Skip to content

Commit

Permalink
Sanity-check CSTP and DTLS rekey times
Browse files Browse the repository at this point in the history 
Just set REKEY_NONE if the rekey time is zero or negative, so that we
don't need to test (ka->rekey && ka->rekey_method != REKEY_NONE) in
multiple locations.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
@cernekee
cernekee authored and David Woodhouse committed Feb 17, 2014
1 parent a1e3914 commit d0d9921
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
3 changes: 3 additions & 0 deletions cstp.c
View file
Expand Up @@ -509,6 +509,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
if (!sessid_found)
vpninfo->dtls_attempt_period = 0;

if (vpninfo->ssl_times.rekey <= 0)
vpninfo->ssl_times.rekey_method = REKEY_NONE;

vpninfo->ssl_times.last_rekey = vpninfo->ssl_times.last_rx =
vpninfo->ssl_times.last_tx = time(NULL);
return 0;
Expand Down
2 changes: 2 additions & 0 deletions dtls.c
View file
Expand Up @@ -622,6 +622,8 @@ int openconnect_setup_dtls(struct openconnect_info *vpninfo, int dtls_attempt_pe
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
if (vpninfo->dtls_times.rekey <= 0)
vpninfo->dtls_times.rekey_method = REKEY_NONE;

vpninfo->dtls_addr = malloc(vpninfo->peer_addrlen);
if (!vpninfo->dtls_addr) {
Expand Down

0 comments on commit d0d9921

Please sign in to comment.