Trying to build openconnect 8.20 on ubuntu 20
Daniel Lenski
dlenski at gmail.com
Mon Mar 7 16:42:14 PST 2022
On Mon, Mar 7, 2022 at 3:44 PM Daniel Lenski <dlenski at gmail.com> wrote:
>
> On Fri, Mar 4, 2022 at 6:25 AM Eveno, Manuel <meveno at timwi.com> wrote:
> > $ cat openconnect-8.20/tests/test-suite.log
> > ------------- Output : --------------------
> > FAIL: bad_dtls_test
>
> 1. If you just want to *use* OpenConnect with a Fortinet VPN, then
> this failing test result does not matter.
>
> This particular test exists only to verify that the "ekstra speshul"
> weird/broken/non-standard/pre-1.0 version of DTLS used by old **Cisco
> AnyConnect** VPNs is working correctly. Linux distributions and crypto
> libraries keep forgetting that this version of DTLS is sadly still
> needed, so they frequently break it. And we have to figure out who to
> ask to get the libraries fixed. 😔
Our continuous integration pipeline builds against Ubuntu 18.04
(https://gitlab.com/openconnect/openconnect/-/jobs/2115365633), which
distributes OpenSSL 1.1.1
(https://packages.ubuntu.com/bionic-updates/libssl-dev)… but Ubuntu
20.04 distributes OpenSSL 1.1.1f
(https://packages.ubuntu.com/focal-updates/libssl-dev).
@David, perhaps we need to add OpenSSL 1.1.1f to our list of OpenSSL
versions whose DTLS implementations don't work with Cisco?
- https://www.infradead.org/openconnect/anyconnect.html
- https://gitlab.com/openconnect/openconnect/-/blob/master/openssl-dtls.c#L774-784
Dan
More information about the openconnect-devel
mailing list