Commit cfe8cc43 authored by David Woodhouse's avatar David Woodhouse

Fix build for GnuTLS 2.12 without OpenSSL

I'm not sure how much I can be persuaded to care about this setup, but it's
not so hard to make it work so we might as well for now.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 1eca77da
......@@ -25,7 +25,7 @@ openconnect_LDADD = libopenconnect.la $(SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIB
library_srcs = ssl.c http.c auth-common.c library.c compat.c lzs.c mainloop.c script.c ntlm.c digest.c
lib_srcs_cisco = auth.c cstp.c dtls.c
lib_srcs_juniper = oncp.c esp.c
lib_srcs_juniper = oncp.c
lib_srcs_gnutls = gnutls.c gnutls_pkcs12.c gnutls_tpm.c
lib_srcs_openssl = openssl.c openssl-pkcs11.c
lib_srcs_win32 = tun-win32.c sspi.c
......@@ -37,7 +37,7 @@ lib_srcs_yubikey = yubikey.c
lib_srcs_stoken = stoken.c
POTFILES = $(openconnect_SOURCES) $(lib_srcs_cisco) $(lib_srcs_juniper) \
gnutls-esp.c openssl-esp.c \
gnutls-esp.c openssl-esp.c esp.c \
$(lib_srcs_openssl) $(lib_srcs_gnutls) $(library_srcs) \
$(lib_srcs_win32) $(lib_srcs_posix) $(lib_srcs_gssapi) $(lib_srcs_iconv) \
$(lib_srcs_oath) $(lib_srcs_yubikey) $(lib_srcs_stoken) openconnect-internal.h
......@@ -59,10 +59,10 @@ if OPENCONNECT_GNUTLS
library_srcs += $(lib_srcs_gnutls)
endif
if ESP_GNUTLS
lib_srcs_juniper += gnutls-esp.c
lib_srcs_juniper += gnutls-esp.c esp.c
endif
if ESP_OPENSSL
lib_srcs_juniper += openssl-esp.c
lib_srcs_juniper += openssl-esp.c esp.c
endif
if OPENCONNECT_OPENSSL
library_srcs += $(lib_srcs_openssl)
......
......@@ -120,10 +120,14 @@ void openconnect_set_juniper(struct openconnect_info *vpninfo)
vpninfo->proto.tcp_mainloop = oncp_mainloop;
vpninfo->proto.add_http_headers = oncp_common_headers;
vpninfo->proto.obtain_cookie = oncp_obtain_cookie;
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
vpninfo->proto.udp_setup = esp_setup;
vpninfo->proto.udp_mainloop = esp_mainloop;
vpninfo->proto.udp_close = esp_close;
vpninfo->proto.udp_shutdown = esp_shutdown;
#else
vpninfo->dtls_state = DTLS_DISABLED;
#endif
}
int openconnect_setup_dtls(struct openconnect_info *vpninfo,
......@@ -254,9 +258,11 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
#ifdef DTLS_GNUTLS
gnutls_free(vpninfo->gnutls_dtls_cipher);
#endif
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
destroy_esp_ciphers(&vpninfo->esp_in[0]);
destroy_esp_ciphers(&vpninfo->esp_in[1]);
destroy_esp_ciphers(&vpninfo->esp_out);
#endif
free(vpninfo->dtls_addr);
if (vpninfo->csd_scriptname) {
......
......@@ -1192,7 +1192,6 @@ int oncp_connect(struct openconnect_info *vpninfo)
group = reqbuf->pos;
buf_append_tlv_be32(reqbuf, 2, vpninfo->ip_info.mtu);
if (buf_error(reqbuf)) {
enomem:
vpn_progress(vpninfo, PRG_ERR,
_("Error creating oNCP negotiation request\n"));
ret = buf_error(reqbuf);
......@@ -1201,6 +1200,7 @@ int oncp_connect(struct openconnect_info *vpninfo)
put_len32(reqbuf, group);
put_len16(reqbuf, kmp);
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
if (!setup_esp_keys(vpninfo)) {
struct esp *esp = &vpninfo->esp_in[vpninfo->current_esp_in];
/* Since we'll want to do this in the oncp_mainloop too, where it's easier
......@@ -1210,10 +1210,14 @@ int oncp_connect(struct openconnect_info *vpninfo)
buf_append_bytes(reqbuf, &esp->spi, sizeof(esp->spi));
buf_append_bytes(reqbuf, esp_kmp_part2, sizeof(esp_kmp_part2));
buf_append_bytes(reqbuf, &esp->secrets, sizeof(esp->secrets));
if (buf_error(reqbuf))
goto enomem;
if (buf_error(reqbuf)) {
vpn_progress(vpninfo, PRG_ERR,
_("Error negotiating ESP keys\n"));
ret = buf_error(reqbuf);
goto out;
}
}
#endif
/* Length at the start of the packet is little-endian */
reqbuf->data[0] = (reqbuf->pos - 2);
reqbuf->data[1] = (reqbuf->pos - 2) >> 8;
......@@ -1241,6 +1245,7 @@ int oncp_connect(struct openconnect_info *vpninfo)
static int oncp_receive_espkeys(struct openconnect_info *vpninfo, int len)
{
#if defined(ESP_GNUTLS) || defined(ESP_OPENSSL)
int ret;
ret = parse_conf_pkt(vpninfo, vpninfo->cstp_pkt->oncp_hdr + 2, len + 20, 301);
......@@ -1267,7 +1272,13 @@ static int oncp_receive_espkeys(struct openconnect_info *vpninfo, int len)
print_esp_keys(vpninfo, _("new outgoing"), &vpninfo->esp_out);
}
return ret;
#else
vpn_progress(vpninfo, PRG_DEBUG,
_("Ignoring ESP keys since ESP support not available in this build\n"));
return 0;
#endif
}
static int oncp_receive_data(struct openconnect_info *vpninfo, int len, int unreceived)
{
struct pkt *pkt = vpninfo->cstp_pkt;
......
......@@ -773,7 +773,7 @@ void esp_close(struct openconnect_info *vpninfo);
void esp_shutdown(struct openconnect_info *vpninfo);
int print_esp_keys(struct openconnect_info *vpninfo, const char *name, struct esp *esp);
/* gnutls-esp.c */
/* {gnutls,openssl}-esp.c */
int setup_esp_keys(struct openconnect_info *vpninfo);
void destroy_esp_ciphers(struct esp *esp);
int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp, struct pkt *pkt);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment