X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=TODO;h=c10b8ce1ef94d8ecb5a0c6a92ba6b5b8ed1847fd;hb=8a2395563cbaef0b56da21d56df2eea10a2c3c20;hp=c1694e3d727c5da39c40f895f59a0ae2d72d242d;hpb=9362752a471a5c892d679548fbf2828d5fc5684b;p=platform%2Fupstream%2Fconnman.git

diff --git a/TODO b/TODO
old mode 100644
new mode 100755
index c1694e3..c10b8ce
--- a/TODO
+++ b/TODO
@@ -194,6 +194,41 @@ VPN
    ids and passphrases.
 
 
+- Change OpenConnect plugin to use libopenconnect
+
+   Priority: Medium
+   Complexity: C4
+
+   Current implementation of OpenConnect uses screenscraping and interactive
+   mode for accepting self signed certificates and reacting to PKCS pass
+   phrase requests. This should be replaced with libopenconnect use. It may be
+   worthwhile to attempt to replace the whole authentication with the use of
+   openconnect_obtain_cookie() whatever authentication type is used. This
+   would lead to using only the cookie when connecting (--cookie-on-stdin)
+   and would cleanup the code at run_connect().
+
+   The usage of stdout can be removed as unnecessary. Cookie should be
+   retrieved with openconnect_obtain_cookie(). Remove this also from
+   connman_task_run().
+
+   Function is_valid_protocol() must use openconnect_get_supported_protocols.
+   Also the static const char *protocols[] would be unnecessary.
+
+   Reading the stderr with byte-by-byte approach is to be removed, as well as
+   are the PKCS failures and requests in stderr IO channel processing.
+
+   The use of interactive mode toggle is to be removed. Non-interactive mode
+   must be used, which leads to using --syslog with each authentication type
+   as task arg.
+
+   If the peer certificate cannot be verified with normal means it is because
+   the peer certificate is self signed and the user setting
+   "AllowSelfSignedCert" has to be used for the verify certificate callback
+   reply. The callback for certificate validation must return zero if user has
+   allowed self signed certificates. In such case save the SHA1 fingerprint of
+   server certificate as it is done now, otherwise indicate error to
+   libopenconnect.
+
 Tools
 =====