diff --git a/cstp.c b/cstp.c index d1483f5c..877b8021 100644 --- a/cstp.c +++ b/cstp.c @@ -219,9 +219,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) buf_append(buf, sizeof(buf), "\r\nX-DTLS-CipherSuite: %s\r\n\r\n", vpninfo->dtls_ciphers ? : DEFAULT_CIPHER_LIST); - openconnect_SSL_write(vpninfo, buf, strlen(buf)); + vpninfo->ssl_write(vpninfo, buf, strlen(buf)); - if ((i = openconnect_SSL_gets(vpninfo, buf, 65536)) < 0) { + if ((i = vpninfo->ssl_gets(vpninfo, buf, 65536)) < 0) { if (i == -EINTR) return i; vpn_progress(vpninfo, PRG_ERR, @@ -245,7 +245,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) if (!strncmp(buf, "HTTP/1.1 503 ", 13)) { /* "Service Unavailable. Why? */ const char *reason = ""; - while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) { + while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) { if (!strncmp(buf, "X-Reason: ", 10)) { reason = buf + 10; break; @@ -270,7 +270,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) vpninfo->deflate = 0; mtu = 0; - while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) { + while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) { struct oc_vpn_option *new_option; char *colon; diff --git a/gnutls.c b/gnutls.c index e5369a59..ffd84bbc 100644 --- a/gnutls.c +++ b/gnutls.c @@ -56,7 +56,7 @@ static P11KitPin *pin_callback(const char *pin_source, P11KitUri *pin_uri, #include "openconnect-internal.h" /* Helper functions for reading/writing lines over SSL. */ -int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len) +static int openconnect_gnutls_write(struct openconnect_info *vpninfo, char *buf, size_t len) { size_t orig_len = len; @@ -92,7 +92,7 @@ int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t le return orig_len; } -int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len) +static int openconnect_gnutls_read(struct openconnect_info *vpninfo, char *buf, size_t len) { int done; @@ -134,7 +134,7 @@ int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len return done; } -int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len) +static int openconnect_gnutls_gets(struct openconnect_info *vpninfo, char *buf, size_t len) { int i = 0; int ret; @@ -1975,6 +1975,9 @@ int openconnect_open_https(struct openconnect_info *vpninfo) vpninfo->ssl_fd = ssl_sock; + vpninfo->ssl_read = openconnect_gnutls_read; + vpninfo->ssl_write = openconnect_gnutls_write; + vpninfo->ssl_gets = openconnect_gnutls_gets; return 0; } diff --git a/http.c b/http.c index 486c7e47..ba77c806 100644 --- a/http.c +++ b/http.c @@ -188,7 +188,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, int i; cont: - if (openconnect_SSL_gets(vpninfo, buf, sizeof(buf)) < 0) { + if (vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)) < 0) { vpn_progress(vpninfo, PRG_ERR, _("Error fetching HTTPS response\n")); openconnect_close_https(vpninfo, 0); @@ -209,7 +209,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, _("Got HTTP response: %s\n"), buf); /* Eat headers... */ - while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) { + while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) { char *colon; if (i < 0) { @@ -328,7 +328,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, if (!body) return -ENOMEM; while (done < bodylen) { - i = openconnect_SSL_read(vpninfo, body + done, bodylen - done); + i = vpninfo->ssl_read(vpninfo, body + done, bodylen - done); if (i < 0) { vpn_progress(vpninfo, PRG_ERR, _("Error reading HTTP response body\n")); @@ -340,7 +340,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, } } else if (bodylen == BODY_CHUNKED) { /* ... else, chunked */ - while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) { + while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) { int chunklen, lastchunk = 0; if (i < 0) { @@ -357,7 +357,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, if (!body) return -ENOMEM; while (chunklen) { - i = openconnect_SSL_read(vpninfo, body + done, chunklen); + i = vpninfo->ssl_read(vpninfo, body + done, chunklen); if (i < 0) { vpn_progress(vpninfo, PRG_ERR, _("Error reading HTTP response body\n")); @@ -368,7 +368,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, done += i; } skip: - if ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) { + if ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) { if (i < 0) { vpn_progress(vpninfo, PRG_ERR, _("Error fetching HTTP response body\n")); @@ -397,7 +397,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, realloc_inplace(body, done + 16384); if (!body) return -ENOMEM; - i = openconnect_SSL_read(vpninfo, body + done, 16384); + i = vpninfo->ssl_read(vpninfo, body + done, 16384); if (i > 0) { /* Got more data */ done += i; @@ -495,7 +495,7 @@ static int fetch_config(struct openconnect_info *vpninfo) if (buf_error(buf)) return buf_free(buf); - if (openconnect_SSL_write(vpninfo, buf->data, buf->pos) != buf->pos) { + if (vpninfo->ssl_write(vpninfo, buf->data, buf->pos) != buf->pos) { vpn_progress(vpninfo, PRG_ERR, _("Failed to send GET request for new config\n")); buf_free(buf); @@ -954,7 +954,7 @@ static int do_https_request(struct openconnect_info *vpninfo, const char *method if (vpninfo->dump_http_traffic) dump_buf(vpninfo, '>', buf->data); - result = openconnect_SSL_write(vpninfo, buf->data, buf->pos); + result = vpninfo->ssl_write(vpninfo, buf->data, buf->pos); if (rq_retry && result < 0) { openconnect_close_https(vpninfo, 0); goto retry; diff --git a/openconnect-internal.h b/openconnect-internal.h index 15cfe19b..799a1f16 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -334,6 +334,10 @@ struct openconnect_info { openconnect_process_auth_form_vfn process_auth_form; openconnect_progress_vfn progress; openconnect_protect_socket_vfn protect_socket; + + int (*ssl_read)(struct openconnect_info *vpninfo, char *buf, size_t len); + int (*ssl_gets)(struct openconnect_info *vpninfo, char *buf, size_t len); + int (*ssl_write)(struct openconnect_info *vpninfo, char *buf, size_t len); }; #ifdef _WIN32 @@ -498,9 +502,6 @@ int is_cancel_pending(struct openconnect_info *vpninfo, fd_set *fds); void poll_cmd_fd(struct openconnect_info *vpninfo, int timeout); /* {gnutls,openssl}.c */ -int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len); -int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len); -int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len); int openconnect_open_https(struct openconnect_info *vpninfo); void openconnect_close_https(struct openconnect_info *vpninfo, int final); int cstp_handshake(struct openconnect_info *vpninfo, unsigned init); diff --git a/openssl.c b/openssl.c index ecd56a06..871eef68 100644 --- a/openssl.c +++ b/openssl.c @@ -78,7 +78,7 @@ int openconnect_random(void *bytes, int len) /* Helper functions for reading/writing lines over SSL. We could use cURL for the HTTP stuff, but it's overkill */ -int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len) +static int openconnect_openssl_write(struct openconnect_info *vpninfo, char *buf, size_t len) { size_t orig_len = len; @@ -115,7 +115,7 @@ int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t le return orig_len; } -int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len) +static int openconnect_openssl_read(struct openconnect_info *vpninfo, char *buf, size_t len) { int done; @@ -146,7 +146,7 @@ int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len return done; } -int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len) +static int openconnect_openssl_gets(struct openconnect_info *vpninfo, char *buf, size_t len) { int i = 0; int ret; @@ -1413,6 +1413,10 @@ int openconnect_open_https(struct openconnect_info *vpninfo) vpninfo->ssl_fd = ssl_sock; vpninfo->https_ssl = https_ssl; + vpninfo->ssl_read = openconnect_openssl_read; + vpninfo->ssl_write = openconnect_openssl_write; + vpninfo->ssl_gets = openconnect_openssl_gets; + /* Stash this now, because it might not be available later if the server has disconnected. */ vpninfo->peer_cert = SSL_get_peer_certificate(vpninfo->https_ssl); diff --git a/ssl.c b/ssl.c index cfd057b9..3d15fcbc 100644 --- a/ssl.c +++ b/ssl.c @@ -317,7 +317,7 @@ int __attribute__ ((format (printf, 2, 3))) va_start(args, fmt); vsnprintf(buf, 1023, fmt, args); va_end(args); - return openconnect_SSL_write(vpninfo, buf, strlen(buf)); + return vpninfo->ssl_write(vpninfo, buf, strlen(buf)); }