SSL Certificate verification bug

Marina Papoutsi marina.cogsci at gmail.com
Thu Oct 3 07:45:06 EDT 2013


Hi Kevin,

you are a star!!! This works like a charm.
For some reason the --os android option does not work, but it works fine 
with the --os linux option.
This makes my life so much easier.

Many thanks again,
Marina

On 03/10/13 05:13, Kevin Cernekee wrote:
> On Wed, Oct 2, 2013 at 5:44 PM, Marina Papoutsi <marina.cogsci at gmail.com> wrote:
>> You suggest at the bottom of that post to "sniff" a good AnyConnect session
>> and write a wrapper based on that.
>> I am able to connect to vpn using anyconnect on my android phone, but not
>> sure what to look for.
>> If you could be more specific that would be great help.
> I have updated my android-csd branch[1] to handle servers which
> advertise CSD but return 404 when fetching the Linux binary.  It
> should be safe to assume that mobile devices aren't able to run a CSD
> trojan anyway: it doesn't exist for Android yet (AFAIK) and iOS will
> not execute unsigned code.
>
> You can try this and see if it works.  The attached version of
> android_csd.sh was modified to run on a Linux PC with curl installed.
>
> $ ./openconnect --csd-wrapper /tmp/android_csd.sh --os android vpn.ucl.ac.uk
> POST https://vpn.ucl.ac.uk/
> Attempting to connect to server 128.40.125.50:443
> SSL negotiation with vpn.ucl.ac.uk
> Connected to HTTPS on vpn.ucl.ac.uk
> Got HTTP response: HTTP/1.0 302 Object Moved
> GET https://vpn.ucl.ac.uk/
> Attempting to connect to server 128.40.125.50:443
> SSL negotiation with vpn.ucl.ac.uk
> Connected to HTTPS on vpn.ucl.ac.uk
> Got HTTP response: HTTP/1.0 302 Object Moved
> GET https://vpn.ucl.ac.uk/+webvpn+/index.html
> SSL negotiation with vpn.ucl.ac.uk
> Connected to HTTPS on vpn.ucl.ac.uk
> GET https://vpn.ucl.ac.uk/+CSCOE+/sdesktop/wait.html
> Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
> <?xml version="1.0" encoding="ISO-8859-1"?>
> <hostscan><status>TOKEN_SUCCESS</status></hostscan>
> GET https://vpn.ucl.ac.uk/+CSCOE+/sdesktop/wait.html
> SSL negotiation with vpn.ucl.ac.uk
> Connected to HTTPS on vpn.ucl.ac.uk
> Got HTTP response: HTTP/1.1 302 Moved Temporarily
> GET https://vpn.ucl.ac.uk/+webvpn+/index.html
> SSL negotiation with vpn.ucl.ac.uk
> Connected to HTTPS on vpn.ucl.ac.uk
> Please enter your username and password.
> Username:
>
>
> [1] https://github.com/cernekee/openconnect/tree/android-csd




More information about the openconnect-devel mailing list