Bug#979536: openconnect: Assertion on connection to GlobalProtect
I am able to connect after downgrading libgnutls to 3.6.15-5. It could be an issue with the server certs, but since I'm able to connect to the same server using an older version of the library, as well as from clients on windows and android, it seems more likely to me that the problem is in libgnutls. I'll open a new report for that package. You can consider the report for openconnect resolved. Thanks! On 1/18/21 1:04 AM, Luca Boccassi wrote: On Thu, 07 Jan 2021 11:22:16 -0900 Matt wrote: Package: openconnect Version: 8.10-2+b1 Severity: important X-Debbugs-Cc: tardarsa...@gmail.com Dear Maintainer, After upgrading openconnect from 8.10-1 to 8.10-2+b1, I can no longer connect to a GlobalProtect VPN. This is the output from a connection attempt (with identifying information removed): $ sudo openconnect --protocol gp -u POST https:///global-protect/prelogin.esp?tmp=tmp=4100=Linux Connected to :443 SSL negotiation with openconnect: ../../../lib/x509/common.c:1794: _gnutls_sort_clist: Assertion `k == clist_size' failed. Aborted Nothing changed but a new version of libgnutls, so that likely means there's some problem with the certificates your server is issueing?
Bug#979536: openconnect: Assertion on connection to GlobalProtect
On Thu, 07 Jan 2021 11:22:16 -0900 Matt wrote: > Package: openconnect > Version: 8.10-2+b1 > Severity: important > X-Debbugs-Cc: tardarsa...@gmail.com > > Dear Maintainer, > > After upgrading openconnect from 8.10-1 to 8.10-2+b1, I can no longer connect > to a GlobalProtect VPN. > > This is the output from a connection attempt (with identifying information > removed): > > $ sudo openconnect --protocol gp -u > POST > https:///global-protect/prelogin.esp?tmp=tmp=4100=Linux > Connected to :443 > SSL negotiation with > openconnect: ../../../lib/x509/common.c:1794: _gnutls_sort_clist: Assertion > `k == clist_size' failed. > Aborted Nothing changed but a new version of libgnutls, so that likely means there's some problem with the certificates your server is issueing? -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#979536: openconnect: Assertion on connection to GlobalProtect
Package: openconnect Version: 8.10-2+b1 Severity: important X-Debbugs-Cc: tardarsa...@gmail.com Dear Maintainer, After upgrading openconnect from 8.10-1 to 8.10-2+b1, I can no longer connect to a GlobalProtect VPN. This is the output from a connection attempt (with identifying information removed): $ sudo openconnect --protocol gp -u POST https:///global-protect/prelogin.esp?tmp=tmp=4100=Linux Connected to :443 SSL negotiation with openconnect: ../../../lib/x509/common.c:1794: _gnutls_sort_clist: Assertion `k == clist_size' failed. Aborted -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (900, 'testing'), (600, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.9.0-5-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openconnect depends on: ii libc62.31-6 ii libgnutls30 3.7.0-5 ii libopenconnect5 8.10-2+b1 ii libproxy1v5 0.4.16-2 ii libxml2 2.9.10+dfsg-6.3+b1 ii vpnc-scripts 0.1~git20200930-1 Versions of packages openconnect recommends: ii python3 3.9.1-1 ii python3-asn1crypto 1.4.0-1 ii python3-mechanize 1:0.4.5-2 ii python3-netifaces 0.10.9-0.2+b3 Versions of packages openconnect suggests: ii bash-completion 1:2.11-2 -- no debconf information