Openconnect no-xmlpost

Nikos Mavrogiannopoulos n.mavrogiannopoulos at
Wed Nov 5 02:50:08 PST 2014

On Wed, Nov 5, 2014 at 10:48 AM, David Woodhouse <dwmw2 at> wrote:
>> I tested this by editing the wrapperscript and adding an  'echo
>> "Arguments: $ARGS" >> /tmp/foo' . It seems the wrapperscript isnt
>> being run at all on the cases where it is not working cause nothing is
>> being written to /tmp/foo . When its working it looks like this:
>> -log debug -ticket "XXXXXXXXX" -stub "0" -group "" -host
>> "" -certhash "XXXXXXXXX:�
>> ��ef�,�K^z��11T�ҪD "
> That -certhash argument looks horribly wrong. This ought to fix it but I
> can't easily test because for me, gnutls_certificate_get_ours() is
> returning failure (both for file and PKCS#11 certs). Got to run now;
> will hassle Nikos about that later :)

That prompted me to add a unit test and realized it works ok. My
understanding of the cisco server is that it requires and asks the
certificate once, on the first connection to the server (i.e., the one
that gets the cookie). After that you can establish new ssl
connections with the cookie without the certificate. Could that issue
be because of that (e.g., no hash to supply to the script)?


More information about the openconnect-devel mailing list