I don't know if this should be a separate ticket, but I also have a confirmed case where --no-xmlpost corrects the problem. I need to specify --authgroup XXX where XXX is NOT one of the valid options listed in the response from the sever. The server probably shouldn't be setup that way, but it's not under my control. :-( By looking at the code in auth.c, it appears that the user supplied authgroup is now validated against the list returned from the server as part of the xmlpost code. Adding --no-xmlpost corrects the problem because there's no list to validate against. I propose as a fix that when specified explicitly, that openconnect attempt to use the specifed authgroup value before rejecting it as invalid.
The problem appeared during an Ubuntu 13.04 to 13.10 upgrade. The version of openconnect requiring the --no-xmlpost option is: OpenConnect version v5.01 Using GnuTLS. Features present: PKCS#11, TOTP software token, DTLS (using OpenSSL) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1229195 Title: Openconnect will not connect under Saucy -- openssl problem? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openconnect/+bug/1229195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
