Control: tags 1099497 + pending
[CC'ing here as well #1119300, which has pending action for the next
poin release and to which I would need to rebase the trixie-pu related
update as well]
Dear maintainer,
I've prepared an NMU for openconnect (versioned as 9.12-3.2) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should cancel it.
The issues affects several people not able to connect anymore to their
VPN after provider side there was a isco ASA gateway update. The fix
has been verified as well for trixie installations, and I aim to see
the fix land for the next point release if possible. Thus as a first
step we need to go to unstable,.
What is the status for #1119300? Does that update prepared by Lee
looks inline how you would like to see things implemented in the
packaging? Because the fix for #1099497 would need to go on top of
that with a separate trixie-pu bug. SRM do both changes looks
acceptable for you for a point release update?
Related merge request for unstable is at:
https://salsa.debian.org/debian/openconnect/-/merge_requests/8
Debusine workflows:
https://debusine.debian.net/debian/developers/work-request/290402/
Regards,
Salvatore
diffstat for openconnect-9.12 openconnect-9.12
changelog | 9
patches/Use-RFC9266-tls-exporter-channel-bindings-for-Cisco-.patch | 110 ++++++++++
patches/series | 2
patches/use-the-unsigned-printf-qualifier-for-size_t-fixes-M.patch | 27 ++
4 files changed, 148 insertions(+)
diff -Nru openconnect-9.12/debian/changelog openconnect-9.12/debian/changelog
--- openconnect-9.12/debian/changelog 2025-10-28 20:54:32.000000000 +0100
+++ openconnect-9.12/debian/changelog 2025-12-23 22:29:05.000000000 +0100
@@ -1,3 +1,12 @@
+openconnect (9.12-3.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * use the unsigned printf qualifier for size_t : fixes MinGW{32,64} build
+ * Use RFC9266 'tls-exporter' channel bindings for Cisco STRAP with TLSv1.3
+ (Closes: #1099497)
+
+ -- Salvatore Bonaccorso <[email protected]> Tue, 23 Dec 2025 22:29:05 +0100
+
openconnect (9.12-3.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru openconnect-9.12/debian/patches/Use-RFC9266-tls-exporter-channel-bindings-for-Cisco-.patch openconnect-9.12/debian/patches/Use-RFC9266-tls-exporter-channel-bindings-for-Cisco-.patch
--- openconnect-9.12/debian/patches/Use-RFC9266-tls-exporter-channel-bindings-for-Cisco-.patch 1970-01-01 01:00:00.000000000 +0100
+++ openconnect-9.12/debian/patches/Use-RFC9266-tls-exporter-channel-bindings-for-Cisco-.patch 2025-11-17 12:57:06.000000000 +0100
@@ -0,0 +1,110 @@
+From: David Woodhouse <[email protected]>
+Date: Fri, 15 Nov 2024 15:46:05 +0000
+Subject: Use RFC9266 'tls-exporter' channel bindings for Cisco STRAP with
+ TLSv1.3
+Origin: https://gitlab.com/openconnect/openconnect/-/commit/94e0b16c011b7b88708b8a8505fac6bfbe2e3cca
+Bug-Debian: https://bugs.debian.org/1099497
+Bug: https://gitlab.com/openconnect/openconnect/-/issues/659
+
+Fixes #659
+
+Signed-off-by: David Woodhouse <[email protected]>
+---
+ gnutls.c | 20 +++++++++++++++++++-
+ openconnect-internal.h | 5 +++++
+ openssl.c | 30 +++++++++++++++++++++++-------
+ www/changelog.xml | 1 +
+ 4 files changed, 48 insertions(+), 8 deletions(-)
+
+diff --git a/gnutls.c b/gnutls.c
+index 9fc010b984b7..6c2e3aec29c1 100644
+--- a/gnutls.c
++++ b/gnutls.c
+@@ -3176,7 +3176,25 @@ void append_strap_verify(struct openconnect_info *vpninfo,
+
+ /* Concatenate our Finished message with our pubkey to be signed */
+ struct oc_text_buf *nonce = buf_alloc();
+- buf_append_bytes(nonce, vpninfo->finished, vpninfo->finished_len);
++ if (gnutls_protocol_get_version(vpninfo->https_sess) <= GNUTLS_TLS1_2) {
++ /* For TLSv1.2 and earlier, use RFC5929 'tls-unique' channel binding */
++ buf_append_bytes(nonce, vpninfo->finished, vpninfo->finished_len);
++ } else {
++ /* For TLSv1.3 use RFC9266 'tls-exporter' channel binding */
++ char channel_binding_buf[TLS_EXPORTER_KEY_SIZE];
++ err = gnutls_prf(vpninfo->https_sess, TLS_EXPORTER_LABEL_SIZE, TLS_EXPORTER_LABEL,
++ 0, 0, 0, TLS_EXPORTER_KEY_SIZE, channel_binding_buf);
++ if (err) {
++ vpn_progress(vpninfo, PRG_ERR,
++ _("Failed to generate channel bindings for STRAP key: %s\n"),
++ gnutls_strerror(err));
++ if (!buf_error(buf))
++ buf->error = -EIO;
++ buf_free(nonce);
++ return;
++ }
++ buf_append_bytes(nonce, channel_binding_buf, TLS_EXPORTER_KEY_SIZE);
++ }
+
+ if (rekey) {
+ /* We have a copy and we don't want it freed just yet */
+diff --git a/openconnect-internal.h b/openconnect-internal.h
+index 5abfe98d79c5..600b43b31ec8 100644
+--- a/openconnect-internal.h
++++ b/openconnect-internal.h
+@@ -1060,6 +1060,11 @@ static inline void __monitor_fd_new(struct openconnect_info *vpninfo,
+ #define PSK_LABEL_SIZE (sizeof(PSK_LABEL) - 1)
+ #define PSK_KEY_SIZE 32
+
++/* Key material for RFC9266 tls-exporter channel binding */
++#define TLS_EXPORTER_LABEL "EXPORTER-Channel-Binding"
++#define TLS_EXPORTER_LABEL_SIZE (sizeof(TLS_EXPORTER_LABEL) - 1)
++#define TLS_EXPORTER_KEY_SIZE 32
++
+ /* Packet types */
+
+ #define AC_PKT_DATA 0 /* Uncompressed data */
+diff --git a/openssl.c b/openssl.c
+index 3f204d0f19af..b354cf7466e6 100644
+--- a/openssl.c
++++ b/openssl.c
+@@ -2518,14 +2518,30 @@ void append_strap_verify(struct openconnect_info *vpninfo,
+ struct oc_text_buf *buf, int rekey)
+ {
+ unsigned char finished[64];
+- size_t flen = SSL_get_finished(vpninfo->https_ssl, finished, sizeof(finished));
++ size_t flen;
+
+- if (flen > sizeof(finished)) {
+- vpn_progress(vpninfo, PRG_ERR,
+- _("SSL Finished message too large (%zu bytes)\n"), flen);
+- if (!buf_error(buf))
+- buf->error = -EIO;
+- return;
++ if (SSL_SESSION_get_protocol_version(SSL_get_session(vpninfo->https_ssl)) <= TLS1_2_VERSION) {
++ /* For TLSv1.2 and earlier, use RFC5929 'tls-unique' channel binding */
++ flen = SSL_get_finished(vpninfo->https_ssl, finished, sizeof(finished));
++ if (flen > sizeof(finished)) {
++ vpn_progress(vpninfo, PRG_ERR,
++ _("SSL Finished message too large (%zu bytes)\n"), flen);
++ if (!buf_error(buf))
++ buf->error = -EIO;
++ return;
++ }
++ } else {
++ /* For TLSv1.3 use RFC9266 'tls-exporter' channel binding */
++ if (!SSL_export_keying_material(vpninfo->https_ssl,
++ finished, TLS_EXPORTER_KEY_SIZE,
++ TLS_EXPORTER_LABEL, TLS_EXPORTER_LABEL_SIZE,
++ NULL, 0, 0)) {
++ vpn_progress(vpninfo, PRG_ERR,
++ _("Failed to generate channel bindings for STRAP key\n"));
++ openconnect_report_ssl_errors(vpninfo);
++ return;
++ }
++ flen = TLS_EXPORTER_KEY_SIZE;
+ }
+
+ /* If we're rekeying, we need to sign the Verify header with the *old* key. */
+--
+2.51.0
+
diff -Nru openconnect-9.12/debian/patches/series openconnect-9.12/debian/patches/series
--- openconnect-9.12/debian/patches/series 2025-10-28 20:54:32.000000000 +0100
+++ openconnect-9.12/debian/patches/series 2025-11-17 12:55:27.000000000 +0100
@@ -1 +1,3 @@
dont-default-form-action.patch
+use-the-unsigned-printf-qualifier-for-size_t-fixes-M.patch
+Use-RFC9266-tls-exporter-channel-bindings-for-Cisco-.patch
diff -Nru openconnect-9.12/debian/patches/use-the-unsigned-printf-qualifier-for-size_t-fixes-M.patch openconnect-9.12/debian/patches/use-the-unsigned-printf-qualifier-for-size_t-fixes-M.patch
--- openconnect-9.12/debian/patches/use-the-unsigned-printf-qualifier-for-size_t-fixes-M.patch 1970-01-01 01:00:00.000000000 +0100
+++ openconnect-9.12/debian/patches/use-the-unsigned-printf-qualifier-for-size_t-fixes-M.patch 2025-11-17 12:52:40.000000000 +0100
@@ -0,0 +1,27 @@
+From: Timothee 'TTimo' Besset <[email protected]>
+Date: Sun, 26 Nov 2023 10:13:05 -0600
+Subject: use the unsigned printf qualifier for size_t : fixes MinGW{32,64}
+ build
+Origin: https://gitlab.com/openconnect/openconnect/-/commit/958a59aed57df84a8ff0c86e1d0c6a4542edf5b2
+
+Signed-off-by: Timothee Besset <[email protected]>
+---
+ openssl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/openssl.c b/openssl.c
+index f8e0b1e9dd7b..dd4d761d971a 100644
+--- a/openssl.c
++++ b/openssl.c
+@@ -2522,7 +2522,7 @@ void append_strap_verify(struct openconnect_info *vpninfo,
+
+ if (flen > sizeof(finished)) {
+ vpn_progress(vpninfo, PRG_ERR,
+- _("SSL Finished message too large (%zd bytes)\n"), flen);
++ _("SSL Finished message too large (%zu bytes)\n"), flen);
+ if (!buf_error(buf))
+ buf->error = -EIO;
+ return;
+--
+2.51.0
+
