Comments (3)
This error is still happening.
Started happening today after a system upgrade.
A quick hint would help to know if this is related to the vpn gateway using old TLS chipers or something similar.
/usr/lib/gp-saml-gui/test-globalprotect-login.py --user=user_name --clientos=Linux -p '' https://vpn_gateway_url prelogin-cookie=pre_login_cookie
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/urllib3/connectionpool.py", line 703, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3.10/site-packages/urllib3/connectionpool.py", line 386, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1042, in _validate_conn
conn.connect()
File "/usr/lib/python3.10/site-packages/urllib3/connection.py", line 414, in connect
self.sock = ssl_wrap_socket(
File "/usr/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(
File "/usr/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.10/ssl.py", line 1071, in _create
self.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/requests/adapters.py", line 489, in send
resp = conn.urlopen(
File "/usr/lib/python3.10/site-packages/urllib3/connectionpool.py", line 787, in urlopen
retries = retries.increment(
File "/usr/lib/python3.10/site-packages/urllib3/util/retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='vpn_gateway_DNS_fqdn', port=443): Max retries exceeded with url: /ssl-vpn/login.esp (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/gp-saml-gui/test-globalprotect-login.py", line 81, in <module>
res = s.post(endpoint.geturl(), verify=args.verify, data=data)
File "/usr/lib/python3.10/site-packages/requests/sessions.py", line 635, in post
return self.request("POST", url, data=data, json=json, **kwargs)
File "/usr/lib/python3.10/site-packages/requests/sessions.py", line 587, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.10/site-packages/requests/sessions.py", line 701, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.10/site-packages/requests/adapters.py", line 563, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='vpn_gateway_DNS_fqdn', port=443): Max retries exceeded with url: /ssl-vpn/login.esp (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)')))
Pkg versions:
openconnect --version
OpenConnect version v9.01
Using GnuTLS 3.8.0. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
Default vpnc-script (override with --script): /etc/vpnc/vpnc-script
pacman -Q|ag gp-saml-gui-git
gp-saml-gui-git r70.f1fafba-1
openssl 3.0.8-1
openssl-1.1 1.1.1.t-1
python-pyopenssl 23.0.0-1
python-requests 2.28.2-1
from gp-saml-gui.
@stefancocora
What you need to do is to follow this workaround: https://stackoverflow.com/a/72245418/2657875
from gp-saml-gui.
Thanks @michal-devel
I've already followed the workaround and it works with a local openssl.conf file.
I meant my previous post as a question and maybe help for the developer to remove this issue that is coming from some of the python libraries.
from gp-saml-gui.
Related Issues (20)
- Install fails under Ubuntu 23.10 with ERROR: Dependency 'gobject-introspection-1.0' is required but not found. HOT 1
- After successful login screen stuck out HOT 1
- misleading openconnect_command print with -E HOT 2
- Add to Gentoo package repository HOT 1
- not working all of a sudden HOT 7
- Tested in Debian 12 and it does not open display HOT 1
- AttributeError: 'NoneType' object has no attribute 'get_content_type'
- HTTP body length: (0) HOT 10
- Microsoft SAML contains XML in comment HOT 4
- Can it use not webkit but Firefox? HOT 3
- Include needed apt dependencies for ubuntu HOT 1
- Cannot set verify_mode to CERT_NONE when check_hostname is enabled. HOT 3
- webkit crash with some nvidia drivers HOT 1
- Empty login screen HOT 1
- fgets (stdin): Inappropriate ioctl for device HOT 3
- Add support for using private keys encrypted with fsid
- 'Unexpected 200 result from server' on openconnect
- Blank SAML Login Window HOT 3
- Need to pass --csd-wrapper=(wrapper) command-line argument HOT 1
- Ubuntu 24.04 support HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gp-saml-gui.