Control: tags -1 patch Hello,
pirmadienis 20 Gegužė 2013 23:56:02 David Woodhouse rašė: > On Mon, 2013-05-20 at 22:56 +0300, Modestas Vainius wrote: > > It appears that the gateway does not like a POST request it gets to its / > > and then invalidates SSL connection. But openconnect does not detect this > > condition and tries to fallback to GET / on the same connection which has > > no chance of succeeding since connection is no longer valid. > > Aha, thanks for the excellent debugging. So does this fix it? It should > now close the connection correctly, in the situation you describe. Yes, the patch makes openconnect work again. Thanks. > > It's not ideal; we really ought to handle the write failure in > do_https_request() and attempt to re-open the socket *if* we were > re-using an existing one. But that'll take a little more work... Yeah, for example, openconnect still complains with error messages after XML POST even in non-verbose mode. However, the whole thing works and IMHO is releasable. Feel free to ask me to test another version of the patch whenever you have it ready. # openconnect https://gwaddress.example.com/ Attempting to connect to server xx.xx.xx.xx:443 SSL negotiation with gwaddress.example.com Connected to HTTPS on gwaddress.example.com POST https://gwaddress.example.com/ Failed to read from SSL socket: A TLS packet with unexpected length was received. Error fetching HTTPS response SSL negotiation with gwaddress.example.com Connected to HTTPS on gwaddress.example.com GET https://gwaddress.example.com/ Got HTTP response: HTTP/1.1 303 See Other GET https://gwaddress.example.com/webvpn.html Please enter your username and password. USERNAME:
signature.asc
Description: This is a digitally signed message part.
