Add a script for patching networkmanager-openconnect

allow_insecure_crypto.patch

@@ -0,0 +1,25 @@
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index fa26426..6c4ae72 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -1970,6 +1970,8 @@ static gpointer init_connection (auth_ui_data *ui_data)
+ 
+ int main (int argc, char **argv)
+ {
++	g_setenv ("OPENSSL_CONF", "/usr/local/etc/ssl/openssl_insecure_crypto.cnf", FALSE);
++
+ 	char *vpn_name = NULL, *vpn_uuid = NULL, *vpn_service = NULL;
+ 	GHashTable *options = NULL, *secrets = NULL;
+ 	gboolean allow_interaction = FALSE;
+diff --git a/src/nm-openconnect-service.c b/src/nm-openconnect-service.c
+index 05e8095..ba87e93 100644
+--- a/src/nm-openconnect-service.c
++++ b/src/nm-openconnect-service.c
+@@ -447,6 +447,7 @@ nm_openconnect_start_openconnect_binary (NMOpenconnectPlugin *plugin,
+ 
+ 	openconnect_argv = g_ptr_array_new ();
+ 	g_ptr_array_add (openconnect_argv, (gpointer) (*openconnect_binary));
++	g_ptr_array_add (openconnect_argv, (gpointer) "--allow-insecure-crypto");
+ 
+ 	protocol = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_PROTOCOL);
+ 	if (protocol && strcmp (protocol, "anyconnect")) {

install.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+if [ ! "$UID" -eq 0 ]
+then
+    sudo bash "$BASH_SOURCE";
+else
+    scriptRoot="$(realpath "${BASH_SOURCE%/*}")";
+    workingDir="$(pwd)";
+    contextDir="$(mktemp -d)";
+    patchFile="allow_insecure_crypto.patch";
+    patchedConfig="openssl_insecure_crypto.cnf";
+    chmod a+rwx "$contextDir"
+
+    git clone https://aur.archlinux.org/networkmanager-openconnect-useragent-git.git "$contextDir";
+    cd "$contextDir";
+    cp "$scriptRoot/$patchFile" .;
+    cp "$scriptRoot/$patchedConfig" .;
+
+    sed -i \
+        -e "s/^\(source=(.*\)\()\)/\1 \"local:\/\/$patchFile\" \"local:\/\/$patchedConfig\"\2/" \
+        -e "s/^\(sha256sums=(.*\)\()\)/\1 'SKIP' 'SKIP'\2/" \
+        -e "/^build() {/{" \
+            -e 'a\' \
+            -e '  cd NetworkManager-openconnect\' \
+            -e '  git apply "${srcdir}/'"$patchFile"'"\' \
+            -e "  cd .." \
+        -e "}" \
+        -e "/^package() {/{" \
+            -e 'a mkdir -p "${pkgdir}/usr/local/etc/ssl"' \
+            -e 'a cp "${srcdir}/'"$patchedConfig"'" "${pkgdir}/usr/local/etc/ssl/openssl_insecure_crypto.cnf"' \
+        -e "}" \
+        PKGBUILD
+    echo "$contextDir";
+fi;

openssl_insecure_crypto.cnf

@@ -0,0 +1,13 @@
+# Custom configuration to solve some problems while using openconnect-sso.
+# See: https://github.com/vlaci/openconnect-sso/issues/81#issuecomment-1363355533
+
+openssl_conf = openssl_init
+
+[openssl_init]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+Options = UnsafeLegacyRenegotiation