From 9b4076679f367179f9a187855c6729e67f9c7ae6 Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Thu, 9 Aug 2018 10:56:21 +0100
Subject: [PATCH] Provide unique hostname to CSD script

We see failures when DNS gives us a different IP address and the CSD
trojan ends up talking to a different host to the one we're actually
trying to authenticate to. Since we use pinned certificate hashes, it
shouldn't matter that we lose the hostname and can't validate the cert
against it.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---
 auth.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/auth.c b/auth.c
index 510c4f97..58839888 100644
--- a/auth.c
+++ b/auth.c
@@ -1144,7 +1144,7 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
 
 
 			csd_argv[i++] = (char *)"-url";
-			if (asprintf(&csd_argv[i++], "\"https://%s%s\"", vpninfo->hostname, vpninfo->csd_starturl) == -1)
+			if (asprintf(&csd_argv[i++], "\"https://%s%s\"", openconnect_get_hostname(vpninfo), vpninfo->csd_starturl) == -1)
 				goto out;
 
 			csd_argv[i++] = (char *)"-langselen";
@@ -1154,7 +1154,7 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
 				goto out;
 			if (setenv("CSD_TOKEN", vpninfo->csd_token, 1))
 				goto out;
-			if (setenv("CSD_HOSTNAME", vpninfo->hostname, 1))
+			if (setenv("CSD_HOSTNAME", openconnect_get_hostname(vpninfo), 1))
 				goto out;
 
 			apply_script_env(vpninfo->csd_env);