ocserv HEAD with iOS 6.1.2 fails after successful cert auth

David Woodhouse dwmw2 at infradead.org
Thu Feb 28 07:54:25 EST 2013

On Wed, 2013-02-27 at 20:32 +0100, Nikos Mavrogiannopoulos wrote:
> I'm wondering whether that client asks for any HTTP urls resources that
> aren't supported. Could you try debugging using the current head?

I'd probably be most inclined to test using their client on a PC first
and *then* the less debuggable Android and iOS clients, once that's

Use OpenConnect to connect to a real server, dump the response in full,
then put in nasty hacks to ocserv to make its response look more like
that, until their client actually accepts it.

FWIW the first place I'd be looking is the 'webvpnc' cookie, which gives
the hash of the XML config file and its download location. And also a
similar hash/location for downloading and updated client IIRC?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20130228/d8a95e5b/attachment-0001.bin>

More information about the openconnect-devel mailing list