diff --git a/cstp.c b/cstp.c index 018cb58f..8caf3ee1 100644 --- a/cstp.c +++ b/cstp.c @@ -111,24 +111,24 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) } retry: - openconnect_SSL_printf(vpninfo->https_ssl, "CONNECT /CSCOSSLC/tunnel HTTP/1.1\r\n"); - openconnect_SSL_printf(vpninfo->https_ssl, "Host: %s\r\n", vpninfo->hostname); - openconnect_SSL_printf(vpninfo->https_ssl, "User-Agent: %s\r\n", vpninfo->useragent); - openconnect_SSL_printf(vpninfo->https_ssl, "Cookie: webvpn=%s\r\n", vpninfo->cookie); - openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Version: 1\r\n"); - openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Hostname: %s\r\n", vpninfo->localname); + openconnect_SSL_printf(vpninfo, "CONNECT /CSCOSSLC/tunnel HTTP/1.1\r\n"); + openconnect_SSL_printf(vpninfo, "Host: %s\r\n", vpninfo->hostname); + openconnect_SSL_printf(vpninfo, "User-Agent: %s\r\n", vpninfo->useragent); + openconnect_SSL_printf(vpninfo, "Cookie: webvpn=%s\r\n", vpninfo->cookie); + openconnect_SSL_printf(vpninfo, "X-CSTP-Version: 1\r\n"); + openconnect_SSL_printf(vpninfo, "X-CSTP-Hostname: %s\r\n", vpninfo->localname); if (vpninfo->deflate) - openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n"); - openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-MTU: %d\r\n", vpninfo->mtu); - openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Address-Type: %s\r\n", + openconnect_SSL_printf(vpninfo, "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n"); + openconnect_SSL_printf(vpninfo, "X-CSTP-MTU: %d\r\n", vpninfo->mtu); + openconnect_SSL_printf(vpninfo, "X-CSTP-Address-Type: %s\r\n", vpninfo->disable_ipv6?"IPv4":"IPv6,IPv4"); - openconnect_SSL_printf(vpninfo->https_ssl, "X-DTLS-Master-Secret: "); + openconnect_SSL_printf(vpninfo, "X-DTLS-Master-Secret: "); for (i = 0; i < sizeof(vpninfo->dtls_secret); i++) - openconnect_SSL_printf(vpninfo->https_ssl, "%02X", vpninfo->dtls_secret[i]); - openconnect_SSL_printf(vpninfo->https_ssl, "\r\nX-DTLS-CipherSuite: %s\r\n\r\n", + openconnect_SSL_printf(vpninfo, "%02X", vpninfo->dtls_secret[i]); + openconnect_SSL_printf(vpninfo, "\r\nX-DTLS-CipherSuite: %s\r\n\r\n", vpninfo->dtls_ciphers?:"AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA"); - if (openconnect_SSL_gets(vpninfo->https_ssl, buf, 65536) < 0) { + if (openconnect_SSL_gets(vpninfo, buf, 65536) < 0) { vpn_progress(vpninfo, PRG_ERR, _("Error fetching HTTPS response\n")); if (!retried) { @@ -150,7 +150,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) if (!strncmp(buf, "HTTP/1.1 503 ", 13)) { /* "Service Unavailable. Why? */ const char *reason = ""; - while ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) { + while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) { if (!strncmp(buf, "X-Reason: ", 10)) { reason = buf + 10; break; @@ -174,7 +174,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) /* We may have advertised it, but we only do it if the server agrees */ vpninfo->deflate = 0; - while ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) { + while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) { struct vpn_option *new_option; char *colon = strchr(buf, ':'); if (!colon) diff --git a/http.c b/http.c index 42afd471..c817fb57 100644 --- a/http.c +++ b/http.c @@ -115,7 +115,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, int i; cont: - if (openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)) < 0) { + if (openconnect_SSL_gets(vpninfo, buf, sizeof(buf)) < 0) { vpn_progress(vpninfo, PRG_ERR, _("Error fetching HTTPS response\n")); return -EINVAL; @@ -134,7 +134,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, _("Got HTTP response: %s\n"), buf); /* Eat headers... */ - while ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) { + while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) { char *colon; if (i < 0) { @@ -261,7 +261,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, } } else if (bodylen == BODY_CHUNKED) { /* ... else, chunked */ - while ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) { + while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) { int chunklen, lastchunk = 0; if (i < 0) { @@ -289,7 +289,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, done += i; } skip: - if ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) { + if ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) { if (i < 0) { vpn_progress(vpninfo, PRG_ERR, _("Error fetching HTTP response body\n")); diff --git a/openconnect-internal.h b/openconnect-internal.h index b033f78e..2a68b96d 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -277,8 +277,8 @@ int cstp_reconnect(struct openconnect_info *vpninfo); /* ssl.c */ int __attribute__ ((format (printf, 2, 3))) - openconnect_SSL_printf(SSL *ssl, const char *fmt, ...); -int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len); + openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...); +int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len); int openconnect_open_https(struct openconnect_info *vpninfo); void openconnect_close_https(struct openconnect_info *vpninfo); int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert, diff --git a/ssl.c b/ssl.c index df3df29f..9738e6c0 100644 --- a/ssl.c +++ b/ssl.c @@ -61,7 +61,7 @@ We could use cURL for the HTTP stuff, but it's overkill */ int __attribute__ ((format (printf, 2, 3))) - openconnect_SSL_printf(SSL *ssl, const char *fmt, ...) + openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...) { char buf[1024]; va_list args; @@ -71,7 +71,7 @@ int __attribute__ ((format (printf, 2, 3))) va_start(args, fmt); vsnprintf(buf, 1023, fmt, args); va_end(args); - return SSL_write(ssl, buf, strlen(buf)); + return SSL_write(vpninfo->https_ssl, buf, strlen(buf)); } @@ -88,7 +88,7 @@ void report_ssl_errors(struct openconnect_info *vpninfo) ERR_print_errors_cb(print_err, vpninfo); } -int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len) +int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len) { int i = 0; int ret; @@ -96,7 +96,7 @@ int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len) if (len < 2) return -EINVAL; - while ( (ret = SSL_read(ssl, buf + i, 1)) == 1) { + while ( (ret = SSL_read(vpninfo->https_ssl, buf + i, 1)) == 1) { if (buf[i] == '\n') { buf[i] = 0; if (i && buf[i-1] == '\r') { @@ -113,7 +113,7 @@ int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len) } } if (ret == 0) { - ret = -SSL_get_error(ssl, ret); + ret = -SSL_get_error(vpninfo->https_ssl, ret); } buf[i] = 0; return i ?: ret;