getting beyond 'XML response has no "auth" node'
Daniel Lenski
dlenski at gmail.com
Tue Jun 27 09:47:44 PDT 2017
On Jun 24, 2017 2:52 PM, "David Woodhouse" <dwmw2 at infradead.org> wrote:
> On Sat, 2017-06-24 at 22:58 +0200, Geert Stappers wrote:
> >
> >
> > I do understand that I missed it previously _and_ shouldn't have to :-/
>
> If you're saying you shouldn't have to specify the protocol... yeah, I
> can sympathise with that. We should implement autodetection.
I am still up for writing the autodetect, but would like to know if
you have any strong opinions about the interface. My ideas:
- openconnect should try to autodetect the VPN type if --protocol is
not explicitly specified, and should short-circuit out and continue as
soon as vpninfo->proto->autodetect(vpninfo) confirms support for some
protocol
- autodetect functions should use HTTPS and leave the connection in a
keep-alive state where it can continue
- autodetect functions should just hit a single web page and see if it
returns an expected result for that protocol.
- autodetect should not depend on login credentials, certificates,
etc. in any way
- the output of the --authenticate option should set a PROTOCOL
variable (in addition to HOST, COOKIE, FINGERPRINT)
How's that?
-Dan
More information about the openconnect-devel
mailing list