Add --dtls12-ciphers option

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
sailfishos-mirror · Jan 10, 2019 · 5a93330 · 5a93330
1 parent cbe8d36
commit 5a93330
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 3 deletions.
diff --git a/cstp.c b/cstp.c
@@ -284,9 +284,12 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 		}
 
 
-		if (vpninfo->dtls_ciphers)
-			buf_append(reqbuf, "X-DTLS-CipherSuite: %s\r\n", vpninfo->dtls_ciphers);
-		else {
+		if (vpninfo->dtls_ciphers || vpninfo->dtls12_ciphers) {
+			if (vpninfo->dtls_ciphers)
+				buf_append(reqbuf, "X-DTLS-CipherSuite: %s\r\n", vpninfo->dtls_ciphers);
+			if (vpninfo->dtls12_ciphers)
+				buf_append(reqbuf, "X-DTLS12-CipherSuite: %s\r\n", vpninfo->dtls12_ciphers);
+		} else {
 			struct oc_text_buf *dtls_cl, *dtls12_cl;
 
 			dtls_cl = buf_alloc();

diff --git a/main.c b/main.c
@@ -158,6 +158,7 @@ enum {
 	OPT_CSD_WRAPPER,
 	OPT_DISABLE_IPV6,
 	OPT_DTLS_CIPHERS,
+	OPT_DTLS12_CIPHERS,
 	OPT_DUMP_HTTP,
 	OPT_FORCE_DPD,
 	OPT_GNUTLS_DEBUG,
@@ -251,6 +252,7 @@ static const struct option long_options[] = {
 	OPTION("no-passwd", 0, OPT_NO_PASSWD),
 	OPTION("reconnect-timeout", 1, OPT_RECONNECT_TIMEOUT),
 	OPTION("dtls-ciphers", 1, OPT_DTLS_CIPHERS),
+	OPTION("dtls12-ciphers", 1, OPT_DTLS12_CIPHERS),
 	OPTION("authgroup", 1, OPT_AUTHGROUP),
 	OPTION("servercert", 1, OPT_SERVERCERT),
 	OPTION("resolve", 1, OPT_RESOLVE),
@@ -1307,6 +1309,9 @@ int main(int argc, char **argv)
 		case OPT_DTLS_CIPHERS:
 			vpninfo->dtls_ciphers = keep_config_arg();
 			break;
+		case OPT_DTLS12_CIPHERS:
+			vpninfo->dtls12_ciphers = keep_config_arg();
+			break;
 		case OPT_AUTHGROUP:
 			authgroup = keep_config_arg();
 			break;

diff --git a/openconnect-internal.h b/openconnect-internal.h
@@ -427,6 +427,7 @@ struct openconnect_info {
 	int nopasswd;
 	int xmlpost;
 	char *dtls_ciphers;
+	char *dtls12_ciphers;
 	char *csd_wrapper;
 	int no_http_keepalive;
 	int dump_http_traffic;

diff --git a/openconnect.8.in b/openconnect.8.in
@@ -48,6 +48,7 @@ openconnect \- Multi-protocol VPN client, for Cisco AnyConnect VPNs and others
 .OP \-\-cafile file
 .OP \-\-disable\-ipv6
 .OP \-\-dtls\-ciphers list
+.OP \-\-dtls12\-ciphers list
 .OP \-\-dtls\-local\-port port
 .OP \-\-dump\-http\-traffic
 .OP \-\-no\-system\-trust
@@ -368,6 +369,9 @@ Do not advertise IPv6 capability to server
 .B \-\-dtls\-ciphers=LIST
 Set OpenSSL ciphers to support for DTLS
 .TP
+.B \-\-dtls12\-ciphers=LIST
+Set OpenSSL ciphers for Cisco's DTLS v1.2
+.TP
 .B \-\-dtls\-local\-port=PORT
 Use
 .I PORT