fix issue with openssl

The scripts seem to be relying on a legacy openssl renegotiation protocol and this allows it to continue. I don't know if this a requirement on the NU side or a feature of these scripts but this works around it in the shorter term.
2023-04-19 10:03:40 -07:00 · 2023-04-19 10:03:40 -07:00 · 4b02c05b54
commit 4b02c05b54
parent 3a52ba3fb9
2 changed files with 14 additions and 1 deletions
--- a/openssl.conf
+++ b/openssl.conf
@ -0,0 +1,11 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+Options = UnsafeLegacyRenegotiation
+
--- a/4
+++ b/4
@ -1,5 +1,7 @@
 #!/bin/bash 

+export OPENSSL_CONF="${HOME}/bin/nu-vpn-proxy/openssl.conf"
+# this allows for legacy renegotation which seems to be required now
 SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."

 # connects to SSH through openconnect and VPN
@ -7,7 +9,7 @@ SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."


 # first run openconnect
-/sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid -S --startas "$HOME/bin/nu-vpn-proxy/openconnect_command-ssh.sh" &  
+/sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid -S --startas "${HOME}/bin/nu-vpn-proxy/openconnect_command-ssh.sh" &  
 sleep 2

 # kill connection on exit