}
}
+static void dump_buf(struct openconnect_info *vpninfo, char prefix, char *buf)
+{
+ while (*buf) {
+ char *eol = buf;
+ char eol_char = 0;
+
+ while (*eol) {
+ if (*eol == '\r' || *eol == '\n') {
+ eol_char = *eol;
+ *eol = 0;
+ break;
+ }
+ eol++;
+ }
+
+ vpn_progress(vpninfo, PRG_TRACE, "%c %s\n", prefix, buf);
+ if (!eol_char)
+ break;
+
+ *eol = eol_char;
+ buf = eol + 1;
+ if (eol_char == '\r' && *buf == '\n')
+ buf++;
+ }
+}
+
/* Inputs:
* method: GET or POST
* vpninfo->hostname: Host DNS name
}
}
+ if (vpninfo->dump_http_traffic)
+ dump_buf(vpninfo, '>', buf->data);
+
result = openconnect_SSL_write(vpninfo, buf->data, buf->pos);
if (rq_retry && result < 0) {
openconnect_close_https(vpninfo, 0);
/* We'll already have complained about whatever offended us */
return buflen;
}
+ if (vpninfo->dump_http_traffic && *form_buf)
+ dump_buf(vpninfo, '<', *form_buf);
if (result != 200 && vpninfo->redirect_url) {
result = handle_redirect(vpninfo);
OPT_CSD_WRAPPER,
OPT_DISABLE_IPV6,
OPT_DTLS_CIPHERS,
+ OPT_DUMP_HTTP,
OPT_FORCE_DPD,
OPT_KEY_PASSWORD_FROM_FSID,
OPT_LIBPROXY,
OPTION("token-secret", 1, OPT_TOKEN_SECRET),
OPTION("os", 1, OPT_OS),
OPTION("no-xmlpost", 0, OPT_NO_XMLPOST),
+ OPTION("dump-http-traffic", 0, OPT_DUMP_HTTP),
OPTION(NULL, 0, 0)
};
printf(" -u, --user=NAME %s\n", _("Set login username"));
printf(" -V, --version %s\n", _("Report version number"));
printf(" -v, --verbose %s\n", _("More output"));
+ printf(" --dump-http-traffic %s\n", _("Dump HTTP authentication traffic (implies --verbose"));
printf(" -x, --xmlconfig=CONFIG %s\n", _("XML config file"));
printf(" --authgroup=GROUP %s\n", _("Choose authentication login selection"));
printf(" --authenticate %s\n", _("Authenticate only and print login info"));
case 'q':
verbose = PRG_ERR;
break;
+ case OPT_DUMP_HTTP:
+ vpninfo->dump_http_traffic = 1;
case 'v':
verbose = PRG_TRACE;
break;
char *csd_wrapper;
int uid_csd_given;
int no_http_keepalive;
+ int dump_http_traffic;
int token_mode;
int token_bypassed;
.OP \-\-disable\-ipv6
.OP \-\-dtls\-ciphers list
.OP \-\-dtls\-local\-port port
+.OP \-\-dump\-http\-traffic
.OP \-\-no\-cert\-check
.OP \-\-no\-dtls
.OP \-\-no\-http\-keepalive
.B \-\-dtls\-ciphers=LIST
Set OpenSSL ciphers to support for DTLS
.TP
+.B \-\-dtls\-local\-port=PORT
+Use
+.I PORT
+as the local port for DTLS datagrams
+.TP
+.B \-\-dump\-http\-traffic
+Enable verbose output of all HTTP requests and the bodies of all responses
+received from the server.
+.TP
.B \-\-no\-cert\-check
Do not require server SSL certificate to be valid. Checks will still happen
and failures will cause a warning message, but the connection will continue
OS type to report to gateway. Recognized values are: linux, linux-64, mac,
win. Reporting a different OS type may affect the security policy applied
to the VPN session.
-.TP
-.B \-\-dtls\-local\-port=PORT
-Use
-.I PORT
-as the local port for DTLS datagrams
-
.SH LIMITATIONS
Note that although IPv6 has been tested on all platforms on which
.B openconnect
<ul>
<li><b>OpenConnect HEAD</b>
<ul>
+ <li>Add <tt>--dump-http-traffic</tt> option for debugging.</li>
<li>Be more permissive in parsing XML forms.</li>
<li>Use original URL when falling back to non-XML POST mode.</li>
<li>Add <tt>--no-xmlpost</tt> option to revert to older, compatible behaviour.</li>