Add support to client certificates

ogarcia commented 9 years ago

Hi,

If after that line https://github.com/russdill/juniper-vpn-py/blob/master/juniper-vpn.py#L117 you add this code:

self.br.add_client_certificate('https://'
  + self.args.host,"/path/to/client/key.pem","/path/to/client/cert.pem")

Your python then add suppor to client certificates. Only need put pretty to set as options.

Note: Is important remove password in client key.

Furthermore, I think that do this:

while True:
  action = self.next_action()
  if action == 'tncc':
    self.action_tncc()
  elif action == 'login':
    self.action_login()
  elif action == 'key':
    self.action_key()
  elif action == 'continue':
    self.action_continue()
  elif action == 'connect':
    self.action_connect()

Is a problem because if your connection breaks in any moment after some hours connected, your cookie is invalid and cannot connect again, and the process is always trying reconnect. I add a break after self.action_connect() and use systemd to control process.

themiurgo commented 9 years ago

:+1: works for me too.

xortim commented 9 years ago

Client cert support would definitely be nice

russdill commented 8 years ago

I've noticed a very different kind of client certificate requirement and merged support in 86e16b21f8ecb60db55aa60039cf580b36e1cec3

cardonator commented 8 years ago

@russdill I still seem to be having an issue. My juniper host checks for a client certificate after login. Even passing them such as

TNCC_FUNK=1 TNCC_CERTS=key.crt.pem,key.key.pem openconnect --juniper --user myuser --csd-wrapper tncc.py juniper.example.com

after putting my passwords in I get

SSL negotiation with juniper.example.com Connected to HTTPS on juniper.example.com Failed to read from SSL socket: Rehandshake was requested by the peer. Error fetching HTTPS response Failed to obtain WebVPN cookie

russdill / juniper-vpn-py

Add support to client certificates #1