Re: [Fwknop-discuss] Proxy Authentication support
Brought to you by:
mbr
From: Jonathan B. <jbs...@gm...> - 2009-10-28 17:54:38
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/27/2009 11:37 PM, Michael Rash wrote: > On Oct 22, 2009, Jonathan Bennett wrote: > > Michael, > I'm working on adding the "basic" and "NTLM" proxy authentication > schemes to the fwknop client. I'm curious how you'd prefer the interface > to work. I have an idea of how I'd like to do it: > > I suggest we allow an option like "--http-proxy=on" or > "--http-proxy-on". If this option is specified, we look to the same > environment variables that wget uses. It's set with something like > export http_proxy="http://proxy.example.com:8080" > If authentication is needed: > export http_proxy="username:password@http://proxy.example.com:8080" > >> I think your idea of having the fwknop client check for the same env >> variables that wget uses is a good one. Perhaps the command line args >> below should be honored first, followed by checking for the environmental >> variables? I agree. Here's what I'm working on. If '--HTTP-proxy http://proxy.com' is specified, fwknop uses it. However, if '--HTTP-proxy' is used, without the proxy url specified, fwknop gets the proxy from the environment variable. > > I think it would good to also allow the proxy information to be > specified as an option, much like "--http-proxy" is used now. Perhaps > "--http-proxy-user <proxy userid>" and "--http-proxy-password <proxy > password>". > >> Sure, those arguments are similar to those that wget supports. > > There are some other details that I'm still working out. I'm wading > through the "basic" authentication rfc to make sure I implement it properly. > (http://www.ietf.org/rfc/rfc2617.txt) > > I look forward to your input, > >> I will post a new -pre release soon that contains your other fix for >> acquiring the proxy host and the end URL properly. Here is the changeset >> for this fix: > >> http://trac.cipherdyne.org/trac/fwknop-c/changeset/160 I grabbed the new file, and have a couple questions. First, in the Perl client, if '--HTTP-proxy http://proxy.com' is specified, but '--HTTP' is not, the proxy setting is ignored without error. Is this intentional? It might be nice to at least warn the user. Second, is the C port going to replace the perl client, or are they going to be maintained in parallel? Should I be implementing the proxy support in the C client instead? > >> Thanks, > >> --Mike > > > Jonathan Bennett >> - ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Fwknop-discuss mailing list Fwk...@li... https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkrohUwACgkQhFXk1UR7WbflhwCeLhk16Go0uTSOEjNKvTSdzITJ ++0AoJKcuBr/2lKAThCZXTDKIC6/ryUZ =0y7o -----END PGP SIGNATURE----- |