Bug 1276792
Summary: | TLS priority string error while connecting to AnyConnect server | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Peio Borthelle <peio.borthelle> |
Component: | openconnect | Assignee: | David Woodhouse <dwmw2> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 22 | CC: | dwmw2, nmavrogi |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-02 17:38:06 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Peio Borthelle
2015-10-31 00:11:16 UTC
I don't think it should be that commit; that only fixes something that broke immediately before it. Can you show the priority string that's actually being used, please? You might capture it with ltrace, or maybe need to rebuild with an additional debug output. By reproducing the build process of the fedora package i managed to reproduce the error: the priority string is "@SYSTEM" and this comes from the fact that the `configure` script is called with the `--with-default-gnutls-priority="@SYSTEM"` option (http://pkgs.fedoraproject.org/cgit/openconnect.git/tree/openconnect.spec?h=f22, `%configure` section). Removing this option appears to fix the bug. According to the GnuTLS reference, "@SYSTEM" it should be expanded at compile time, from a system configuration file. I noted that there is no such file in my system and even by adding one at the default location with some valid value (`SYSTEM=NORMAL:+ARCFOUR-128`), the priority string remains same. Is that a stock fedora 22 system or modified in some way? In F22 you should have the crypto-policies package which should have generated the required files. If not try running update-crypto-policies. Indeed, I am running chapeau-linux 22 (http://chapeaulinux.org/), a fedora spin-off. The crypto-policies package was installed, but running `update-crypto-policies` fixed the bug, everything is fine now. I am going to report this to the chapeau maintainer. |