Openconnect no-xmlpost

[David Woodhouse]

On Wed, 2014-11-05 at 09:53 +0100, Peter Magnusson wrote:
> I tested this by editing the wrapperscript and adding an  'echo
> "Arguments: $ARGS" >> /tmp/foo' . It seems the wrapperscript isnt
> being run at all on the cases where it is not working cause nothing is
> being written to /tmp/foo . When its working it looks like this:
> -log debug -ticket "XXXXXXXXX" -stub "0" -group "" -host
> "https://vpn.xyz.com/CACHE" -certhash "XXXXXXXXX:�
> ��ef�,�K^z��11T�ҪD"

That -certhash argument looks horribly wrong. This ought to fix it but I
can't easily test because for me, gnutls_certificate_get_ours() is
returning failure (both for file and PKCS#11 certs). Got to run now;
will hassle Nikos about that later :)

diff --git a/gnutls.c b/gnutls.c
index 6e343d9..c8f2bae 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -2261,8 +2261,10 @@ int openconnect_local_cert_md5(struct
openconnect_info *vpninfo,
 			       char *buf)
 {
 	const gnutls_datum_t *d;
-	size_t md5len = 16;
-
+	unsigned char md5[MD5_SIZE];
+	size_t md5len = sizeof(md5);
+	int i;
+	
 	buf[0] = 0;
 
 	d = gnutls_certificate_get_ours(vpninfo->https_sess);
@@ -2272,6 +2274,9 @@ int openconnect_local_cert_md5(struct
openconnect_info *vpninfo,
 	if (gnutls_fingerprint(GNUTLS_DIG_MD5, d, buf, &md5len))
 		return -EIO;
 
+	for (i = 0; i < md5len; i++)
+		sprintf(&buf[i*2], "%02X", md5[i]);
+	
 	return 0;
 }
 



-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141105/ac90376e/attachment.bin>