Openconnect and Cisco hostscan

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We are running Openconnect on rhel7 against Cisco ASA(with hostscan
enabled). After an upgrade for hostscan that was released recently
version 4.3.0538 we are having problems connecting.

It seems to be due to a bugfix that cisco provided in this release:
https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/an
yconnect43/release/notes/b_Release_Notes_AnyConnect_4_3.html#reference_
yfw_wnj_r1b
"cstub should validate server certificates for a ssl connection"

cstub binary is triggered by the cisco-wrapper script and tries to
communicate with the vpn server but fails because it can not verify the
root CA certificate. 

We have tried to place the root CA certificate in every thinkable
certstore but no luck. When running strace on cstub it looks like its
actually reading the root CA cert from for example
/opt/.cisco/certificates/ca but the certificate validation still fails.

Is anyone else experiencing this problem ?


-- 
Peter Magnusson
ITpc

SMHI
Telefon 011-495 8547 Fax 011-4958350
Epost Peter.Magnusson at smhi.se
601 76 Norrk?ping Bes?ksadress Folkborgsv?gen 17
www.smhi.se


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux