-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openconnect: cannot establish DTLS if built against OpenSSL #9206
Comments
Are you compiling without deprecated APIs? |
No. It doesn't even build without deprecated APIs |
Found the error (probably). Try this patch:
Or the full one:
|
The issue is here: https://github.com/openconnect/openconnect/blob/master/openssl-dtls.c#L352 HAVE_DTLS12 ends up being undefined, which makes https://github.com/openconnect/openconnect/blob/master/openssl-dtls.c#L362 use an uninitialized value, thereby crashing the program. |
Could you please open an bug on the upstream project? https://gitlab.com/openconnect/openconnect |
Thank you! |
@neheb What patches should I apply? Would you please open a PR here? |
@dwmw2 a bit off topic. I noticed the download URL works with ftp:// but not http:// . HTTP redirects to some spam. |
Hm? The FTP URL should be just fine as-is. It does indeed only work with ftp at the start, just as it only works with infradead in the middle. Manually change it to go elsewhere... and you'll end up elsewhere :) |
Fix was merged and backported to 19.07. @nmav hope you don't mind. |
Of course not, thank you! |
Maintainer: @nmav
Version: OpenConnect 8.03, OpenSSL 1.1.1c / GNUTLS 3.6.8
Description:
When built against OpenSSL, OpenConnect cannot establish DTLS
GNUTLS is fine
The text was updated successfully, but these errors were encountered: