Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Add readahead to UDP socket, to avoid throwing away ends of packets.
Still doesn't work though -- but it's the same failure mode as when I run
the Cisco client with my own build of OpenSSL.
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Sep 23, 2008
1 parent 70267b2 commit dd4a7ff
Showing 1 changed file with 3 additions and 6 deletions.
9 changes: 3 additions & 6 deletions dtls.c
Expand Up @@ -92,8 +92,8 @@ static int connect_dtls_socket(struct anyconnect_info *vpninfo, int dtls_port)

dtls_method = DTLSv1_client_method();
dtls_ctx = SSL_CTX_new(dtls_method);
SSL_CTX_set_read_ahead(dtls_ctx, 1);
https_cipher = SSL_get_current_cipher(vpninfo->https_ssl);
printf("https cipher is %p (%s)\n", https_cipher, SSL_CIPHER_get_name(https_cipher));

dtls_ssl = SSL_new(dtls_ctx);
SSL_set_connect_state(dtls_ssl);
Expand All @@ -114,7 +114,6 @@ static int connect_dtls_socket(struct anyconnect_info *vpninfo, int dtls_port)

dtls_session->cipher = https_cipher;
dtls_session->cipher_id = https_cipher->id;
printf("Cipher %p, id %lx\n", https_cipher, https_cipher->id);

/* Having faked a session, add it to the CTX and the SSL */
if (!SSL_CTX_add_session(dtls_ctx, dtls_session))
Expand All @@ -124,9 +123,7 @@ static int connect_dtls_socket(struct anyconnect_info *vpninfo, int dtls_port)
printf("SSL_set_session() failed\n");

/* Go Go Go! */
dtls_bio = BIO_new_dgram(dtls_fd, BIO_NOCLOSE);
BIO_ctrl_set_connected(dtls_bio, 1, vpninfo->peer_addr);

dtls_bio = BIO_new_socket(dtls_fd, BIO_NOCLOSE);
SSL_set_bio(dtls_ssl, dtls_bio, dtls_bio);

if (SSL_do_handshake(dtls_ssl)) {
Expand Down Expand Up @@ -173,7 +170,7 @@ int setup_dtls(struct anyconnect_info *vpninfo)
if (!sessid_found || !dtls_port)
return -EINVAL;

if (1 || connect_dtls_socket(vpninfo, dtls_port))
if (connect_dtls_socket(vpninfo, dtls_port))
return -EINVAL;

/* No idea how to do this yet */
Expand Down

0 comments on commit dd4a7ff

Please sign in to comment.