{"disable-ipv6", 0, 0, 0x05},
{"no-proxy", 0, 0, 0x06},
{"libproxy", 0, 0, 0x07},
+ {"no-http-keepalive", 0, 0, 0x08},
{NULL, 0, 0, 0},
};
printf(" --disable-ipv6 Do not ask for IPv6 connectivity\n");
printf(" --dtls-ciphers=LIST OpenSSL ciphers to support for DTLS\n");
printf(" --no-dtls Disable DTLS\n");
+ printf(" --no-http-keepalive Disable HTTP connection re-use\n");
printf(" --no-passwd Disable password/SecurID authentication\n");
printf(" --passwd-on-stdin Read password from standard input\n");
printf(" --reconnect-timeout Connection retry timeout in seconds\n");
autoproxy = 1;
proxy = NULL;
break;
+ case 0x08:
+ fprintf(stderr, "Disabling all HTTP connection re-use due to --no-http-keepalive option.\n"
+ "If this helps, please report to <openconnect-devel@lists.infradead.org>.\n");
+ vpninfo->no_http_keepalive = 1;
+ break;
case 's':
vpninfo->vpnc_script = optarg;
break;
.B --no-dtls
]
[
+.B --no-http-keepalive
+]
+[
.B --no-passwd
]
[
.B --no-dtls
Disable DTLS
.TP
+.B --no-http-keepalive
+Version 8.2.2.5 of the Cisco ASA software has a bug where it will forget
+the client's SSL certificate when HTTP connections are being re-used for
+multiple requests. So far, this has only been seen on the initial connection,
+where the server gives an HTTP/1.0 redirect response with an explicit
+.B Connection: Keep-Alive
+directive. OpenConnect as of v2.22 has an unconditional workaround for this,
+which is never to obey that directive after an HTTP/1.0 response.
+
+However, Cisco's support team has failed to give any competent
+response to the bug report and we don't know under what other
+circumstances their bug might manifest itself. So this option exists
+to disable ALL re-use of HTTP sessions and cause a new connection to be
+made for each request. If your server seems not to be recognising your
+certificate, try this option. If it makes a difference, please report
+this information to the
+.B openconnect-devel@lists.infradead.org
+mailing list.
+.TP
.B --no-passwd
Never attempt password (or SecurID) authentication
.TP