Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
force DTLS reconnect if the session ID we get from TLS changes
[dwmw2: Rewritten somewhat]
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
nmav authored and David Woodhouse committed Nov 18, 2014
1 parent b3f306d commit 038ba9e
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 11 deletions.
18 changes: 14 additions & 4 deletions cstp.c
Expand Up @@ -322,16 +322,26 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
if (dtlsmtu > mtu)
mtu = dtlsmtu;
} else if (!strcmp(buf + 7, "Session-ID")) {
int dtls_sessid_changed = 0;

if (strlen(colon) != 64) {
vpn_progress(vpninfo, PRG_ERR,
_("X-DTLS-Session-ID not 64 characters; is: \"%s\"\n"),
colon);
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
for (i = 0; i < 64; i += 2)
vpninfo->dtls_session_id[i/2] = unhex(colon + i);
for (i = 0; i < 64; i += 2) {
unsigned char c = unhex(colon + i);
if (vpninfo->dtls_session_id[i/2] != c) {
vpninfo->dtls_session_id[i/2] = c;
dtls_sessid_changed = 1;
}
}
sessid_found = 1;

if (dtls_sessid_changed && vpninfo->dtls_state > DTLS_SLEEPING)
vpninfo->dtls_need_reconnect = 1;
}
continue;
}
Expand Down Expand Up @@ -922,9 +932,9 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
do_dtls_reconnect:
/* succeeded, let's rekey DTLS, if it is not rekeying
* itself. */
if (vpninfo->dtls_state != DTLS_DISABLED &&
if (vpninfo->dtls_state > DTLS_SLEEPING &&
vpninfo->dtls_times.rekey_method == REKEY_NONE) {
dtls_reconnect(vpninfo);
vpninfo->dtls_need_reconnect = 1;
}

return 1;
Expand Down
13 changes: 7 additions & 6 deletions dtls.c
Expand Up @@ -586,7 +586,7 @@ void dtls_close(struct openconnect_info *vpninfo)
}
}

int dtls_reconnect(struct openconnect_info *vpninfo)
static int dtls_reconnect(struct openconnect_info *vpninfo)
{
dtls_close(vpninfo);
vpninfo->dtls_state = DTLS_SLEEPING;
Expand Down Expand Up @@ -685,6 +685,12 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
int work_done = 0;
char magic_pkt;

if (vpninfo->dtls_need_reconnect) {
vpninfo->dtls_need_reconnect = 0;
dtls_reconnect(vpninfo);
return 1;
}

if (vpninfo->dtls_state == DTLS_CONNECTING) {
dtls_try_handshake(vpninfo);
return 0;
Expand Down Expand Up @@ -903,11 +909,6 @@ int openconnect_setup_dtls(struct openconnect_info *vpninfo, int dtls_attempt_pe
return -EINVAL;
}

int dtls_reconnect(struct openconnect_info *vpninfo)
{
return -EINVAL;
}

void dtls_close(struct openconnect_info *vpninfo)
{
}
Expand Down
2 changes: 1 addition & 1 deletion openconnect-internal.h
Expand Up @@ -369,6 +369,7 @@ struct openconnect_info {
char *cstp_cipher;

int dtls_state;
int dtls_need_reconnect;
struct keepalive_info dtls_times;
unsigned char dtls_session_id[32];
unsigned char dtls_secret[48];
Expand Down Expand Up @@ -601,7 +602,6 @@ int dtls_try_handshake(struct openconnect_info *vpninfo);
int connect_dtls_socket(struct openconnect_info *vpninfo);
void dtls_close(struct openconnect_info *vpninfo);
void dtls_shutdown(struct openconnect_info *vpninfo);
int dtls_reconnect(struct openconnect_info *vpninfo);

/* cstp.c */
int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout);
Expand Down

0 comments on commit 038ba9e

Please sign in to comment.