Add a script for patching networkmanager-openconnect
This commit is contained in:
parent
14d41b41f7
commit
baca906ad5
3 changed files with 71 additions and 0 deletions
25
allow_insecure_crypto.patch
Normal file
25
allow_insecure_crypto.patch
Normal file
|
@ -0,0 +1,25 @@
|
|||
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
|
||||
index fa26426..6c4ae72 100644
|
||||
--- a/auth-dialog/main.c
|
||||
+++ b/auth-dialog/main.c
|
||||
@@ -1970,6 +1970,8 @@ static gpointer init_connection (auth_ui_data *ui_data)
|
||||
|
||||
int main (int argc, char **argv)
|
||||
{
|
||||
+ g_setenv ("OPENSSL_CONF", "/usr/local/etc/ssl/openssl_insecure_crypto.cnf", FALSE);
|
||||
+
|
||||
char *vpn_name = NULL, *vpn_uuid = NULL, *vpn_service = NULL;
|
||||
GHashTable *options = NULL, *secrets = NULL;
|
||||
gboolean allow_interaction = FALSE;
|
||||
diff --git a/src/nm-openconnect-service.c b/src/nm-openconnect-service.c
|
||||
index 05e8095..ba87e93 100644
|
||||
--- a/src/nm-openconnect-service.c
|
||||
+++ b/src/nm-openconnect-service.c
|
||||
@@ -447,6 +447,7 @@ nm_openconnect_start_openconnect_binary (NMOpenconnectPlugin *plugin,
|
||||
|
||||
openconnect_argv = g_ptr_array_new ();
|
||||
g_ptr_array_add (openconnect_argv, (gpointer) (*openconnect_binary));
|
||||
+ g_ptr_array_add (openconnect_argv, (gpointer) "--allow-insecure-crypto");
|
||||
|
||||
protocol = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_PROTOCOL);
|
||||
if (protocol && strcmp (protocol, "anyconnect")) {
|
33
install.sh
Executable file
33
install.sh
Executable file
|
@ -0,0 +1,33 @@
|
|||
#!/bin/bash
|
||||
if [ ! "$UID" -eq 0 ]
|
||||
then
|
||||
sudo bash "$BASH_SOURCE";
|
||||
else
|
||||
scriptRoot="$(realpath "${BASH_SOURCE%/*}")";
|
||||
workingDir="$(pwd)";
|
||||
contextDir="$(mktemp -d)";
|
||||
patchFile="allow_insecure_crypto.patch";
|
||||
patchedConfig="openssl_insecure_crypto.cnf";
|
||||
chmod a+rwx "$contextDir"
|
||||
|
||||
git clone https://aur.archlinux.org/networkmanager-openconnect-useragent-git.git "$contextDir";
|
||||
cd "$contextDir";
|
||||
cp "$scriptRoot/$patchFile" .;
|
||||
cp "$scriptRoot/$patchedConfig" .;
|
||||
|
||||
sed -i \
|
||||
-e "s/^\(source=(.*\)\()\)/\1 \"local:\/\/$patchFile\" \"local:\/\/$patchedConfig\"\2/" \
|
||||
-e "s/^\(sha256sums=(.*\)\()\)/\1 'SKIP' 'SKIP'\2/" \
|
||||
-e "/^build() {/{" \
|
||||
-e 'a\' \
|
||||
-e ' cd NetworkManager-openconnect\' \
|
||||
-e ' git apply "${srcdir}/'"$patchFile"'"\' \
|
||||
-e " cd .." \
|
||||
-e "}" \
|
||||
-e "/^package() {/{" \
|
||||
-e 'a mkdir -p "${pkgdir}/usr/local/etc/ssl"' \
|
||||
-e 'a cp "${srcdir}/'"$patchedConfig"'" "${pkgdir}/usr/local/etc/ssl/openssl_insecure_crypto.cnf"' \
|
||||
-e "}" \
|
||||
PKGBUILD
|
||||
echo "$contextDir";
|
||||
fi;
|
13
openssl_insecure_crypto.cnf
Normal file
13
openssl_insecure_crypto.cnf
Normal file
|
@ -0,0 +1,13 @@
|
|||
# Custom configuration to solve some problems while using openconnect-sso.
|
||||
# See: https://github.com/vlaci/openconnect-sso/issues/81#issuecomment-1363355533
|
||||
|
||||
openssl_conf = openssl_init
|
||||
|
||||
[openssl_init]
|
||||
ssl_conf = ssl_sect
|
||||
|
||||
[ssl_sect]
|
||||
system_default = system_default_sect
|
||||
|
||||
[system_default_sect]
|
||||
Options = UnsafeLegacyRenegotiation
|
Loading…
Reference in a new issue