Openconnect no-xmlpost
David Woodhouse
dwmw2 at infradead.org
Wed Nov 5 03:17:05 PST 2014
On Wed, 2014-11-05 at 12:03 +0100, Peter Magnusson wrote:
> I tested the patch you provided and it does make the certhash look
> much nicer so that part seems to work fine now.
The patch I sent wasn't quite correct; you were just getting a hex dump
of a random part of the stack instead of a hash of the cert. Fixed and
pushed to git now.
> Unfortunately im still having the same problem as i described before.
Right. That will be an orthogonal issue. Can we see the full output of
'openconnect -vv --dump-http-traffic' on the offending run, please?
Perhaps just to Kevin and/or myself, and/or vet it for sensitive
information first. But I don't think you've entered any passwords by the
time it goes wrong, have you? And you already gave us the hostname, so I
don't *think* there'll be anything sensitive in there. Do check though.
I wonder if the server is conflating the two connection attempts. When
we're asked to run the CSD trojan, we're given a 'CSD token' for it to
submit its results with. We are expected to put that token into a cookie
named 'sdesktop' for the subsequent HTTP requests from OpenConnect.
If you run OpenConnect again too soon, perhaps it's still expecting your
requests to bear the *same* CSD token, and that's why it doesn't tell
you to run the CSD trojan again.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141105/15a4dc68/attachment.bin>
More information about the openconnect-devel
mailing list