I tested the patch you provided and it does make the certhash look much nicer so that part seems to work fine now. Unfortunately im still having the same problem as i described before. On Wed, Nov 5, 2014 at 11:19 AM, Peter Magnusson <pet.magnusson at gmail.com> wrote: > Just so there is no misunderstanding. The certhash that i posted, > thats how it looks when i works (apart from that i replaced the > readable parts with XXXXX). > When it doesnt work i cant see the certhash at all cause the > wrapperscript isnt being executed. > > > > On Wed, Nov 5, 2014 at 10:48 AM, David Woodhouse <dwmw2 at infradead.org> wrote: >> On Wed, 2014-11-05 at 09:53 +0100, Peter Magnusson wrote: >>> I tested this by editing the wrapperscript and adding an 'echo >>> "Arguments: $ARGS" >> /tmp/foo' . It seems the wrapperscript isnt >>> being run at all on the cases where it is not working cause nothing is >>> being written to /tmp/foo . When its working it looks like this: >>> -log debug -ticket "XXXXXXXXX" -stub "0" -group "" -host >>> "https://vpn.xyz.com/CACHE"; -certhash "XXXXXXXXX:? >>> ??ef?,?K^z??11T??D " >> >> That -certhash argument looks horribly wrong. This ought to fix it but I >> can't easily test because for me, gnutls_certificate_get_ours() is >> returning failure (both for file and PKCS#11 certs). Got to run now; >> will hassle Nikos about that later :) >> >> diff --git a/gnutls.c b/gnutls.c >> index 6e343d9..c8f2bae 100644 >> --- a/gnutls.c >> +++ b/gnutls.c >> @@ -2261,8 +2261,10 @@ int openconnect_local_cert_md5(struct >> openconnect_info *vpninfo, >> char *buf) >> { >> const gnutls_datum_t *d; >> - size_t md5len = 16; >> - >> + unsigned char md5[MD5_SIZE]; >> + size_t md5len = sizeof(md5); >> + int i; >> + >> buf[0] = 0; >> >> d = gnutls_certificate_get_ours(vpninfo->https_sess); >> @@ -2272,6 +2274,9 @@ int openconnect_local_cert_md5(struct >> openconnect_info *vpninfo, >> if (gnutls_fingerprint(GNUTLS_DIG_MD5, d, buf, &md5len)) >> return -EIO; >> >> + for (i = 0; i < md5len; i++) >> + sprintf(&buf[i*2], "%02X", md5[i]); >> + >> return 0; >> } >> >> >> >> >> -- >> dwmw2
