Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
library: Add openconnect_get_dnsname()
openconnect_get_hostname() usually returns an IP, because it is used
for two-stage connections.  Add a new API call that returns a hostname
so certificate validation can be handled externally.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
cernekee authored and David Woodhouse committed May 6, 2016
1 parent 1837060 commit 2e89d13
Show file tree
Hide file tree
Showing 5 changed files with 29 additions and 0 deletions.
1 change: 1 addition & 0 deletions java/src/org/infradead/libopenconnect/LibOpenConnect.java
Expand Up @@ -139,6 +139,7 @@ public synchronized native void setMobileInfo(String mobilePlatformVersion,
/* connection info */

public synchronized native String getHostname();
public synchronized native String getDNSName();
public synchronized native String getUrlpath();
public synchronized native int getPort();
public synchronized native String getCookie();
Expand Down
8 changes: 8 additions & 0 deletions jni.c
Expand Up @@ -1084,6 +1084,14 @@ JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getHo
RETURN_STRING_END
}

JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getDNSName(
JNIEnv *jenv, jobject jobj)
{
RETURN_STRING_START
buf = openconnect_get_dnsname(ctx->vpninfo);
RETURN_STRING_END
}

JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getUrlpath(
JNIEnv *jenv, jobject jobj)
{
Expand Down
1 change: 1 addition & 0 deletions libopenconnect.map.in
Expand Up @@ -78,6 +78,7 @@ OPENCONNECT_5_3 {
global:
openconnect_override_getaddrinfo;
openconnect_get_cstp_compression;
openconnect_get_dnsname;
openconnect_get_dtls_compression;
openconnect_disable_ipv6;
openconnect_set_localname;
Expand Down
5 changes: 5 additions & 0 deletions library.c
Expand Up @@ -376,6 +376,11 @@ const char *openconnect_get_hostname(struct openconnect_info *vpninfo)
return vpninfo->unique_hostname?:vpninfo->hostname;
}

const char *openconnect_get_dnsname(struct openconnect_info *vpninfo)
{
return vpninfo->hostname;
}

int openconnect_set_hostname(struct openconnect_info *vpninfo,
const char *hostname)
{
Expand Down
14 changes: 14 additions & 0 deletions openconnect.h
Expand Up @@ -45,6 +45,7 @@ extern "C" {
* - Add ip_info->gateway_addr.
* - Add openconnect_set_setup_tun_handler().
* - Add openconnect_set_reconnected_handler().
* - Add openconnect_get_dnsname().
*
* API version 5.2 (v7.05; 2015-03-10):
* - Add openconnect_set_http_auth(), openconnect_set_protocol().
Expand Down Expand Up @@ -391,7 +392,20 @@ const char *openconnect_get_dtls_cipher(struct openconnect_info *);
const char *openconnect_get_cstp_compression(struct openconnect_info *);
const char *openconnect_get_dtls_compression(struct openconnect_info *);

/* Returns the IP address of the exact host to which the connection
* was made. In --cookieonly mode or in any other scenario involving
* a "two stage" connection, it is important to reconnect by IP because
* the server side may be using DNS trickery for load balancing.
*
* If the IP address is unavailable due to the use of a proxy, this will
* fall back to returning the DNS name. */
const char *openconnect_get_hostname(struct openconnect_info *);

/* Returns the hostname parsed out of the server name URL. This is
* intended to be used by the validate_peer_cert callback to check that
* the certificate matches the server name. */
const char *openconnect_get_dnsname(struct openconnect_info *);

int openconnect_set_hostname(struct openconnect_info *, const char *);
char *openconnect_get_urlpath(struct openconnect_info *);
int openconnect_set_urlpath(struct openconnect_info *, const char *);
Expand Down

0 comments on commit 2e89d13

Please sign in to comment.