On Fri, Jan 13, 2017 at 6:11 AM, David Woodhouse <dwmw2 at infradead.org> wrote: > On Wed, 2017-01-11 at 11:50 -0800, Daniel Lenski wrote: >> >> Add a new public function, openconnect_get_supported_protocols(), >> which >> returns a list of protocols supported by the client. Each supported >> protocol has a short name (as accepted by the --protocol command-line >> option), description, and list of flags; currently, the only flags >> are: >> >> * OPENCONNECT_PROTO_TCP (TCP transport supported) >> * OPENCONNECT_PROTO_UDP (UDP transport supported) > > Hm, does the caller really care about those? Perhaps not. I mostly added these for demonstration purposes. I was thinking the client might care about HTTPS-based support, since this would allow the VPN to work over a proxy, but I don't see any good reason for a front end to care about UDP. > What might make more sense > is a set of flags indicating which authentication features are > meaningful for each protocol ? can it support certificate auth, can it > support OTP, can it support CSD, etc. I will add these. Is it possible for an HTTPS-based protocol *not* to support client certificates, though? Thanks, Dan