Commit 3b00004b authored by David Woodhouse's avatar David Woodhouse

Use callbacks in vpninfo for ssl_{read,write,gets} methods

Slightly cleaner, and will allow us to use process_http_response() for
unencrypted communication with a proxy too.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent b9783781
......@@ -219,9 +219,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
buf_append(buf, sizeof(buf), "\r\nX-DTLS-CipherSuite: %s\r\n\r\n",
vpninfo->dtls_ciphers ? : DEFAULT_CIPHER_LIST);
openconnect_SSL_write(vpninfo, buf, strlen(buf));
vpninfo->ssl_write(vpninfo, buf, strlen(buf));
if ((i = openconnect_SSL_gets(vpninfo, buf, 65536)) < 0) {
if ((i = vpninfo->ssl_gets(vpninfo, buf, 65536)) < 0) {
if (i == -EINTR)
return i;
vpn_progress(vpninfo, PRG_ERR,
......@@ -245,7 +245,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
if (!strncmp(buf, "HTTP/1.1 503 ", 13)) {
/* "Service Unavailable. Why? */
const char *reason = "<unknown>";
while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
if (!strncmp(buf, "X-Reason: ", 10)) {
reason = buf + 10;
break;
......@@ -270,7 +270,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
vpninfo->deflate = 0;
mtu = 0;
while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
struct oc_vpn_option *new_option;
char *colon;
......
......@@ -56,7 +56,7 @@ static P11KitPin *pin_callback(const char *pin_source, P11KitUri *pin_uri,
#include "openconnect-internal.h"
/* Helper functions for reading/writing lines over SSL. */
int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len)
static int openconnect_gnutls_write(struct openconnect_info *vpninfo, char *buf, size_t len)
{
size_t orig_len = len;
......@@ -92,7 +92,7 @@ int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t le
return orig_len;
}
int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len)
static int openconnect_gnutls_read(struct openconnect_info *vpninfo, char *buf, size_t len)
{
int done;
......@@ -134,7 +134,7 @@ int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len
return done;
}
int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len)
static int openconnect_gnutls_gets(struct openconnect_info *vpninfo, char *buf, size_t len)
{
int i = 0;
int ret;
......@@ -1975,6 +1975,9 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
vpninfo->ssl_fd = ssl_sock;
vpninfo->ssl_read = openconnect_gnutls_read;
vpninfo->ssl_write = openconnect_gnutls_write;
vpninfo->ssl_gets = openconnect_gnutls_gets;
return 0;
}
......
......@@ -188,7 +188,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
int i;
cont:
if (openconnect_SSL_gets(vpninfo, buf, sizeof(buf)) < 0) {
if (vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)) < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error fetching HTTPS response\n"));
openconnect_close_https(vpninfo, 0);
......@@ -209,7 +209,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
_("Got HTTP response: %s\n"), buf);
/* Eat headers... */
while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
char *colon;
if (i < 0) {
......@@ -328,7 +328,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
if (!body)
return -ENOMEM;
while (done < bodylen) {
i = openconnect_SSL_read(vpninfo, body + done, bodylen - done);
i = vpninfo->ssl_read(vpninfo, body + done, bodylen - done);
if (i < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error reading HTTP response body\n"));
......@@ -340,7 +340,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
}
} else if (bodylen == BODY_CHUNKED) {
/* ... else, chunked */
while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
int chunklen, lastchunk = 0;
if (i < 0) {
......@@ -357,7 +357,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
if (!body)
return -ENOMEM;
while (chunklen) {
i = openconnect_SSL_read(vpninfo, body + done, chunklen);
i = vpninfo->ssl_read(vpninfo, body + done, chunklen);
if (i < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error reading HTTP response body\n"));
......@@ -368,7 +368,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
done += i;
}
skip:
if ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
if ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
if (i < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error fetching HTTP response body\n"));
......@@ -397,7 +397,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
realloc_inplace(body, done + 16384);
if (!body)
return -ENOMEM;
i = openconnect_SSL_read(vpninfo, body + done, 16384);
i = vpninfo->ssl_read(vpninfo, body + done, 16384);
if (i > 0) {
/* Got more data */
done += i;
......@@ -495,7 +495,7 @@ static int fetch_config(struct openconnect_info *vpninfo)
if (buf_error(buf))
return buf_free(buf);
if (openconnect_SSL_write(vpninfo, buf->data, buf->pos) != buf->pos) {
if (vpninfo->ssl_write(vpninfo, buf->data, buf->pos) != buf->pos) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to send GET request for new config\n"));
buf_free(buf);
......@@ -954,7 +954,7 @@ static int do_https_request(struct openconnect_info *vpninfo, const char *method
if (vpninfo->dump_http_traffic)
dump_buf(vpninfo, '>', buf->data);
result = openconnect_SSL_write(vpninfo, buf->data, buf->pos);
result = vpninfo->ssl_write(vpninfo, buf->data, buf->pos);
if (rq_retry && result < 0) {
openconnect_close_https(vpninfo, 0);
goto retry;
......
......@@ -334,6 +334,10 @@ struct openconnect_info {
openconnect_process_auth_form_vfn process_auth_form;
openconnect_progress_vfn progress;
openconnect_protect_socket_vfn protect_socket;
int (*ssl_read)(struct openconnect_info *vpninfo, char *buf, size_t len);
int (*ssl_gets)(struct openconnect_info *vpninfo, char *buf, size_t len);
int (*ssl_write)(struct openconnect_info *vpninfo, char *buf, size_t len);
};
#ifdef _WIN32
......@@ -498,9 +502,6 @@ int is_cancel_pending(struct openconnect_info *vpninfo, fd_set *fds);
void poll_cmd_fd(struct openconnect_info *vpninfo, int timeout);
/* {gnutls,openssl}.c */
int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len);
int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len);
int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len);
int openconnect_open_https(struct openconnect_info *vpninfo);
void openconnect_close_https(struct openconnect_info *vpninfo, int final);
int cstp_handshake(struct openconnect_info *vpninfo, unsigned init);
......
......@@ -78,7 +78,7 @@ int openconnect_random(void *bytes, int len)
/* Helper functions for reading/writing lines over SSL.
We could use cURL for the HTTP stuff, but it's overkill */
int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len)
static int openconnect_openssl_write(struct openconnect_info *vpninfo, char *buf, size_t len)
{
size_t orig_len = len;
......@@ -115,7 +115,7 @@ int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t le
return orig_len;
}
int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len)
static int openconnect_openssl_read(struct openconnect_info *vpninfo, char *buf, size_t len)
{
int done;
......@@ -146,7 +146,7 @@ int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len
return done;
}
int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len)
static int openconnect_openssl_gets(struct openconnect_info *vpninfo, char *buf, size_t len)
{
int i = 0;
int ret;
......@@ -1413,6 +1413,10 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
vpninfo->ssl_fd = ssl_sock;
vpninfo->https_ssl = https_ssl;
vpninfo->ssl_read = openconnect_openssl_read;
vpninfo->ssl_write = openconnect_openssl_write;
vpninfo->ssl_gets = openconnect_openssl_gets;
/* Stash this now, because it might not be available later if the
server has disconnected. */
vpninfo->peer_cert = SSL_get_peer_certificate(vpninfo->https_ssl);
......
......@@ -317,7 +317,7 @@ int __attribute__ ((format (printf, 2, 3)))
va_start(args, fmt);
vsnprintf(buf, 1023, fmt, args);
va_end(args);
return openconnect_SSL_write(vpninfo, buf, strlen(buf));
return vpninfo->ssl_write(vpninfo, buf, strlen(buf));
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment