1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1099497: Openconnect is broken for TLS v1.3

    From Siddh Raman Pant@21:1/5 to All on Thu Apr 3 18:00:02 2025
    Ping?


    Please fix this before testing freeze!


    Thanks,
    Siddh

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?utf-8?q?Bj=C3=B6rn_Baumbach?=@21:1/5 to All on Tue May 20 14:20:01 2025
    Package: openconnect
    Version: 9.12-3
    Followup-For: Bug #1099497

    A reconnect to a Cisco ASA, e.g. triggered by a USR2 signal, always leads to: Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized

    This happens with openconnect 9.12-3 in trixie and 9.01-3 on bookworm.

    Known as openconnect issue 659: https://gitlab.com/openconnect/openconnect/-/issues/659

    I confirm that the following fix solves the issue: https://gitlab.com/openconnect/openconnect/-/commit/94e0b16c011b7b88708b8a8505fac6bfbe2e3cca

    -- System Information:
    Debian Release: 13.0
    APT prefers testing
    APT policy: (500, 'testing')
    Architecture: amd64 (x86_64)

    Kernel: Linux 6.8.0-59-generic (SMP w/8 CPU threads; PREEMPT)
    Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US Shell: /bin/sh linked to /usr/bin/dash
    Init: unable to detect

    Versions of packages openconnect depends on:
    ii libc6 2.41-7
    ii libgnutls30t64 3.8.9-2
    ii libopenconnect5 9.12-3
    ii libproxy1v5 0.5.9-1
    ii libxml2 2.12.7+dfsg+really2.9.14-1
    ii vpnc-scripts 0.1~git20220510-1

    Versions of packages openconnect recommends:
    ii python3 3.13.3-1
    ii python3-asn1crypto 1.5.1-3
    ii python3-mechanize 1:0.4.10+ds-3
    ii python3-netifaces 0.11.0-2+b6

    Versions of packages openconnect suggests:
    ii bash-completion 1:2.16.0-7
    ii xdg-utils 1.2.1-2

    -- no debconf information

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)