Unable to connect - "Server presented different cert on rehandshake"
Hello,
I'm getting an error Server presented different cert on rehandshake
from version v8.05-93-g88201052
which can be seen in the logs below. I also tried some other commits and branches mentioned in other issues with no success.
System info:
uname -a
Linux pacific 5.3.0-42-generic #34~18.04.1-Ubuntu SMP Fri Feb 28 13:42:26 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
openconnect info:
./openconnect --version
OpenConnect version v8.05-93-g88201052
Using GnuTLS. Features present: PKCS#11, HOTP software token, TOTP software token, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse
Logs ..
openconnect -c pkcs11:id=%01 --protocol=pulse --servercert sha256:xxx -vvv vpn.company
Attempting to connect to server xxx.xxx.xxx.xxx:443
Connected to xxx.xxx.xxx.xxx:443
Using PKCS#11 certificate pkcs11:id=%01;type=cert
Trying PKCS#11 key URL pkcs11:id=%01;type=private
PIN required for PIV Card Holder pin (PIV_II)
Enter PIN:
Using PKCS#11 key pkcs11:id=%01;type=private
Using client certificate '...'
Got no issuer from PKCS#11
SSL negotiation with vpn.company
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.company
Got HTTP response: HTTP/1.1 101 Switching Protocols
Content-type: application/octet-stream
Pragma: no-cache
Upgrade: IF-T/TLS 1.0
Connection: Upgrade
Strict-Transport-Security: max-age=31536000
> 0000: 00 00 55 97 00 00 00 01 00 00 00 14 00 00 00 00 |..U.............|
> 0010: 00 01 02 02 |....|
IF-T/TLS version from server: 2
> 0000: 00 00 0a 4c 00 00 00 88 00 00 00 3d 00 00 00 01 |...L.......=....|
> 0010: 63 6c 69 65 6e 74 48 6f 73 74 4e 61 6d 65 3d 70 |clientHostName=f|
> 0020: 61 63 69 66 69 63 20 63 6c 69 65 6e 74 49 70 3d |oo clientIp=|
> 0030: 31 39 32 2e 31 36 38 2e 31 2e 33 0a 00 |192.168.1.3..|
> 0000: 00 00 55 97 00 00 00 06 00 00 00 22 00 00 00 02 |..U........"....|
> 0010: 00 0a 4c 01 02 01 00 0e 01 61 6e 6f 6e 79 6d 6f |..L......anonymo|
> 0020: 75 73 |us|
> 0000: 00 00 55 97 00 00 00 06 00 00 00 f8 00 00 00 03 |..U.............|
> 0010: 00 0a 4c 01 02 02 00 e4 15 00 16 03 01 00 d9 01 |..L.............|
> 0020: 00 00 d5 03 03 5e 79 29 e3 8b 0a 98 16 12 0c 91 |.....^y)........|
> 0030: fc b5 f3 82 07 8c fa 5f 5e 94 7f a5 af 14 37 02 |......._^.....7.|
> 0040: c1 46 ab 8a ce 00 00 6a c0 2c c0 87 cc a9 c0 ad |.F.....j.,......|
> 0050: c0 0a c0 2b c0 86 c0 ac c0 09 c0 23 c0 72 c0 08 |...+.......#.r..|
> 0060: c0 30 c0 8b cc a8 c0 14 c0 2f c0 8a c0 13 c0 27 |.0......./.....'|
> 0070: c0 76 c0 12 00 9d c0 7b c0 9d 00 35 00 3d 00 84 |.v.....{...5.=..|
> 0080: 00 c0 00 9c c0 7a c0 9c 00 2f 00 3c 00 41 00 ba |.....z.../.<.A..|
> 0090: 00 0a 00 9f c0 7d cc aa c0 9f 00 39 00 6b 00 88 |.....}.....9.k..|
> 00a0: 00 c4 00 9e c0 7c c0 9e 00 33 00 67 00 45 00 be |.....|...3.g.E..|
> 00b0: 00 16 01 00 00 42 00 05 00 05 01 00 00 00 00 ff |.....B..........|
> 00c0: 01 00 01 00 00 23 00 00 00 0a 00 0c 00 0a 00 17 |.....#..........|
> 00d0: 00 18 00 19 00 15 00 13 00 0b 00 02 01 00 00 0d |................|
> 00e0: 00 16 00 14 04 01 04 03 05 01 05 03 06 01 06 03 |................|
> 00f0: 03 01 03 03 02 01 02 03 |........|
Server presented different cert on rehandshake
Failed to establish EAP-TTLS session
Failed to obtain WebVPN cookie