Bug 733431
Summary: | NM-openconnect is built against static libopenconnect; needs to be rebuilt against openconnect 3.11 | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Erinn Looney-Triggs <erinn.looneytriggs> |
Component: | NetworkManager-openconnect | Assignee: | David Woodhouse <dwmw2> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 16 | CC: | dcbw, dwmw2 |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | NetworkManager-openconnect-0.9.0-2.fc15 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-08-28 05:25:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Erinn Looney-Triggs
2011-08-25 17:06:11 UTC
When you try to connect, the server *might* ask you for a username/password. Or it might ask for your mother's maiden name and your favourite colour. We have no way of knowing — it's just arbitrary HTTP forms. We *used* to assume that it'll ask for username/password, and ask for those in advance. That was a bug. Now we don't do it. Just try to start the connection, and the authentication dialog will pop up and ask you for any information the server requires. Hmm ok, problem is that is not what I am experiencing, when I attempt to connect it is throwing an SSL error specifically error 40, which from what I gather is a complaint about the client not presenting a certificate to the server. So I assumed it was because the username/password option had disappeared and it was defaulting to certificate auth. Let me see if can get you more information. Error output exactly: SSL connection failure 139863678563968:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1193:SSL alert number 40 This might then be a bug in another location but I am not sure where, or well the user sitting in the chair :) Hm, probably fixed in OpenConnect v3.11. What is the VPN server address? cipher.providigm.com, looks like I am running 3.11: openconnect-3.11-1.fc16.x86_64 Still trying to dig up what alert number 40 really means. -Erinn And if it helps any I am able to make a successful openconnect connection via the CLI. Ah, right. So yes, I'm fairly sure it was fixed in OpenConnect v3.11. But NetworkManager-openconnect is still built using an older, static, libopenconnect. I thought we'd rebuilt it against the dynamic library, so this bug would have been fixed... but evidently not. If you just rebuild NM-openconnect for yourself this bug should go away. David, Thanks for taking the time to look into this, and find a solution, I really appreciate it. -Erinn NetworkManager-openconnect-0.8.999-3.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/NetworkManager-openconnect-0.8.999-3.fc16 Package NetworkManager-openconnect-0.8.999-3.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing NetworkManager-openconnect-0.8.999-3.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/NetworkManager-openconnect-0.8.999-3.fc16 then log in and leave karma (feedback). NetworkManager-openconnect-0.8.999-3.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. NetworkManager-openconnect-0.9.0-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/NetworkManager-openconnect-0.9.0-2.fc15 NetworkManager-openconnect-0.9.0-2.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. |