Commit 95b7af19 authored by Kevin Cernekee's avatar Kevin Cernekee

library: Add get/set functions for servercert, ifname, reqmtu

This allows all connection parameters used by nm-openconnect to be set
through the library API.
Signed-off-by: default avatarKevin Cernekee <cernekee@gmail.com>
parent 58994c2c
......@@ -44,6 +44,9 @@ OPENCONNECT_3.1 {
openconnect_setup_tun_fd;
openconnect_setup_dtls;
openconnect_make_cstp_connection;
openconnect_set_server_cert_sha1;
openconnect_get_ifname;
openconnect_set_reqmtu;
} OPENCONNECT_3.0;
OPENCONNECT_PRIVATE {
......
......@@ -138,6 +138,8 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
free(vpninfo->proxy_type);
free(vpninfo->proxy);
free(vpninfo->vpnc_script);
free(vpninfo->cafile);
free(vpninfo->servercert);
free(vpninfo->ifname);
if (vpninfo->csd_scriptname) {
......@@ -156,7 +158,6 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
/* These are const in openconnect itself, but for consistency of
the library API we do take ownership of the strings we're given,
and thus we have to free them too. */
free((void *)vpninfo->cafile);
if (vpninfo->cert != vpninfo->sslkey)
free((void *)vpninfo->sslkey);
free((void *)vpninfo->cert);
......@@ -228,6 +229,21 @@ void openconnect_set_cafile(struct openconnect_info *vpninfo, char *cafile)
vpninfo->cafile = cafile;
}
void openconnect_set_server_cert_sha1(struct openconnect_info *vpninfo, char *servercert)
{
vpninfo->servercert = servercert;
}
const char *openconnect_get_ifname(struct openconnect_info *vpninfo)
{
return vpninfo->ifname;
}
void openconnect_set_reqmtu(struct openconnect_info *vpninfo, int reqmtu)
{
vpninfo->reqmtu = reqmtu;
}
void openconnect_setup_csd(struct openconnect_info *vpninfo, uid_t uid, int silent, char *wrapper)
{
vpninfo->uid_csd = uid;
......
......@@ -569,13 +569,13 @@ int main(int argc, char **argv)
/* The next option will come from the file... */
break;
case OPT_CAFILE:
vpninfo->cafile = keep_config_arg();
openconnect_set_cafile(vpninfo, xstrdup(config_arg));
break;
case OPT_PIDFILE:
pidfile = keep_config_arg();
break;
case OPT_SERVERCERT:
vpninfo->servercert = keep_config_arg();
openconnect_set_server_cert_sha1(vpninfo, xstrdup(config_arg));
break;
case OPT_NO_DTLS:
use_dtls = 0;
......@@ -649,13 +649,15 @@ int main(int argc, char **argv)
case 'l':
use_syslog = 1;
break;
case 'm':
vpninfo->reqmtu = atol(config_arg);
if (vpninfo->reqmtu < 576) {
fprintf(stderr, _("MTU %d too small\n"), vpninfo->reqmtu);
vpninfo->reqmtu = 576;
case 'm': {
int mtu = atol(config_arg);
if (mtu < 576) {
fprintf(stderr, _("MTU %d too small\n"), mtu);
mtu = 576;
}
openconnect_set_reqmtu(vpninfo, mtu);
break;
}
case OPT_BASEMTU:
vpninfo->basemtu = atol(config_arg);
if (vpninfo->basemtu < 576) {
......@@ -931,7 +933,7 @@ int main(int argc, char **argv)
fprintf(stderr, _("Set up DTLS failed; using SSL instead\n"));
vpn_progress(vpninfo, PRG_INFO,
_("Connected %s as %s%s%s, using %s\n"), vpninfo->ifname,
_("Connected %s as %s%s%s, using %s\n"), openconnect_get_ifname(vpninfo),
vpninfo->vpn_addr?:"",
(vpninfo->vpn_addr6 && vpninfo->vpn_addr) ? " + " : "",
vpninfo->vpn_addr6 ? : "",
......
......@@ -169,8 +169,8 @@ struct openconnect_info {
const char *sslkey;
int cert_type;
char *cert_password;
const char *cafile;
const char *servercert;
char *cafile;
char *servercert;
const char *xmlconfig;
char xmlsha1[(SHA1_SIZE * 2) + 1];
char *authgroup;
......
......@@ -226,6 +226,9 @@ void openconnect_set_cafile(struct openconnect_info *, char *);
void openconnect_setup_csd(struct openconnect_info *, uid_t, int silent, char *wrapper);
int openconnect_set_reported_os(struct openconnect_info *, const char *os);
void openconnect_set_client_cert(struct openconnect_info *, char *cert, char *sslkey);
void openconnect_set_server_cert_sha1(struct openconnect_info *, char *);
const char *openconnect_get_ifname(struct openconnect_info *);
void openconnect_set_reqmtu(struct openconnect_info *, int reqmtu);
/* This is *not* yours and must not be destroyed with X509_free(). It
* will be valid when a cookie has been obtained successfully, and will
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment