Article <vd3r49$3bfpp$1@paganini.bofh.team>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <vd3r49$3bfpp$1@paganini.bofh.team>

Deutsch English Français Italiano

<vd3r49$3bfpp$1@paganini.bofh.team>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!news.roellig-ltd.de!open-news-network.org!weretis.net!feeder8.news.weretis.net!newsfeed.bofh.team!paganini.bofh.team!not-for-mail
From: Anton Shepelev <anton.txt@gmail.moc>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Configuring OpenSSL to connect to an old server
Date: Thu, 26 Sep 2024 14:29:30 -0000 (UTC)
Organization: To protect and to server
Sender: 9dIQLXBM7WM9KzA+yjdR4A
Message-ID: <vd3r49$3bfpp$1@paganini.bofh.team>
Injection-Date: Thu, 26 Sep 2024 14:29:30 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="3522361"; posting-host="lIS4Kz0c6D3FLXnm9cJWJA.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: tin/2.6.3-20231224 ("Banff") (FreeBSD/14.1-RELEASE (amd64))
X-Notice: Filtered by postfilter v. 0.9.3
Bytes: 2452
Lines: 49

Hello, all

I am trying to connect to my work network via OpenConnect from
my FreeBSD 14.1 RELEASE.  The command that used to work an other
OS:
	echo XXXXXXX | \
	openconnect -vvvv --authgroup REM \
	--servercert pin-sha256:XXXXXXXXXXXXXXX= \
	-u anton --passwd-on-stdin X.X.X.X

now fails with:

	00202139C9090000:
	error:
	0A000152:
	SSL routines:
	final_renegotiate:
	unsafe legacy renegotiation disabled:
	/usr/src/crypto/openssl/ssl/statem/extensions.c:894:

I found suggestions on StackOverflow to specify one of the
following lines in the config file:

	Options = UnsafeLegacyRenegotiation
	Options = UnsafeLegacyServerConnect

Niether help, but both change changed to:

	0020E1F579080000:
	error:
	0A00014D:SSL routines:
	tls_process_key_exchange:
	legacy sigalg disallowed or unsupported:
	/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:2255:

Also in connection with this problem, the option
SSL_OP_LEGACY_SERVER_CONNECT is mentioned. It is disabled by default
since OpenSSL 3.0, and I have 3.0.13 .  But how can I set these
OpenSSL options?  There is a C API for it, ssl_set_options(3), but
I cannot find information on setting them in the configuration file
or the environment. Can you help?

In fact, I couldn't find either of the options mentioned on SO:

	>man -wK UnsafeLegacy

yields nothing.  Futhermore, the `openssl' man page references
config(5), but on this FreeBSD it is not about OpenSSL, but about
the Kernel configuration file format.  Is it an error in the doc.
distritution, or am I using `man' wrong?