]> code.communitydata.science - nu-vpn-proxy.git/commitdiff
fix issue with openssl
authorBenjamin Mako Hill <mako@atdot.cc>
Wed, 19 Apr 2023 17:03:40 +0000 (10:03 -0700)
committerBenjamin Mako Hill <mako@atdot.cc>
Wed, 19 Apr 2023 17:03:40 +0000 (10:03 -0700)
The scripts seem to be relying on a legacy openssl renegotiation
protocol and this allows it to continue. I don't know if this a
requirement on the NU side or a feature of these scripts but this
works around it in the shorter term.

openssl.conf [new file with mode: 0644]
ssh-vpn-proxy

diff --git a/openssl.conf b/openssl.conf
new file mode 100644 (file)
index 0000000..9a6b314
--- /dev/null
@@ -0,0 +1,11 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+Options = UnsafeLegacyRenegotiation
+
index 3548b40ec1a01de31807ffc40195cc432de0d4b3..819d175bd445fa57bab660263d6610db5fe7f44a 100755 (executable)
@@ -1,5 +1,7 @@
 #!/bin/bash 
 
+export OPENSSL_CONF="${HOME}/bin/nu-vpn-proxy/openssl.conf"
+# this allows for legacy renegotation which seems to be required now
 SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
 
 # connects to SSH through openconnect and VPN
@@ -7,7 +9,7 @@ SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
 
 
 # first run openconnect
-/sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid -S --startas "$HOME/bin/nu-vpn-proxy/openconnect_command-ssh.sh" &  
+/sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid -S --startas "${HOME}/bin/nu-vpn-proxy/openconnect_command-ssh.sh" &  
 sleep 2
 
 # kill connection on exit

Community Data Science Collective || Want to submit a patch?