Bug 234839 - security/openconnect: openconnect-8.00 on FreeBSD 12 doesn't do DTLS
Summary: security/openconnect: openconnect-8.00 on FreeBSD 12 doesn't do DTLS
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Ryan Steinmetz
Depends on:
Reported: 2019-01-10 23:24 UTC by John Hood
Modified: 2019-01-16 20:08 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (zi)


Note You need to log in before you can comment on or make changes to this bug.
Description John Hood 2019-01-10 23:24:12 UTC
OpenConnect 8.00 from latest packages on FreeBSD 12.0-RELEASE-p2 cannot negotiate DTLS, and falls back to a TLS over TCP session.  This is caused by compatibility issues with OpenSSL 1.1, which we select in our ports build (I'm not sure how, though).  Fortunately, I found this has just been fixed (yesterday!) in OpenConnect master with commit 917f15ad8937a0e57602a9c79bd7cb167b4d76b4, and will presumably be in the next release (>8.01).  We should take that patch and/or release, obviously.  Not high priority for me, I can bump along with a local build.
Comment 1 cgull 2019-01-16 19:18:15 UTC
OpenConnect 8.02 has been released.  Works for me with './configure --with-openssl' (the --with-vpnc-script option is no longer needed for FreeBSD).
Comment 2 commit-hook freebsd_committer 2019-01-16 20:08:26 UTC
A commit references this bug:

Author: zi
Date: Wed Jan 16 20:08:11 UTC 2019
New revision: 490507
URL: https://svnweb.freebsd.org/changeset/ports/490507

  - Update to 8.02

  PR:		234839
  Reported by:	John Hood <cgull@glup.org>