[PATCH v3 1/2] enumerate supported VPN protocols via openconnect_get_supported_protocols()
Daniel Lenski
dlenski at gmail.com
Sat Jan 14 00:14:59 PST 2017
On Fri, Jan 13, 2017 at 6:11 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Wed, 2017-01-11 at 11:50 -0800, Daniel Lenski wrote:
>>
>> Add a new public function, openconnect_get_supported_protocols(),
>> which
>> returns a list of protocols supported by the client. Each supported
>> protocol has a short name (as accepted by the --protocol command-line
>> option), description, and list of flags; currently, the only flags
>> are:
>>
>> * OPENCONNECT_PROTO_TCP (TCP transport supported)
>> * OPENCONNECT_PROTO_UDP (UDP transport supported)
>
> Hm, does the caller really care about those?
Perhaps not. I mostly added these for demonstration purposes. I was
thinking the client might care about HTTPS-based support, since this
would allow the VPN to work over a proxy, but I don't see any good
reason for a front end to care about UDP.
> What might make more sense
> is a set of flags indicating which authentication features are
> meaningful for each protocol — can it support certificate auth, can it
> support OTP, can it support CSD, etc.
I will add these. Is it possible for an HTTPS-based protocol *not* to
support client certificates, though?
Thanks,
Dan
More information about the openconnect-devel
mailing list