On Wed, 2014-11-05 at 09:53 +0100, Peter Magnusson wrote: > I tested this by editing the wrapperscript and adding an 'echo > "Arguments: $ARGS" >> /tmp/foo' . It seems the wrapperscript isnt > being run at all on the cases where it is not working cause nothing is > being written to /tmp/foo . When its working it looks like this: > -log debug -ticket "XXXXXXXXX" -stub "0" -group "" -host > "https://vpn.xyz.com/CACHE"; -certhash "XXXXXXXXX:? > ??ef?,?K^z??11T??D" That -certhash argument looks horribly wrong. This ought to fix it but I can't easily test because for me, gnutls_certificate_get_ours() is returning failure (both for file and PKCS#11 certs). Got to run now; will hassle Nikos about that later :) diff --git a/gnutls.c b/gnutls.c index 6e343d9..c8f2bae 100644 --- a/gnutls.c +++ b/gnutls.c @@ -2261,8 +2261,10 @@ int openconnect_local_cert_md5(struct openconnect_info *vpninfo, char *buf) { const gnutls_datum_t *d; - size_t md5len = 16; - + unsigned char md5[MD5_SIZE]; + size_t md5len = sizeof(md5); + int i; + buf[0] = 0; d = gnutls_certificate_get_ours(vpninfo->https_sess); @@ -2272,6 +2274,9 @@ int openconnect_local_cert_md5(struct openconnect_info *vpninfo, if (gnutls_fingerprint(GNUTLS_DIG_MD5, d, buf, &md5len)) return -EIO; + for (i = 0; i < md5len; i++) + sprintf(&buf[i*2], "%02X", md5[i]); + return 0; } -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141105/ac90376e/attachment.bin>
