Ubuntu ARM版本如何运行openconnect-sso?

2023-03-01 14:12:18 浏览数 (1)

前言

  • 操作系统:Ubuntu 22.04 ARM64

1. 安装openconnect-sso

先安装anaconda或者miniconda,然后运行如下命令

代码语言:javascript复制
conda install -c conda-forge openconnect-sso

2. 解决openssl的bug

安装好后照理来说直接运行下面的命令就可以了

代码语言:javascript复制
openconnect-sso  --log-level DEBUG -s ngvpn30.vpn.nvidia.com -g SAML -u username@nvidia.com --browser-display-mode shown

但是我遇到了如下报错信息:

代码语言:javascript复制
Traceback (most recent call last):
  File "/home/parallels/miniconda3/lib/python3.9/site-packages/urllib3/connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
  File "/home/parallels/miniconda3/lib/python3.9/site-packages/urllib3/connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "/home/parallels/miniconda3/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1042, in _validate_conn
    conn.connect()
  File "/home/parallels/miniconda3/lib/python3.9/site-packages/urllib3/connection.py", line 414, in connect
    self.sock = ssl_wrap_socket(
  File "/home/parallels/miniconda3/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "/home/parallels/miniconda3/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "/home/parallels/miniconda3/lib/python3.9/ssl.py", line 501, in wrap_socket
    return self.sslsocket_class._create(
  File "/home/parallels/miniconda3/lib/python3.9/ssl.py", line 1041, in _create
    self.do_handshake()
  File "/home/parallels/miniconda3/lib/python3.9/ssl.py", line 1310, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1129)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/parallels/miniconda3/lib/python3.9/site-packages/requests/adapters.py", line 489, in send
    resp = conn.urlopen(
  File "/home/parallels/miniconda3/lib/python3.9/site-packages/urllib3/connectionpool.py", line 787, in urlopen
    retries = retries.increment(
  File "/home/parallels/miniconda3/lib/python3.9/site-packages/urllib3/util/retry.py", line 592, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='ngvpn30.vpn.nvidia.com', port=443): Max retries exceeded with url: /SAML (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1129)')))

解决办法如下:

  1. 新建一个openssl.cnf文件,可以放在任意位置,假如是/home/Desktop/openssl.cnf,文件里面需要做如下设置
代码语言:javascript复制
openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation
  1. 重新运行
代码语言:javascript复制
OPENSSL_CONF=/home/Desktop/openssl.cnf openconnect-sso  --log-level DEBUG -s ngvpn30.vpn.nvidia.com -g SAML -u username@nvidia.com --browser-display-mode shown

0 人点赞