL Certificate verification bug
Marina Papoutsi
marina.cogsci at gmail.com
Wed Oct 2 20:44:32 EDT 2013
Hi Kevin,
I still haven't had any luck with the IT support team in my department.
They completely ignore the issue.
Can you be more specific about the following:
If not, you may have to write a CSD
wrapper script to post the correct "answer" to the server.
I have looked at some csd-wrapper scripts on the mailing list and
online, but no luck.
This post might be similar to my problem:
http://lists.infradead.org/pipermail/openconnect-devel/2013-May/001042.html
(I'm also trying to connect to vpn.ucl...) and I get an error regarding
sfinst.
You suggest at the bottom of that post to "sniff" a good AnyConnect
session and write a wrapper based on that.
I am able to connect to vpn using anyconnect on my android phone, but
not sure what to look for.
If you could be more specific that would be great help.
Many thanks again for your help,
Marina
On 22/08/13 18:43, Kevin Cernekee wrote:
> On Thu, Aug 22, 2013 at 6:52 AM, Marina Papoutsi
> <marina.cogsci at gmail.com> wrote:
>> Attempting to connect to 128.40.125.50:443
>> SSL negotiation with vpn.ucl.ac.uk
>> Connected to HTTPS on vpn.ucl.ac.uk
>> GET https://vpn.ucl.ac.uk/
>>
>> Got HTTP response: HTTP/1.0 302 Object Moved
>> SSL negotiation with vpn.ucl.ac.uk
>> Connected to HTTPS on vpn.ucl.ac.uk
>> GET https://vpn.ucl.ac.uk/+webvpn+/index.html
>> GET https://vpn.ucl.ac.uk/CACHE/sdesktop/install/binaries/sfinst
>> Got HTTP response: HTTP/1.1 404 Not Found (does not exist)
>> Cannot receive HTTP 1.0 body without closing connection
>> Failed to obtain WebVPN cookie
> This is different from the certificate validation redirect problem
> (which shouldn't affect v4.07).
>
> It looks like the gateway requires CSD, but didn't install the Linux
> CSD binaries. If you can convince the administrator to disable CSD,
> that would be the ideal solution. If not, you may have to write a CSD
> wrapper script to post the correct "answer" to the server.
>
> Does the official Linux AnyConnect client work correctly or does that fail too?
More information about the openconnect-devel
mailing list