Openconnect no-xmlpost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I tested the patch you provided and it does make the certhash look
much nicer so that part seems to work fine now. Unfortunately im still
having the same problem as i described before.

On Wed, Nov 5, 2014 at 11:19 AM, Peter Magnusson
<pet.magnusson at gmail.com> wrote:
> Just so there is no misunderstanding. The certhash that i posted,
> thats how it looks when i works (apart from that i replaced the
> readable parts with XXXXX).
> When it doesnt work i cant see the certhash at all cause the
> wrapperscript isnt being executed.
>
>
>
> On Wed, Nov 5, 2014 at 10:48 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
>> On Wed, 2014-11-05 at 09:53 +0100, Peter Magnusson wrote:
>>> I tested this by editing the wrapperscript and adding an  'echo
>>> "Arguments: $ARGS" >> /tmp/foo' . It seems the wrapperscript isnt
>>> being run at all on the cases where it is not working cause nothing is
>>> being written to /tmp/foo . When its working it looks like this:
>>> -log debug -ticket "XXXXXXXXX" -stub "0" -group "" -host
>>> "https://vpn.xyz.com/CACHE"; -certhash "XXXXXXXXX:?
>>> ??ef?,?K^z??11T??D "
>>
>> That -certhash argument looks horribly wrong. This ought to fix it but I
>> can't easily test because for me, gnutls_certificate_get_ours() is
>> returning failure (both for file and PKCS#11 certs). Got to run now;
>> will hassle Nikos about that later :)
>>
>> diff --git a/gnutls.c b/gnutls.c
>> index 6e343d9..c8f2bae 100644
>> --- a/gnutls.c
>> +++ b/gnutls.c
>> @@ -2261,8 +2261,10 @@ int openconnect_local_cert_md5(struct
>> openconnect_info *vpninfo,
>>                                char *buf)
>>  {
>>         const gnutls_datum_t *d;
>> -       size_t md5len = 16;
>> -
>> +       unsigned char md5[MD5_SIZE];
>> +       size_t md5len = sizeof(md5);
>> +       int i;
>> +
>>         buf[0] = 0;
>>
>>         d = gnutls_certificate_get_ours(vpninfo->https_sess);
>> @@ -2272,6 +2274,9 @@ int openconnect_local_cert_md5(struct
>> openconnect_info *vpninfo,
>>         if (gnutls_fingerprint(GNUTLS_DIG_MD5, d, buf, &md5len))
>>                 return -EIO;
>>
>> +       for (i = 0; i < md5len; i++)
>> +               sprintf(&buf[i*2], "%02X", md5[i]);
>> +
>>         return 0;
>>  }
>>
>>
>>
>>
>> --
>> dwmw2



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux