Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fortinet requires us to check for an HTTP error response only over TLS
If the Fortinet PPP connection request *succeeds* over TLS, there is no HTTP response before we start exchanging PPP packets. If it *fails*, there is an HTTP response. If the Fortinet PPP connection request is over DTLS, a 'svrhello' response is expected regardless of whether it succeeded or failed. This is handled by fortinet_dtls_catch_svrhello() Let's only check for that HTTP response in Fortinet if we're definitely connecting over TLS. The "proceeding to tunnel stage" test in 'fortinet-auth-config-tests' verifies the correctness of the HTTP response parsing behavior. Fortinet connection response matrix ("Don't blame me, I didn't design this."): \ TRANSPORT STATUS \ TLS DTLS + --------------- ------------------- Success | immediate → PPP SVRHELLO 'ok' → PPP Failure | HTTP response SVRHELLO 'fail' Signed-off-by: Daniel Lenski <dlenski@gmail.com>
- Loading branch information