fix issue with openssl

The scripts seem to be relying on a legacy openssl renegotiation
protocol and this allows it to continue. I don't know if this a
requirement on the NU side or a feature of these scripts but this
works around it in the shorter term.

diff --git a/openssl.conf b/openssl.conf
new file mode 100644 (file)
index 0000000..9a6b314
--- /dev/null
+++ b/openssl.conf
@@ -0,0 +1,11 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+Options = UnsafeLegacyRenegotiation
+

diff --git a/ssh-vpn-proxy b/ssh-vpn-proxy
index 3548b40ec1a01de31807ffc40195cc432de0d4b3..819d175bd445fa57bab660263d6610db5fe7f44a 100755 (executable)
--- a/ssh-vpn-proxy
+++ b/ssh-vpn-proxy
@@ -1,5 +1,7 @@
 #!/bin/bash 
 
 #!/bin/bash 
 

+export OPENSSL_CONF="${HOME}/bin/nu-vpn-proxy/openssl.conf"
+# this allows for legacy renegotation which seems to be required now

 SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
 
 # connects to SSH through openconnect and VPN
 SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
 
 # connects to SSH through openconnect and VPN


@@ -7,7 +9,7 @@ SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
 
 
 # first run openconnect
 
 
 # first run openconnect

-/sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid -S --startas "$HOME/bin/nu-vpn-proxy/openconnect_command-ssh.sh" &  
+/sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid -S --startas "${HOME}/bin/nu-vpn-proxy/openconnect_command-ssh.sh" &  

 sleep 2
 
 # kill connection on exit
 sleep 2
 
 # kill connection on exit