Description of problem: Tried setting up connection to vpn using openconnect command-line invocation Version-Release number of selected component: openconnect-4.99-1.fc19 Additional info: reporter: libreport-2.1.4 backtrace_rating: 4 cmdline: openconnect --script /etc/vpnc/vpnc-script https://redacted.url/ crash_function: __strlen_sse2_pminub executable: /usr/sbin/openconnect kernel: 3.9.2-301.fc19.x86_64 runlevel: N 5 uid: 1000 Truncated backtrace: Thread no. 1 (3 frames) #0 __strlen_sse2_pminub at ../sysdeps/x86_64/multiarch/strlen-sse2-pminub.S:38 #1 parse_xml_response at auth.c:497 #2 openconnect_obtain_cookie at http.c:988
Created attachment 750026 [details] File: backtrace
Created attachment 750027 [details] File: cgroup
Created attachment 750028 [details] File: core_backtrace
Created attachment 750029 [details] File: dso_list
Created attachment 750030 [details] File: environ
Created attachment 750031 [details] File: limits
Created attachment 750032 [details] File: maps
Created attachment 750033 [details] File: open_fds
Created attachment 750034 [details] File: proc_pid_status
Created attachment 750035 [details] File: var_log_messages
This is fixed in OpenConnect 5.00, released a day or two ago. Although another compatibility issue has surfaced so there'll be a 5.01 very shortly, which will get into Fedora 19 as an update. Please could you show the output from openconnect before it crashed? The crash is bad, but I suspect even with that fixed, it wasn't going to *work*; the crash happened in a situation which should never happen. So I'd like to double-check that the latest version is really doing to do the right thing for you.
openconnect -v https://vpn.redactedhost.com:8998/home Attempting to connect to server 203.122.232.27:8998 SSL negotiation with vpn.redactedhost.com Server certificate verify failed: signer not found Certificate from VPN server "vpn.redactedhost.com" failed verification. Reason: signer not found Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on vpn.redactedhost.com POST https://vpn.redactedhost.com:8998/home Got HTTP response: HTTP/1.1 303 See Other Content-Type: text/html Content-Length: 0 Location: https://vpn.redactedhost.com:8998/webvpn.html Set-Cookie: webvpncontext=00@RedactedHost; path=/; Secure Connection: Keep-Alive HTTP body length: (0) GET https://vpn.redactedhost.com:8998/webvpn.html Got HTTP response: HTTP/1.1 303 See Other Content-Type: text/html Content-Length: 0 Location: https://vpn.redactedhost.com:8998/webvpn.html Set-Cookie: webvpncontext=00@RedactedHost; path=/; Secure Connection: Keep-Alive HTTP body length: (0) Segmentation fault (core dumped)
OpenConnect 5.00 fixes the crash. However, it doesn't fix the fact that your server is returning a redirect to the *same* location. If we disable the 'xmlpost' support, it works. I'm going to have to come up with a better fix, to make this work automatically.
I've just pushed a fix to the git repository, which should make things work for you again. Please could you test? Are you able to build from git, or do you need me to build a package?
Thanks David, I'm fine testing from git but won't have a chance to try until later today. Will let you know soon.
No problem. If this works then it'll be in the 5.01 release which is still "imminent"; I'll probably do it some time next week once the dust is settled on these changes. Thanks.
Thanks David I can confirm it works - thanks also for the speedy response, I really appreciate your hard work.
Please could you test again with the scratch build at http://koji.fedoraproject.org/koji/taskinfo?taskID=5442326 I've changed some more of the fallback handling, and I get a failure when I connect to 203.122.232.27:8998 — but then again, I get the same failure when I revert to the code from a few days ago, which you said was working.
I can confirm the scratch build still works in my case - thanks.
Accessing the raw IP also fails for me since I think this is doing some vhost type magic and hence you need to use the fqdn (I can send it to you in a private email if you'd like)
Actually scratch that - the trick is it's only available over ssl - so https://203.122.232.27:8998/home should work (you need the /home as far as I can tell)
Great, thanks.
openconnect-5.01-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/openconnect-5.01-1.fc19
Package openconnect-5.01-1.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openconnect-5.01-1.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-9871/openconnect-5.01-1.fc19 then log in and leave karma (feedback).
openconnect-5.01-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.