Re: [Fwknop-discuss] Proxy Authentication support
Brought to you by:
mbr
From: Michael R. <mb...@ci...> - 2009-10-29 13:16:00
|
On Oct 28, 2009, Jonathan Bennett wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 10/27/2009 11:37 PM, Michael Rash wrote: > > On Oct 22, 2009, Jonathan Bennett wrote: > > > > Michael, Hi Jonathan, > > I'm working on adding the "basic" and "NTLM" proxy authentication > > schemes to the fwknop client. I'm curious how you'd prefer the interface > > to work. I have an idea of how I'd like to do it: > > > > I suggest we allow an option like "--http-proxy=on" or > > "--http-proxy-on". If this option is specified, we look to the same > > environment variables that wget uses. It's set with something like > > export http_proxy="http://proxy.example.com:8080" > > If authentication is needed: > > export http_proxy="username:password@http://proxy.example.com:8080" > > > >> I think your idea of having the fwknop client check for the same env > >> variables that wget uses is a good one. Perhaps the command line args > >> below should be honored first, followed by checking for the environmental > >> variables? > I agree. Here's what I'm working on. If '--HTTP-proxy http://proxy.com' > is specified, fwknop uses it. However, if '--HTTP-proxy' is used, > without the proxy url specified, fwknop gets the proxy from the > environment variable. > > > > I think it would good to also allow the proxy information to be > > specified as an option, much like "--http-proxy" is used now. Perhaps > > "--http-proxy-user <proxy userid>" and "--http-proxy-password <proxy > > password>". > > > >> Sure, those arguments are similar to those that wget supports. > > > > There are some other details that I'm still working out. I'm wading > > through the "basic" authentication rfc to make sure I implement it properly. > > (http://www.ietf.org/rfc/rfc2617.txt) > > > > I look forward to your input, > > > >> I will post a new -pre release soon that contains your other fix for > >> acquiring the proxy host and the end URL properly. Here is the changeset > >> for this fix: > > > >> http://trac.cipherdyne.org/trac/fwknop-c/changeset/160 > I grabbed the new file, and have a couple questions. First, in the Perl > client, if '--HTTP-proxy http://proxy.com' is specified, but '--HTTP' is > not, the proxy setting is ignored without error. Is this intentional? It > might be nice to at least warn the user. > > Second, is the C port going to replace the perl client, or are they > going to be maintained in parallel? Should I be implementing the proxy > support in the C client instead? For a while the perl client will be maintained, but mostly for bug fixes or to fix design flaws. However, the goal is to replace the perl version with the new C implementation both for the fwknop client and the fwknopd server. This will allow SPA to be brought to all sorts of systems where perl is just too heavyweight to run. And, a lot of firewall admins don't like to install perl, so having compiled binaries helps these people out too. The fwknop C client is fully functional already, and steady progress is being made on the server as well. New -pre releases of the fwknop code will be made from the fwknop-c repository. So, I suppose it would be best to submit patches against the C code, but I will certainly accept patches against the perl code too and then I will translate them to the C code (for those that prefer to write perl). Thanks, --Mike > >> Thanks, > > > >> --Mike > > > > > > Jonathan Bennett > >> > - > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > > > ------------------------------------------------------------------------------ > > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > > is the only developer event you need to attend this year. Jumpstart your > > developing skills, take BlackBerry mobile applications to market and stay > > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > > http://p.sf.net/sfu/devconference > > _______________________________________________ > > Fwknop-discuss mailing list > > Fwk...@li... > > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkrohUwACgkQhFXk1UR7WbflhwCeLhk16Go0uTSOEjNKvTSdzITJ > ++0AoJKcuBr/2lKAThCZXTDKIC6/ryUZ > =0y7o > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss |