From e570fbbab5b5a16c38517419a77049bc46fc3f6d Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 17 Dec 2014 14:30:04 +0000 Subject: [PATCH] Make pin_cache member of struct openconnect_info unconditionally present We're going to need this for OpenSSL PKCS#11 support too. Signed-off-by: David Woodhouse --- gnutls.c | 13 +------------ library.c | 10 ++++++++++ openconnect-internal.h | 2 +- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/gnutls.c b/gnutls.c index 3829c171..8ec2f65a 100644 --- a/gnutls.c +++ b/gnutls.c @@ -2259,23 +2259,12 @@ void openconnect_close_https(struct openconnect_info *vpninfo, int final) if (final && vpninfo->https_cred) { gnutls_certificate_free_credentials(vpninfo->https_cred); vpninfo->https_cred = NULL; -#ifdef HAVE_P11KIT +#if defined(HAVE_P11KIT) && !defined(HAVE_GNUTLS_X509_CRT_SET_PIN_FUNCTION) if ((vpninfo->cert && !strncmp(vpninfo->cert, "pkcs11:", 7)) || (vpninfo->sslkey && !strncmp(vpninfo->sslkey, "pkcs11:", 7))) { -#ifndef HAVE_GNUTLS_X509_CRT_SET_PIN_FUNCTION char pin_source[40]; sprintf(pin_source, "openconnect:%p", vpninfo); p11_kit_pin_unregister_callback(pin_source, p11kit_pin_callback, vpninfo); -#endif - while (vpninfo->pin_cache) { - struct pin_cache *cache = vpninfo->pin_cache; - - free(cache->token); - memset(cache->pin, 0x5a, strlen(cache->pin)); - free(cache->pin); - vpninfo->pin_cache = cache->next; - free(cache); - } } #endif #ifdef HAVE_TROUSERS diff --git a/library.c b/library.c index 72e29138..5ca14f23 100644 --- a/library.c +++ b/library.c @@ -238,6 +238,16 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo) #endif vpninfo->peer_cert = NULL; } + while (vpninfo->pin_cache) { + struct pin_cache *cache = vpninfo->pin_cache; + + free(cache->token); + memset(cache->pin, 0x5a, strlen(cache->pin)); + free(cache->pin); + vpninfo->pin_cache = cache->next; + free(cache); + } + free(vpninfo->peer_cert_hash); free(vpninfo->localname); free(vpninfo->useragent); diff --git a/openconnect-internal.h b/openconnect-internal.h index db6c2ba8..ba68c51b 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -317,7 +317,6 @@ struct openconnect_info { gnutls_session_t https_sess; gnutls_certificate_credentials_t https_cred; char local_cert_md5[MD5_SIZE * 2 + 1]; /* For CSD */ - struct pin_cache *pin_cache; #ifdef HAVE_TROUSERS TSS_HCONTEXT tpm_context; TSS_HKEY srk; @@ -335,6 +334,7 @@ struct openconnect_info { unsigned int nr_my_certs; #endif #endif /* OPENCONNECT_GNUTLS */ + struct pin_cache *pin_cache; struct keepalive_info ssl_times; int owe_ssl_dpd_response; struct pkt *deflate_pkt;