Bug#980513: libgnutls30: _gnutls_sort_clist Assertion with openconnect GlobalProtect VPN
Matt
tardarsauce at gmail.com
Wed Jan 20 01:42:14 GMT 2021
Package: libgnutls30
Version: 3.7.0-5
Severity: important
X-Debbugs-Cc: tardarsauce at gmail.com
Dear Maintainer,
After an upgrade to 3.7.0-5, I can no longer connect to a GlobalProtect VPN with openconnect.
This is the output from a connection attempt (with identifying information removed):
$ sudo openconnect --protocol gp -u <username> <url>
POST https://<url>/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux
Connected to <ip>:443
SSL negotiation with <url>
openconnect: ../../../lib/x509/common.c:1794: _gnutls_sort_clist: Assertion `k == clist_size' failed.
Aborted
The connection works if I downgrade libgnutls30 to 3.6.15-5
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (900, 'testing'), (600, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.9.0-5-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libgnutls30 depends on:
ii libc6 2.31-9
ii libgmp10 2:6.2.1+dfsg-1
ii libhogweed6 3.6-2
ii libidn2-0 2.3.0-5
ii libnettle8 3.6-2
ii libp11-kit0 0.23.22-1
ii libtasn1-6 4.16.0-2
ii libunistring2 0.9.10-4
libgnutls30 recommends no packages.
Versions of packages libgnutls30 suggests:
pn gnutls-bin <none>
-- no debconf information
More information about the Pkg-gnutls-maint
mailing list