Commit 15a029ac authored by David Woodhouse's avatar David Woodhouse

Add vpninfo arg to openconnect_SSL_{printf,gets} functions

Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 8975fb81
......@@ -111,24 +111,24 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
}
retry:
openconnect_SSL_printf(vpninfo->https_ssl, "CONNECT /CSCOSSLC/tunnel HTTP/1.1\r\n");
openconnect_SSL_printf(vpninfo->https_ssl, "Host: %s\r\n", vpninfo->hostname);
openconnect_SSL_printf(vpninfo->https_ssl, "User-Agent: %s\r\n", vpninfo->useragent);
openconnect_SSL_printf(vpninfo->https_ssl, "Cookie: webvpn=%s\r\n", vpninfo->cookie);
openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Version: 1\r\n");
openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Hostname: %s\r\n", vpninfo->localname);
openconnect_SSL_printf(vpninfo, "CONNECT /CSCOSSLC/tunnel HTTP/1.1\r\n");
openconnect_SSL_printf(vpninfo, "Host: %s\r\n", vpninfo->hostname);
openconnect_SSL_printf(vpninfo, "User-Agent: %s\r\n", vpninfo->useragent);
openconnect_SSL_printf(vpninfo, "Cookie: webvpn=%s\r\n", vpninfo->cookie);
openconnect_SSL_printf(vpninfo, "X-CSTP-Version: 1\r\n");
openconnect_SSL_printf(vpninfo, "X-CSTP-Hostname: %s\r\n", vpninfo->localname);
if (vpninfo->deflate)
openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n");
openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-MTU: %d\r\n", vpninfo->mtu);
openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Address-Type: %s\r\n",
openconnect_SSL_printf(vpninfo, "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n");
openconnect_SSL_printf(vpninfo, "X-CSTP-MTU: %d\r\n", vpninfo->mtu);
openconnect_SSL_printf(vpninfo, "X-CSTP-Address-Type: %s\r\n",
vpninfo->disable_ipv6?"IPv4":"IPv6,IPv4");
openconnect_SSL_printf(vpninfo->https_ssl, "X-DTLS-Master-Secret: ");
openconnect_SSL_printf(vpninfo, "X-DTLS-Master-Secret: ");
for (i = 0; i < sizeof(vpninfo->dtls_secret); i++)
openconnect_SSL_printf(vpninfo->https_ssl, "%02X", vpninfo->dtls_secret[i]);
openconnect_SSL_printf(vpninfo->https_ssl, "\r\nX-DTLS-CipherSuite: %s\r\n\r\n",
openconnect_SSL_printf(vpninfo, "%02X", vpninfo->dtls_secret[i]);
openconnect_SSL_printf(vpninfo, "\r\nX-DTLS-CipherSuite: %s\r\n\r\n",
vpninfo->dtls_ciphers?:"AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA");
if (openconnect_SSL_gets(vpninfo->https_ssl, buf, 65536) < 0) {
if (openconnect_SSL_gets(vpninfo, buf, 65536) < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error fetching HTTPS response\n"));
if (!retried) {
......@@ -150,7 +150,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
if (!strncmp(buf, "HTTP/1.1 503 ", 13)) {
/* "Service Unavailable. Why? */
const char *reason = "<unknown>";
while ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) {
while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
if (!strncmp(buf, "X-Reason: ", 10)) {
reason = buf + 10;
break;
......@@ -174,7 +174,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
/* We may have advertised it, but we only do it if the server agrees */
vpninfo->deflate = 0;
while ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) {
while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
struct vpn_option *new_option;
char *colon = strchr(buf, ':');
if (!colon)
......
......@@ -115,7 +115,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
int i;
cont:
if (openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)) < 0) {
if (openconnect_SSL_gets(vpninfo, buf, sizeof(buf)) < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error fetching HTTPS response\n"));
return -EINVAL;
......@@ -134,7 +134,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
_("Got HTTP response: %s\n"), buf);
/* Eat headers... */
while ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) {
while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
char *colon;
if (i < 0) {
......@@ -261,7 +261,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
}
} else if (bodylen == BODY_CHUNKED) {
/* ... else, chunked */
while ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) {
while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
int chunklen, lastchunk = 0;
if (i < 0) {
......@@ -289,7 +289,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
done += i;
}
skip:
if ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) {
if ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
if (i < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error fetching HTTP response body\n"));
......
......@@ -277,8 +277,8 @@ int cstp_reconnect(struct openconnect_info *vpninfo);
/* ssl.c */
int __attribute__ ((format (printf, 2, 3)))
openconnect_SSL_printf(SSL *ssl, const char *fmt, ...);
int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len);
openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...);
int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len);
int openconnect_open_https(struct openconnect_info *vpninfo);
void openconnect_close_https(struct openconnect_info *vpninfo);
int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
......
......@@ -61,7 +61,7 @@
We could use cURL for the HTTP stuff, but it's overkill */
int __attribute__ ((format (printf, 2, 3)))
openconnect_SSL_printf(SSL *ssl, const char *fmt, ...)
openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...)
{
char buf[1024];
va_list args;
......@@ -71,7 +71,7 @@ int __attribute__ ((format (printf, 2, 3)))
va_start(args, fmt);
vsnprintf(buf, 1023, fmt, args);
va_end(args);
return SSL_write(ssl, buf, strlen(buf));
return SSL_write(vpninfo->https_ssl, buf, strlen(buf));
}
......@@ -88,7 +88,7 @@ void report_ssl_errors(struct openconnect_info *vpninfo)
ERR_print_errors_cb(print_err, vpninfo);
}
int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len)
int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len)
{
int i = 0;
int ret;
......@@ -96,7 +96,7 @@ int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len)
if (len < 2)
return -EINVAL;
while ( (ret = SSL_read(ssl, buf + i, 1)) == 1) {
while ( (ret = SSL_read(vpninfo->https_ssl, buf + i, 1)) == 1) {
if (buf[i] == '\n') {
buf[i] = 0;
if (i && buf[i-1] == '\r') {
......@@ -113,7 +113,7 @@ int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len)
}
}
if (ret == 0) {
ret = -SSL_get_error(ssl, ret);
ret = -SSL_get_error(vpninfo->https_ssl, ret);
}
buf[i] = 0;
return i ?: ret;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment