Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Use callbacks in vpninfo for ssl_{read,write,gets} methods
Slightly cleaner, and will allow us to use process_http_response() for
unencrypted communication with a proxy too.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 18, 2014
1 parent b978378 commit 3b00004
Show file tree
Hide file tree
Showing 6 changed files with 31 additions and 23 deletions.
8 changes: 4 additions & 4 deletions cstp.c
Expand Up @@ -219,9 +219,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
buf_append(buf, sizeof(buf), "\r\nX-DTLS-CipherSuite: %s\r\n\r\n",
vpninfo->dtls_ciphers ? : DEFAULT_CIPHER_LIST);

openconnect_SSL_write(vpninfo, buf, strlen(buf));
vpninfo->ssl_write(vpninfo, buf, strlen(buf));

if ((i = openconnect_SSL_gets(vpninfo, buf, 65536)) < 0) {
if ((i = vpninfo->ssl_gets(vpninfo, buf, 65536)) < 0) {
if (i == -EINTR)
return i;
vpn_progress(vpninfo, PRG_ERR,
Expand All @@ -245,7 +245,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
if (!strncmp(buf, "HTTP/1.1 503 ", 13)) {
/* "Service Unavailable. Why? */
const char *reason = "<unknown>";
while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
if (!strncmp(buf, "X-Reason: ", 10)) {
reason = buf + 10;
break;
Expand All @@ -270,7 +270,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
vpninfo->deflate = 0;
mtu = 0;

while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
struct oc_vpn_option *new_option;
char *colon;

Expand Down
9 changes: 6 additions & 3 deletions gnutls.c
Expand Up @@ -56,7 +56,7 @@ static P11KitPin *pin_callback(const char *pin_source, P11KitUri *pin_uri,
#include "openconnect-internal.h"

/* Helper functions for reading/writing lines over SSL. */
int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len)
static int openconnect_gnutls_write(struct openconnect_info *vpninfo, char *buf, size_t len)
{
size_t orig_len = len;

Expand Down Expand Up @@ -92,7 +92,7 @@ int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t le
return orig_len;
}

int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len)
static int openconnect_gnutls_read(struct openconnect_info *vpninfo, char *buf, size_t len)
{
int done;

Expand Down Expand Up @@ -134,7 +134,7 @@ int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len
return done;
}

int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len)
static int openconnect_gnutls_gets(struct openconnect_info *vpninfo, char *buf, size_t len)
{
int i = 0;
int ret;
Expand Down Expand Up @@ -1975,6 +1975,9 @@ int openconnect_open_https(struct openconnect_info *vpninfo)

vpninfo->ssl_fd = ssl_sock;

vpninfo->ssl_read = openconnect_gnutls_read;
vpninfo->ssl_write = openconnect_gnutls_write;
vpninfo->ssl_gets = openconnect_gnutls_gets;

return 0;
}
Expand Down
18 changes: 9 additions & 9 deletions http.c
Expand Up @@ -188,7 +188,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
int i;

cont:
if (openconnect_SSL_gets(vpninfo, buf, sizeof(buf)) < 0) {
if (vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)) < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error fetching HTTPS response\n"));
openconnect_close_https(vpninfo, 0);
Expand All @@ -209,7 +209,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
_("Got HTTP response: %s\n"), buf);

/* Eat headers... */
while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
char *colon;

if (i < 0) {
Expand Down Expand Up @@ -328,7 +328,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
if (!body)
return -ENOMEM;
while (done < bodylen) {
i = openconnect_SSL_read(vpninfo, body + done, bodylen - done);
i = vpninfo->ssl_read(vpninfo, body + done, bodylen - done);
if (i < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error reading HTTP response body\n"));
Expand All @@ -340,7 +340,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
}
} else if (bodylen == BODY_CHUNKED) {
/* ... else, chunked */
while ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
int chunklen, lastchunk = 0;

if (i < 0) {
Expand All @@ -357,7 +357,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
if (!body)
return -ENOMEM;
while (chunklen) {
i = openconnect_SSL_read(vpninfo, body + done, chunklen);
i = vpninfo->ssl_read(vpninfo, body + done, chunklen);
if (i < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error reading HTTP response body\n"));
Expand All @@ -368,7 +368,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
done += i;
}
skip:
if ((i = openconnect_SSL_gets(vpninfo, buf, sizeof(buf)))) {
if ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
if (i < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error fetching HTTP response body\n"));
Expand Down Expand Up @@ -397,7 +397,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
realloc_inplace(body, done + 16384);
if (!body)
return -ENOMEM;
i = openconnect_SSL_read(vpninfo, body + done, 16384);
i = vpninfo->ssl_read(vpninfo, body + done, 16384);
if (i > 0) {
/* Got more data */
done += i;
Expand Down Expand Up @@ -495,7 +495,7 @@ static int fetch_config(struct openconnect_info *vpninfo)
if (buf_error(buf))
return buf_free(buf);

if (openconnect_SSL_write(vpninfo, buf->data, buf->pos) != buf->pos) {
if (vpninfo->ssl_write(vpninfo, buf->data, buf->pos) != buf->pos) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to send GET request for new config\n"));
buf_free(buf);
Expand Down Expand Up @@ -954,7 +954,7 @@ static int do_https_request(struct openconnect_info *vpninfo, const char *method
if (vpninfo->dump_http_traffic)
dump_buf(vpninfo, '>', buf->data);

result = openconnect_SSL_write(vpninfo, buf->data, buf->pos);
result = vpninfo->ssl_write(vpninfo, buf->data, buf->pos);
if (rq_retry && result < 0) {
openconnect_close_https(vpninfo, 0);
goto retry;
Expand Down
7 changes: 4 additions & 3 deletions openconnect-internal.h
Expand Up @@ -334,6 +334,10 @@ struct openconnect_info {
openconnect_process_auth_form_vfn process_auth_form;
openconnect_progress_vfn progress;
openconnect_protect_socket_vfn protect_socket;

int (*ssl_read)(struct openconnect_info *vpninfo, char *buf, size_t len);
int (*ssl_gets)(struct openconnect_info *vpninfo, char *buf, size_t len);
int (*ssl_write)(struct openconnect_info *vpninfo, char *buf, size_t len);
};

#ifdef _WIN32
Expand Down Expand Up @@ -498,9 +502,6 @@ int is_cancel_pending(struct openconnect_info *vpninfo, fd_set *fds);
void poll_cmd_fd(struct openconnect_info *vpninfo, int timeout);

/* {gnutls,openssl}.c */
int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len);
int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len);
int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len);
int openconnect_open_https(struct openconnect_info *vpninfo);
void openconnect_close_https(struct openconnect_info *vpninfo, int final);
int cstp_handshake(struct openconnect_info *vpninfo, unsigned init);
Expand Down
10 changes: 7 additions & 3 deletions openssl.c
Expand Up @@ -78,7 +78,7 @@ int openconnect_random(void *bytes, int len)
/* Helper functions for reading/writing lines over SSL.
We could use cURL for the HTTP stuff, but it's overkill */

int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len)
static int openconnect_openssl_write(struct openconnect_info *vpninfo, char *buf, size_t len)
{
size_t orig_len = len;

Expand Down Expand Up @@ -115,7 +115,7 @@ int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t le
return orig_len;
}

int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len)
static int openconnect_openssl_read(struct openconnect_info *vpninfo, char *buf, size_t len)
{
int done;

Expand Down Expand Up @@ -146,7 +146,7 @@ int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len
return done;
}

int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len)
static int openconnect_openssl_gets(struct openconnect_info *vpninfo, char *buf, size_t len)
{
int i = 0;
int ret;
Expand Down Expand Up @@ -1413,6 +1413,10 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
vpninfo->ssl_fd = ssl_sock;
vpninfo->https_ssl = https_ssl;

vpninfo->ssl_read = openconnect_openssl_read;
vpninfo->ssl_write = openconnect_openssl_write;
vpninfo->ssl_gets = openconnect_openssl_gets;

/* Stash this now, because it might not be available later if the
server has disconnected. */
vpninfo->peer_cert = SSL_get_peer_certificate(vpninfo->https_ssl);
Expand Down
2 changes: 1 addition & 1 deletion ssl.c
Expand Up @@ -317,7 +317,7 @@ int __attribute__ ((format (printf, 2, 3)))
va_start(args, fmt);
vsnprintf(buf, 1023, fmt, args);
va_end(args);
return openconnect_SSL_write(vpninfo, buf, strlen(buf));
return vpninfo->ssl_write(vpninfo, buf, strlen(buf));

}

Expand Down

0 comments on commit 3b00004

Please sign in to comment.