On Sun, 2013-03-03 at 18:56 -0800, Kevin Cernekee wrote: > On Sun, Mar 3, 2013 at 4:50 PM, David Woodhouse <dwmw2 at infradead.org> wrote: > > Thanks. Please could you make sure you test the version I just pushed > > out to the git repository a few minutes ago. Kevin, please could you > > look over that (particularly commit ed14a3013c) too? > > The current head of tree works OK for me. Thanks. > > If the XML POST fails and we try a GET, we need to handle redirects for > > that too. So re-use the same loop. Except the bit about not allowing local > > redirects. Why do we do that for the XML POST case anyway? > > The official Cisco AnyConnect client seems to do something like: > ... That's useful information. I'll probably try to put some of that into the comments in the code. Thanks. > - Some servers appear to be set up to reject clients that aren't > using XML POST (you'll get Login Denied even with a valid l/p). This > might be related to the use of hostscan/CSD, and the desire to use the > newer hostscan implementations which are tightly integrated into > AnyConnect. Yeah, we might end up wanting to have our own hostscan implementation at some point. I'm hoping it can be a separate project to openconnect though... :) -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6171 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20130304/1b2c7a09/attachment-0001.bin>
