Juniper SSL VPN login fails

Tom Metro tmetro+openconnect at
Mon Apr 13 14:38:40 PDT 2015

David Woodhouse wrote:
> GnuTLS returns the GNUTLS_E_REHANDSHAKE "error" code when we attempt
> to read from the socket. We are expected to react accordingly, if we
> want to actually do the renegotiation. 
> Try the patch below.

Fantastic. That worked. Thanks for taking the time to create the patch.

> ...actually the OpenSSL build seems to renegotiate all by itself
> without requiring the application to do anything.

My expectations are that an SSL library would provide hooks, in case you
want to do something custom, but by default handle this internally. I
guess the GnuTLS developers disagree.


More information about the openconnect-devel mailing list