407095 – Openconnect fails with Unknown certificate hash: pin-sha256:*

Bug 407095 - Openconnect fails with Unknown certificate hash: pin-sha256:*

Summary: Openconnect fails with Unknown certificate hash: pin-sha256:*

Status:	REPORTED

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	Networking in general (show other bugs)
Version:	master
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	1.0
Assignee:	Jan Grulich

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-04-30 14:28 UTC by jellby
Modified:	2024-12-23 18:23 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description jellby 2019-04-30 14:28:53 UTC

SUMMARY

I have an openconnect VPN connection that is currently failing with:

openconnect[6521]: Unknown certificate hash: pin-sha256:**************************************************.

This only happens for one particular user, a new user can connect correctly.

Furthermore, the reason for the failure only appears in the log file, there's no visual feedback, other than after entering username and password, the window vanishes and nothing happens.

STEPS TO REPRODUCE

I'm not 100% sure, but I suspect this happens because I first tried to use a newer openconnect version, that supports "pin-sha256", but when I now try using the right version I get the above error. It looks like the certificate hash was stored in the new format and it is now not recognized, but I cannot find where it is stored, or how to remove it!

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Kubuntu 18.04
(available in About System)
KDE Plasma Version: 5.12.7
KDE Frameworks Version: 5.44.0
Qt Version: 5.9.5

Comment 1 Ben Cooksley 2024-12-23 18:23:35 UTC

Bulk transfer as requested in T17796