The openconnect (2.01) in debian testing works mostly OK for me, but I wanted DTLS to work, so I upgraded to the git head and built it against openssl 1.0.0-beta5. When I connect with this version, certificate authentication does not seem to occur, and openconnect prompts me for a username and password: $ sudo ./openconnect -v -s ../vpnc-scripts/vpnc-script -c ../Download/yy.yy.yy.yy.yy.p12 -K pkcs12 xx.xx.cmu.edu Attempting to connect to 128.2.xxx.xxx:443 Using certificate file ../Download/yy.yy.yy.yy.yy.p12 Enter PKCS#12 pass phrase: Extra cert from PKCS#12: '...' SSL negotiation with xx.xx.cmu.edu Connected to HTTPS on xx.xx.cmu.edu GET https://xx.xx.cmu.edu/ Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=UTF-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Sat, 27 Feb 2010 17:46:39 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) GET https://xx.xx.cmu.edu/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure Set-Cookie: ClientCertAuthFailed=1; path=/; secure X-Transcend-Version: 1 HTTP body chunked (-2) Fixed options give Please enter your username and password. Username:^CFailed to obtain WebVPN cookie I attempted a git bisect and the problem seems to be somewhere between f900f637b9956f3f2fd0a78977784a1655ec2bc4 Fix handling of 'HTTP/1.1 100 Continue' response and cc64d59d8132350cadf7adf91857597795eb9090 Fix handling of HTTP 1.0 responses with Connection: Keep-Alive The intermediate versions all hang in the first https request, presumably due to the Connection: Keep-Alive issue Any ideas?
