On Mon, 2014-09-08 at 15:43 +0400, Alexander Rumyantsev wrote: > > I ran into situation, when my proxy sends "Connection: close" while > trying to authenticate in spite of openconnect?s "Connection: > keep-alive" request. > Openconnect first receives HTTP 407 Authentication Required for > parsing available auth methods, then tries to send request with > Proxy-Authorization header within closing connection and we get "Error > fetching HTTPS response". > > Openconnect have either to send "Proxy-Authorization" immediately, or > to handle "Connection: close" Hopefully the latter is fixed already by http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/091cd79d There is possibly still merit in exploring the option of sending Proxy-Authentication immediately, to reduce the latency of OpenConnect (re)opening connections. I'd like to see it be a little less of hack though. Let's start with making it work for the second and subsequent connections, having 'learned' the authentication options the first time ? and *then* let's look at "jump-starting" it from the command line. If we've made a successful authentication by a given method when we ought to go straight to using that method on the next connection attempt. And even if it's Digest, we should be looking for a Proxy-Authenticate-Info: which will tell us the *next* nonce so we can even do authentication straight away for Digest auth. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140908/23dd59a4/attachment.bin>
