Openconnect no-xmlpost
Peter Magnusson
pet.magnusson at gmail.com
Wed Nov 5 03:03:03 PST 2014
I tested the patch you provided and it does make the certhash look
much nicer so that part seems to work fine now. Unfortunately im still
having the same problem as i described before.
On Wed, Nov 5, 2014 at 11:19 AM, Peter Magnusson
<pet.magnusson at gmail.com> wrote:
> Just so there is no misunderstanding. The certhash that i posted,
> thats how it looks when i works (apart from that i replaced the
> readable parts with XXXXX).
> When it doesnt work i cant see the certhash at all cause the
> wrapperscript isnt being executed.
>
>
>
> On Wed, Nov 5, 2014 at 10:48 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
>> On Wed, 2014-11-05 at 09:53 +0100, Peter Magnusson wrote:
>>> I tested this by editing the wrapperscript and adding an 'echo
>>> "Arguments: $ARGS" >> /tmp/foo' . It seems the wrapperscript isnt
>>> being run at all on the cases where it is not working cause nothing is
>>> being written to /tmp/foo . When its working it looks like this:
>>> -log debug -ticket "XXXXXXXXX" -stub "0" -group "" -host
>>> "https://vpn.xyz.com/CACHE" -certhash "XXXXXXXXX:�
>>> ��ef�,�K^z��11T�ҪD "
>>
>> That -certhash argument looks horribly wrong. This ought to fix it but I
>> can't easily test because for me, gnutls_certificate_get_ours() is
>> returning failure (both for file and PKCS#11 certs). Got to run now;
>> will hassle Nikos about that later :)
>>
>> diff --git a/gnutls.c b/gnutls.c
>> index 6e343d9..c8f2bae 100644
>> --- a/gnutls.c
>> +++ b/gnutls.c
>> @@ -2261,8 +2261,10 @@ int openconnect_local_cert_md5(struct
>> openconnect_info *vpninfo,
>> char *buf)
>> {
>> const gnutls_datum_t *d;
>> - size_t md5len = 16;
>> -
>> + unsigned char md5[MD5_SIZE];
>> + size_t md5len = sizeof(md5);
>> + int i;
>> +
>> buf[0] = 0;
>>
>> d = gnutls_certificate_get_ours(vpninfo->https_sess);
>> @@ -2272,6 +2274,9 @@ int openconnect_local_cert_md5(struct
>> openconnect_info *vpninfo,
>> if (gnutls_fingerprint(GNUTLS_DIG_MD5, d, buf, &md5len))
>> return -EIO;
>>
>> + for (i = 0; i < md5len; i++)
>> + sprintf(&buf[i*2], "%02X", md5[i]);
>> +
>> return 0;
>> }
>>
>>
>>
>>
>> --
>> dwmw2
More information about the openconnect-devel
mailing list