On Tue, Mar 31, 2015 at 8:49 AM, Nicol?s Escudero <nicolasescudero at gmail.com> wrote: > Hi Kevin, > > Tried it, still not working, here is the verbose output: > > pi at raspberrypi ~ $ sudo openconnect --csd-wrapper ~/.cisco/wrapper.sh > --os android 32.59.2.56 -v > POST https://32.59.2.56/ > Attempting to connect to server 32.59.2.56:443 > SSL negotiation with 32.59.2.56 > Server certificate verify failed: signer not found Hmm, does your RasPi have curl installed? This worked OK for me on a PC with the attached wrapper script: $ openconnect --no-cert-check --csd-wrapper /tmp/android_csd.sh --os android -v 32.59.2.56 POST https://32.59.2.56/ Attempting to connect to server 32.59.2.56:443 SSL negotiation with 32.59.2.56 Server certificate verify failed: unable to get local issuer certificate Connected to HTTPS on 32.59.2.56 Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=utf-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Tue, 31 Mar 2015 06:55:19 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) GET https://32.59.2.56/ Attempting to connect to server 32.59.2.56:443 SSL negotiation with 32.59.2.56 Server certificate verify failed: unable to get local issuer certificate Connected to HTTPS on 32.59.2.56 Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=utf-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Tue, 31 Mar 2015 06:55:20 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) GET https://32.59.2.56/+webvpn+/index.html SSL negotiation with 32.59.2.56 Server certificate verify failed: unable to get local issuer certificate Connected to HTTPS on 32.59.2.56 Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) GET https://32.59.2.56/+CSCOE+/sdesktop/wait.html Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Tue, 31 Mar 2015 06:55:21 GMT HTTP body chunked (-2) Refreshing +CSCOE+/sdesktop/wait.html after 1 second... <?xml version="1.0" encoding="ISO-8859-1"?> <hostscan><status>TOKEN_SUCCESS</status></hostscan> GET https://32.59.2.56/+CSCOE+/sdesktop/wait.html SSL negotiation with 32.59.2.56 Server certificate verify failed: unable to get local issuer certificate Connected to HTTPS on 32.59.2.56 Got HTTP response: HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Tue, 31 Mar 2015 06:55:23 GMT Location: /+webvpn+/index.html Set-Cookie: sdesktop=5E19E6C112FBDBA818E087CB; path=/; secure HTTP body chunked (-2) GET https://32.59.2.56/+webvpn+/index.html SSL negotiation with 32.59.2.56 Server certificate verify failed: unable to get local issuer certificate Connected to HTTPS on 32.59.2.56 Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) Please enter your username and password. Username:foo Password: POST https://32.59.2.56/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) Login failed. Please enter your username and password. Username:^Cfgets (stdin): Interrupted system call FWIW it did take a couple of wait.html refreshes (maybe about 3 seconds' worth) before it proceeded to the login prompt. openconnect version is 6.00. -------------- next part -------------- A non-text attachment was scrubbed... Name: android_csd.sh Type: application/x-sh Size: 814 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150331/751add44/attachment.sh>
