Re: Trying to build openconnect 8.20 on ubuntu 20

Tue, 15 Mar 2022 00:39:02 -0700 

Hi,
It definitely looks like an Ubuntu bug. I can reproduce this issue when building against the OpenSSL library that ships with Ubuntu 20.04: 

$ ./configure \
        --prefix=/my/path/openconnect \
        --with-vpnc-script=/my/src/vpnc-scripts/vpnc-script \
        --with-openssl
$
$ make check
[...]
make  check-TESTS
make[2] : on entre dans le répertoire « /my/path/openconnect/tests »
make[3] : on entre dans le répertoire « /my/path/openconnect/tests »
PASS: autocompletion
PASS: lzstest
PASS: seqtest
PASS: buftest
FAIL: bad_dtls_test
============================================================================
Testsuite summary for openconnect 8.20
============================================================================
# TOTAL: 5
# PASS:  4
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0
============================================================================
See tests/test-suite.log
============================================================================
[...]
$



This failure disappears after building against a vanilla OpenSSL 1.1.1f:

$ ./configure \
        --prefix=/my/path/openconnect \
        --with-vpnc-script=/my/src/vpnc-scripts/vpnc-script \
        --with-openssl=/my/src/openssl-1.1.1f
$
$ make check
[...]
make  check-TESTS
make[2] : on entre dans le répertoire « /my/src/openconnect/tests »
make[3] : on entre dans le répertoire « /my/src/openconnect/tests »
PASS: autocompletion
PASS: lzstest
PASS: seqtest
PASS: buftest
PASS: bad_dtls_test
============================================================================
Testsuite summary for openconnect 8.20
============================================================================
# TOTAL: 5
# PASS:  5
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
[...]
$

Dimitri Papadopoulos

Le 15/03/2022 à 01:50, Daniel Lenski a écrit :

So it's really an issue of building against OpenSSL vs. GnuTLS. It's
definitely worth documenting the OpenSSL 1.1.1f issue here:
- https://www.infradead.org/openconnect/anyconnect.html
-
https://gitlab.com/openconnect/openconnect/-/blob/master/openssl-dtls.c#L774-784


Exactly.

Without a bit more investigation, I'm hesitant to categorically state
that 1.1.1f is buggy (rather than "1.1.1f as distributed by Ubuntu"),
because the support for "Cisco/pre-1.0 DTLS" seems to get broken
inadvertently so often, due to being the most unloved and obscure
variant of TLS/DTLS around.




_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel






















					Reply via email to