Re: [PATCH 3/3 v2] add support for checking and submitting HIP reports

On Mon, Dec 18, 2017 at 8:47 AM, Daniel Lenski wrote: > Unlike CSD, the HIP security checker runs during the connection phase, not > during the authentication phase. This is a rather vexing difference between the GlobalProtect "security theater director" (HIP) and its

[PATCH 3/3 v2] add support for checking and submitting HIP reports

Unlike CSD, the HIP security checker runs during the connection phase, not during the authentication phase. Therefore we need to build the CSD token (an MD5 digest identifying the client) without relying on the authentication phase having run in the same process. We build it from the cookie