Ubuntu
openconnect package

  1. Bug #1968467
  2. Comment #6

Comment 6 for bug 1968467

Revision history for this message
Jason Gunthorpe (jgunthorpe) wrote : Re: [Bug 1968467] Re: CSD scripts do not work on jammy

That does, work, note that the leading and trailing _ are garbage, file
should be:

root@c5c1367d7a8e:/# cat /tmp/openssl.conf
openssl_conf = openssl_init
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = UnsafeLegacyRenegotiation
root@c5c1367d7a8e:/# OPENSSL_CONF=/tmp/openssl.conf curl -k -v
https://xxx/CACHE/sdesktop/hostscan/linux_x64/manifest
[..]
< HTTP/1.1 200 OK
< Content-Type:
< Content-Length: 813
< Cache-Control: max-age=6000

Thanks,
Jason

On Fri, Apr 22, 2022 at 12:10 AM Dan Lenski <email address hidden>
wrote:

> @jgunthorpe, what if you do something like this, where you create an
> OPENSSL_CONF that explicitly (re)enables unsafe legacy negotiation?
> Instead of using /dev/null.
>
> ```
> $ cat > /tmp/openssl.conf <<EOF
> _openssl_conf = openssl_init
> [openssl_init]
> ssl_conf = ssl_sect
> [ssl_sect]
> system_default = system_default_sect
> [system_default_sect]
> Options = UnsafeLegacyRenegotiation_
> EOF
>
> $ OPENSSL_CONF=/tmp/openssl.conf curl <usual options>
> ```
>
> That comes from https://github.com/dlenski/gp-saml-gui/issues/42
>
> ** Bug watch added: github.com/dlenski/gp-saml-gui/issues #42
> https://github.com/dlenski/gp-saml-gui/issues/42
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1968467
>
> Title:
> CSD scripts do not work on jammy
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/openconnect/+bug/1968467/+subscriptions
>
>