Commit e570fbba authored by David Woodhouse's avatar David Woodhouse

Make pin_cache member of struct openconnect_info unconditionally present

We're going to need this for OpenSSL PKCS#11 support too.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 7df4119b
......@@ -2259,23 +2259,12 @@ void openconnect_close_https(struct openconnect_info *vpninfo, int final)
if (final && vpninfo->https_cred) {
gnutls_certificate_free_credentials(vpninfo->https_cred);
vpninfo->https_cred = NULL;
#ifdef HAVE_P11KIT
#if defined(HAVE_P11KIT) && !defined(HAVE_GNUTLS_X509_CRT_SET_PIN_FUNCTION)
if ((vpninfo->cert && !strncmp(vpninfo->cert, "pkcs11:", 7)) ||
(vpninfo->sslkey && !strncmp(vpninfo->sslkey, "pkcs11:", 7))) {
#ifndef HAVE_GNUTLS_X509_CRT_SET_PIN_FUNCTION
char pin_source[40];
sprintf(pin_source, "openconnect:%p", vpninfo);
p11_kit_pin_unregister_callback(pin_source, p11kit_pin_callback, vpninfo);
#endif
while (vpninfo->pin_cache) {
struct pin_cache *cache = vpninfo->pin_cache;
free(cache->token);
memset(cache->pin, 0x5a, strlen(cache->pin));
free(cache->pin);
vpninfo->pin_cache = cache->next;
free(cache);
}
}
#endif
#ifdef HAVE_TROUSERS
......
......@@ -238,6 +238,16 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
#endif
vpninfo->peer_cert = NULL;
}
while (vpninfo->pin_cache) {
struct pin_cache *cache = vpninfo->pin_cache;
free(cache->token);
memset(cache->pin, 0x5a, strlen(cache->pin));
free(cache->pin);
vpninfo->pin_cache = cache->next;
free(cache);
}
free(vpninfo->peer_cert_hash);
free(vpninfo->localname);
free(vpninfo->useragent);
......
......@@ -317,7 +317,6 @@ struct openconnect_info {
gnutls_session_t https_sess;
gnutls_certificate_credentials_t https_cred;
char local_cert_md5[MD5_SIZE * 2 + 1]; /* For CSD */
struct pin_cache *pin_cache;
#ifdef HAVE_TROUSERS
TSS_HCONTEXT tpm_context;
TSS_HKEY srk;
......@@ -335,6 +334,7 @@ struct openconnect_info {
unsigned int nr_my_certs;
#endif
#endif /* OPENCONNECT_GNUTLS */
struct pin_cache *pin_cache;
struct keepalive_info ssl_times;
int owe_ssl_dpd_response;
struct pkt *deflate_pkt;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment