From 4b02c05b544927f4669c6d98fac1124080c93df2 Mon Sep 17 00:00:00 2001
From: Benjamin Mako Hill <mako@atdot.cc>
Date: Wed, 19 Apr 2023 10:03:40 -0700
Subject: [PATCH] fix issue with openssl

The scripts seem to be relying on a legacy openssl renegotiation
protocol and this allows it to continue. I don't know if this a
requirement on the NU side or a feature of these scripts but this
works around it in the shorter term.
---
 openssl.conf  | 11 +++++++++++
 ssh-vpn-proxy |  4 +++-
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 openssl.conf

diff --git a/openssl.conf b/openssl.conf
new file mode 100644
index 0000000..9a6b314
--- /dev/null
+++ b/openssl.conf
@@ -0,0 +1,11 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+Options = UnsafeLegacyRenegotiation
+
diff --git a/ssh-vpn-proxy b/ssh-vpn-proxy
index 3548b40..819d175 100755
--- a/ssh-vpn-proxy
+++ b/ssh-vpn-proxy
@@ -1,5 +1,7 @@
 #!/bin/bash 
 
+export OPENSSL_CONF="${HOME}/bin/nu-vpn-proxy/openssl.conf"
+# this allows for legacy renegotation which seems to be required now
 SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
 
 # connects to SSH through openconnect and VPN
@@ -7,7 +9,7 @@ SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
 
 
 # first run openconnect
-/sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid -S --startas "$HOME/bin/nu-vpn-proxy/openconnect_command-ssh.sh" &  
+/sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid -S --startas "${HOME}/bin/nu-vpn-proxy/openconnect_command-ssh.sh" &  
 sleep 2
 
 # kill connection on exit
-- 
2.39.5