Proxy improvements:

Improved the ability of http-auth "auto" flag to dynamically detect
the auth method required by the proxy.

Added http-auth "auto-nct" flag to reject weak proxy auth methods.

Added HTTP proxy digest authentication method.

Removed extraneous openvpn_sleep calls from proxy.c.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5628 e7ae566f-a301-0410-adde-c780ea21d3b5

1 files changed, 12 insertions, 5 deletions

diff --git a/proxy.h b/proxy.h
index c2afaec..480cda1 100644
--- a/proxy.h
+++ b/proxy.h
@@ -55,18 +55,24 @@ void show_win_proxy_settings (const int msglevel);
 #ifdef ENABLE_HTTP_PROXY
 
 /* HTTP CONNECT authentication methods */
-#define HTTP_AUTH_NONE  0
-#define HTTP_AUTH_BASIC 1
-#define HTTP_AUTH_NTLM  2
-#define HTTP_AUTH_N     3
-#define HTTP_AUTH_NTLM2 4
+#define HTTP_AUTH_NONE   0
+#define HTTP_AUTH_BASIC  1
+#define HTTP_AUTH_DIGEST 2
+#define HTTP_AUTH_NTLM   3
+#define HTTP_AUTH_NTLM2  4
+#define HTTP_AUTH_N      5 /* number of HTTP_AUTH methods */
 
 struct http_proxy_options {
   const char *server;
   int port;
   bool retry;
   int timeout;
+
+# define PAR_NO  0  /* don't support any auth retries */
+# define PAR_ALL 1  /* allow all proxy auth protocols */
+# define PAR_NCT 2  /* disable cleartext proxy auth protocols */
   bool auth_retry;
+
   const char *auth_method_string;
   const char *auth_file;
   const char *http_version;
@@ -78,6 +84,7 @@ struct http_proxy_info {
   int auth_method;
   struct http_proxy_options options;
   struct user_pass up;
+  char *proxy_authenticate;
 };
 
 struct http_proxy_info *http_proxy_new (const struct http_proxy_options *o,