Skip to content
Browse files
http: Retry request (once) on error receiving response
A Juniper server has been encountered in the wild which sends an initial
302 redirect without Connection:close, but then just closes the connection
when it receives the next request.

This happens only for the first redirect to /dana-na/auth/… and not for
subsequent redirects through cookie-check and realm stuff. So instead of
a preemptive hack to avoid connection reuse for *all* redirects in NC,
just cope with it when it happens.

Since rq_retry is only set when the connection is already open, it won't
get set again the second time round, thus avoiding endless retries.

Fixes: #96

Signed-off-by: David Woodhouse <>
  • Loading branch information
dwmw2 committed Jan 15, 2020
1 parent 1da8ab7 commit 01ef9ea901a479fe067657d68211ecf30e32060d
Showing with 9 additions and 0 deletions.
  1. +9 −0 http.c
9 http.c
@@ -1085,6 +1085,15 @@ int do_https_request(struct openconnect_info *vpninfo, const char *method,

result = process_http_response(vpninfo, 0, http_auth_hdrs, buf);
if (result < 0) {
if (rq_retry) {
openconnect_close_https(vpninfo, 0);
vpn_progress(vpninfo, PRG_INFO,
_("Retrying failed %s request on new connection\n"),
/* All the way back to 'redirected' since we need to rebuild
* the request in 'buf' from scratch. */
goto redirected;
goto out;
if (vpninfo->dump_http_traffic && buf->pos)

0 comments on commit 01ef9ea

Please sign in to comment.