19 Jul
2023
19 Jul
'23
11:14 a.m.
Hi Daniel, Have you considered using AUTH_SWITCH_REQUEST for that purpose? That would allow redirect to happen after switch to TLS and client/server certificate validation. Server: server hello packet Client: switches to tls, sends client hello packet Server: sends authentication switch request, plugin name: "client_connect_redirect_plugin", plugin data: a string with new connection url Server closes connection ( or: client sends redirect confirmation auth plugin response message, server sends err packet and closes connection ) Clients that do not support redirect would show error message similar to "server wants client_connect_redirect_plugin authentication that this client does not allow". Andrey