Description of problem: When using openconnect with csd-post.sh script (bundled with openconnect) for anyconnect, it doesn't connect, gives error about empty document twice and indefinitely tries to reconnect with generic wait page. I'm using Fedora Silverblue, so i could easily swap versions and check if that was the case with upgrading from 35 version, and indeed on 35 release it works fine. Version-Release number of selected component (if applicable): 8.20-1.fc36 8.10-8.fc36 (tested early version of f36 through ostree commits, same issue) How reproducible: I connect to my vpn provider (cisco anyconnect vpn with csd trojan checker) so not quite sure how can it be reproduced locally without it, or how exactly i can provide logs without leaking sensitive information. Steps to Reproduce: 1. Install latest openconnect on fedora 36 2. Try connecting through terminal like so: 'sudo openconnect --user=user --csd-wrapper=/usr/libexec/openconnect/csd-post.sh hostname' Actual results: It will give empty document error twice and reconnect indefinitely Expected results: It should give you login form after short amount of time for further login Additional info: Originally i created issue on Silverblue github (https://github.com/fedora-silverblue/issue-tracker/issues/274), but moved to here for specifically openconnect component. I tried enabling insecure curl like here https://gitlab.com/openconnect/openconnect/-/issues/181#note_716078698 (by copying that csd-post script and using it's modified version), but it didn't help either.
Same problem for me on F36 workstation. It worked on F35 using the newest csd-post.sh (the same available in F36).
Changes between 8.10-7 and 8.20-1 are rather small and just looking over them they don't seem to even change anything in the end (for default installation and for fedora 35/36) And given that it doesn't work on 8.10-8 on fedora 36, i think there's something else going on 8.10-8.20 csd-post changes: https://gitlab.com/openconnect/openconnect/-/commit/eef404edf3eff3350c3900521f1a13af2c24cf53 https://gitlab.com/openconnect/openconnect/-/commit/026236a2e2a241732ccbfd9abf434893c27e5af9
The TOKEN variable is not set in F36 because the command 'curl $PINNEDPUBKEY "$URL"' from csd-post.sh errors out with: curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation disabled Maybe due to the upgrade of openssl from 1.1.1 to 3.0?
Confirming that the workaroud suggested in https://bugs.launchpad.net/ubuntu/+source/openconnect/+bug/1968467/comments/6 works for me.
Confirming solution above (https://bugs.launchpad.net/ubuntu/+source/openconnect/+bug/1968467/comments/6), it works for me too. Initially i tried doing pretty much the same solution inside csd-post (because i thought that curl was the culprit), but now i see that i actually need to do so within openconnect context. Any workarounds for now that would enable this to work with networkmanager (to allow it to see such vpn connection, or maybe there is a way to pass environment variable to it)?
This message is a reminder that Fedora Linux 36 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 36 on 2023-05-16. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '36'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 36 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
Fedora Linux 36 entered end-of-life (EOL) status on 2023-05-16. Fedora Linux 36 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora Linux please feel free to reopen this bug against that version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see the version field. If you are unable to reopen this bug, please file a new report against an active release. Thank you for reporting this bug and we are sorry it could not be fixed.