return result;
}
+ if (vpninfo->noxmlpost)
+ goto fail;
+
/*
* Step 2: Probe for XML POST compatibility
*
OPT_NO_HTTP_KEEPALIVE,
OPT_NO_PASSWD,
OPT_NO_PROXY,
+ OPT_NO_XMLPOST,
OPT_PIDFILE,
OPT_PASSWORD_ON_STDIN,
OPT_PRINTCOOKIE,
OPTION("token-mode", 1, OPT_TOKEN_MODE),
OPTION("token-secret", 1, OPT_TOKEN_SECRET),
OPTION("os", 1, OPT_OS),
+ OPTION("no-xmlpost", 0, OPT_NO_XMLPOST),
OPTION(NULL, 0, 0)
};
printf(" --no-http-keepalive %s\n", _("Disable HTTP connection re-use"));
printf(" --no-passwd %s\n", _("Disable password/SecurID authentication"));
printf(" --no-cert-check %s\n", _("Do not require server SSL cert to be valid"));
+ printf(" --no-xmlpost %s\n", _("Do not attempt XML POST authentication"));
printf(" --non-inter %s\n", _("Do not expect user input; exit if it is required"));
printf(" --passwd-on-stdin %s\n", _("Read password from standard input"));
printf(" --token-mode=MODE %s\n", _("Software token type: rsa or totp"));
case OPT_NO_PASSWD:
vpninfo->nopasswd = 1;
break;
+ case OPT_NO_XMLPOST:
+ vpninfo->noxmlpost = 1;
+ break;
case OPT_NON_INTER:
non_inter = 1;
break;
char *password;
char *authgroup;
int nopasswd;
+ int noxmlpost;
char *dtls_ciphers;
uid_t uid_csd;
char *csd_wrapper;
.OP \-\-no\-dtls
.OP \-\-no\-http\-keepalive
.OP \-\-no\-passwd
+.OP \-\-no\-xmlpost
.OP \-\-non\-inter
.OP \-\-passwd\-on\-stdin
.OP \-\-token-mode mode
.B \-\-no\-passwd
Never attempt password (or SecurID) authentication.
.TP
+.B \-\-no\-xmlpost
+Do not attempt to post an XML authentication/configuration request to the
+server; use the old style GET method which was used by older clients and
+servers instead.
+
+This option is a temporary safety net, to work around potential
+compatibility issues with the code which falls back to the old method
+automatically. It causes OpenConnect to behave more like older
+versions (4.08 and below) did. If you find that you need to use this
+option, then you have found a bug in OpenConnect. Please see
+http://www.infradead.org/openconnect/mail.html and report this to the
+developers.
+.TP
.B \-\-non\-inter
Do not expect user input; exit if it is required.
.TP
<ul>
<li><b>OpenConnect HEAD</b>
<ul>
+ <li>Add <tt>--no-xmlpost</tt> option to revert to older, compatible behaviour.</li>
<li>Close connection before falling back to non-xmlpost mode <a href="https://bugzilla.redhat.com/show_bug.cgi?id=964650"><i>(RH#964650)</i></a>.</li>
<li>Improve error handling when server closes connection <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708928"><i>(Debian #708928)</i></a>.</li>
</ul><br/>
projects / users / dwmw2 / openconnect.git / commitdiff