On Fri, Apr 22, 2022 at 12:10 AM Dan Lenski <email address hidden>
wrote:
> @jgunthorpe, what if you do something like this, where you create an
> OPENSSL_CONF that explicitly (re)enables unsafe legacy negotiation?
> Instead of using /dev/null.
>
> ```
> $ cat > /tmp/openssl.conf <<EOF
> _openssl_conf = openssl_init
> [openssl_init]
> ssl_conf = ssl_sect
> [ssl_sect]
> system_default = system_default_sect
> [system_default_sect]
> Options = UnsafeLegacyRenegotiation_
> EOF
>
> $ OPENSSL_CONF=/tmp/openssl.conf curl <usual options>
> ```
>
> That comes from https://github.com/dlenski/gp-saml-gui/issues/42
>
> ** Bug watch added: github.com/dlenski/gp-saml-gui/issues #42
> https://github.com/dlenski/gp-saml-gui/issues/42
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1968467
>
> Title:
> CSD scripts do not work on jammy
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/openconnect/+bug/1968467/+subscriptions
>
>
That does, work, note that the leading and trailing _ are garbage, file
should be:
root@c5c1367d7a 8e:/# cat /tmp/openssl.conf default_ sect] egotiation 8e:/# OPENSSL_ CONF=/tmp/ openssl. conf curl -k -v /xxx/CACHE/ sdesktop/ hostscan/ linux_x64/ manifest
openssl_conf = openssl_init
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_
Options = UnsafeLegacyRen
root@c5c1367d7a
https:/
[..]
< HTTP/1.1 200 OK
< Content-Type:
< Content-Length: 813
< Cache-Control: max-age=6000
Thanks,
Jason
On Fri, Apr 22, 2022 at 12:10 AM Dan Lenski <email address hidden>
wrote:
> @jgunthorpe, what if you do something like this, where you create an default_ sect] egotiation_ CONF=/tmp/ openssl. conf curl <usual options> /github. com/dlenski/ gp-saml- gui/issues/ 42 com/dlenski/ gp-saml- gui/issues #42 /github. com/dlenski/ gp-saml- gui/issues/ 42 /bugs.launchpad .net/bugs/ 1968467 /bugs.launchpad .net/ubuntu/ +source/ openconnect/ +bug/1968467/ +subscriptions
> OPENSSL_CONF that explicitly (re)enables unsafe legacy negotiation?
> Instead of using /dev/null.
>
> ```
> $ cat > /tmp/openssl.conf <<EOF
> _openssl_conf = openssl_init
> [openssl_init]
> ssl_conf = ssl_sect
> [ssl_sect]
> system_default = system_default_sect
> [system_
> Options = UnsafeLegacyRen
> EOF
>
> $ OPENSSL_
> ```
>
> That comes from https:/
>
> ** Bug watch added: github.
> https:/
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> CSD scripts do not work on jammy
>
> To manage notifications about this bug go to:
>
> https:/
>
>