Openconnect no-xmlpost
Peter Magnusson
pet.magnusson at gmail.com
Wed Nov 5 02:19:09 PST 2014
Just so there is no misunderstanding. The certhash that i posted,
thats how it looks when i works (apart from that i replaced the
readable parts with XXXXX).
When it doesnt work i cant see the certhash at all cause the
wrapperscript isnt being executed.
On Wed, Nov 5, 2014 at 10:48 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Wed, 2014-11-05 at 09:53 +0100, Peter Magnusson wrote:
>> I tested this by editing the wrapperscript and adding an 'echo
>> "Arguments: $ARGS" >> /tmp/foo' . It seems the wrapperscript isnt
>> being run at all on the cases where it is not working cause nothing is
>> being written to /tmp/foo . When its working it looks like this:
>> -log debug -ticket "XXXXXXXXX" -stub "0" -group "" -host
>> "https://vpn.xyz.com/CACHE" -certhash "XXXXXXXXX:�
>> ��ef�,�K^z��11T�ҪD "
>
> That -certhash argument looks horribly wrong. This ought to fix it but I
> can't easily test because for me, gnutls_certificate_get_ours() is
> returning failure (both for file and PKCS#11 certs). Got to run now;
> will hassle Nikos about that later :)
>
> diff --git a/gnutls.c b/gnutls.c
> index 6e343d9..c8f2bae 100644
> --- a/gnutls.c
> +++ b/gnutls.c
> @@ -2261,8 +2261,10 @@ int openconnect_local_cert_md5(struct
> openconnect_info *vpninfo,
> char *buf)
> {
> const gnutls_datum_t *d;
> - size_t md5len = 16;
> -
> + unsigned char md5[MD5_SIZE];
> + size_t md5len = sizeof(md5);
> + int i;
> +
> buf[0] = 0;
>
> d = gnutls_certificate_get_ours(vpninfo->https_sess);
> @@ -2272,6 +2274,9 @@ int openconnect_local_cert_md5(struct
> openconnect_info *vpninfo,
> if (gnutls_fingerprint(GNUTLS_DIG_MD5, d, buf, &md5len))
> return -EIO;
>
> + for (i = 0; i < md5len; i++)
> + sprintf(&buf[i*2], "%02X", md5[i]);
> +
> return 0;
> }
>
>
>
>
> --
> dwmw2
More information about the openconnect-devel
mailing list