• Daniel Lenski's avatar
    Add `openconnect_get_auth_expiration` function to library and JNI · f152cf7d
    Daniel Lenski authored
    This allows protocols to save the moment when a session's authentication
    (`vpninfo->cookie`) is expected to expire and no longer be useful for
    The motivation is to eventually allow front-ends to know whether
    reauthentication is needed, or whether they should try using a cached
    Current state:
    - AnyConnect protocol: expiration is determined from the CONNECT
      response header `X-CSTP-Session-Timeout-Remaining` (with
      `X-CSTP-Session-Timeout` or `X-CSTP-Lease-Duration` as upper bounds in its
    - GlobalProtect protocol: expiration is determined from the `<lifetime>` tag of
      the XML config.
    - Juniper Network Connect protocol: no currently known way to determine
      expiration. The `DSID` cookie is a standard HTTP cookie, so perhaps its
      expiration timestamp is intended for this purpose; however, I can find
      no real-world case where it has an expiration timestamp set.
    - None of the currently-supported protocols provide the expiration
      timestamp until the connection phase, so it can't be obtained for
      export by the `--authenticate` option.
    Signed-off-by: default avatarDaniel Lenski <dlenski@gmail.com>
Last commit
Last update
LibTest.java Loading commit data...