Bug 1451773 - openconnect 7.06 cannot connect to Juniper/Junos
Summary: openconnect 7.06 cannot connect to Juniper/Junos
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: openconnect
Version: epel7
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Nikos Mavrogiannopoulos
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-17 13:36 UTC by Rainer Traut
Modified: 2018-08-01 18:48 UTC (History)
2 users (show)

Fixed In Version: openconnect-7.08-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-08-01 18:48:10 UTC


Attachments (Terms of Use)

Description Rainer Traut 2017-05-17 13:36:50 UTC
Description of problem:
I'm trying to connect to an Junos Pulse server with openconnect.
The shipped version of openconnect does not understand the --protocol option and fails to connect.

Version-Release number of selected component (if applicable):
openconnect-7.06-1.el7.x86_64

How reproducible:
always; try to connect with 7.06.

Steps to Reproduce:
1. 
openconnect -u user --servercert sha256:7580d2efd2f0d7583c4b2e90cf647c2fec70e165d...54 	https://xyz.de/service

2. 
Server SSL certificate didn't match: sha1:21a4...32dc6b4cc9ce549d3e
SSL connection failure: Error in the certificate.
Failed to open HTTPS connection to xyz.de
Failed to obtain WebVPN cookie

3.
I rebuild openconnect 7.08 and tried with --protocol=nc:

openconnect -u user --protocol=nc --servercert sha256:7580d2efd2f0d7583c4b2e90cf647c2fec7...54 \
	https://xyz.de/service

GET https://xyz.de/service
Connected to xxx.yyy.aaa.22:443
SSL negotiation with xyz.de
Server certificate verify failed: signer not found
Connected to HTTPS on gate.fraport.de
Got HTTP response: HTTP/1.1 302 Found
GET https://xyz.de/xxx/auth/url_5/welcome.cgi
SSL negotiation with xyz.de
Server certificate verify failed: signer not found
Connected to HTTPS on xyz.de
frmLogin
password:


Actual results:
no connection


Expected results:
connection

Additional info:
- it works fine with openconnect 7.08 and option --protocol=nc
- with openconnect 7.06 the server answers with a sha1 certificate(?) and fails

Comment 1 Fedora Update System 2017-05-17 15:27:27 UTC
openconnect-7.08-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8c38a6c841

Comment 2 Rainer Traut 2017-05-18 08:26:06 UTC
Thx this was fast...

Any chance to get ocproxy in epel?

Comment 3 Nikos Mavrogiannopoulos 2017-05-18 09:07:15 UTC
I have no plans for it, but anyone can bring packages to epel. Feel free to introduce it.

Comment 4 Fedora Update System 2017-05-18 21:37:01 UTC
openconnect-7.08-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8c38a6c841

Comment 5 Fedora Update System 2018-08-01 18:48:10 UTC
openconnect-7.08-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.