Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Make pin_cache member of struct openconnect_info unconditionally present
We're going to need this for OpenSSL PKCS#11 support too.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Dec 17, 2014
1 parent 7df4119 commit e570fbb
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 13 deletions.
13 changes: 1 addition & 12 deletions gnutls.c
Expand Up @@ -2259,23 +2259,12 @@ void openconnect_close_https(struct openconnect_info *vpninfo, int final)
if (final && vpninfo->https_cred) {
gnutls_certificate_free_credentials(vpninfo->https_cred);
vpninfo->https_cred = NULL;
#ifdef HAVE_P11KIT
#if defined(HAVE_P11KIT) && !defined(HAVE_GNUTLS_X509_CRT_SET_PIN_FUNCTION)
if ((vpninfo->cert && !strncmp(vpninfo->cert, "pkcs11:", 7)) ||
(vpninfo->sslkey && !strncmp(vpninfo->sslkey, "pkcs11:", 7))) {
#ifndef HAVE_GNUTLS_X509_CRT_SET_PIN_FUNCTION
char pin_source[40];
sprintf(pin_source, "openconnect:%p", vpninfo);
p11_kit_pin_unregister_callback(pin_source, p11kit_pin_callback, vpninfo);
#endif
while (vpninfo->pin_cache) {
struct pin_cache *cache = vpninfo->pin_cache;

free(cache->token);
memset(cache->pin, 0x5a, strlen(cache->pin));
free(cache->pin);
vpninfo->pin_cache = cache->next;
free(cache);
}
}
#endif
#ifdef HAVE_TROUSERS
Expand Down
10 changes: 10 additions & 0 deletions library.c
Expand Up @@ -238,6 +238,16 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
#endif
vpninfo->peer_cert = NULL;
}
while (vpninfo->pin_cache) {
struct pin_cache *cache = vpninfo->pin_cache;

free(cache->token);
memset(cache->pin, 0x5a, strlen(cache->pin));
free(cache->pin);
vpninfo->pin_cache = cache->next;
free(cache);
}

free(vpninfo->peer_cert_hash);
free(vpninfo->localname);
free(vpninfo->useragent);
Expand Down
2 changes: 1 addition & 1 deletion openconnect-internal.h
Expand Up @@ -317,7 +317,6 @@ struct openconnect_info {
gnutls_session_t https_sess;
gnutls_certificate_credentials_t https_cred;
char local_cert_md5[MD5_SIZE * 2 + 1]; /* For CSD */
struct pin_cache *pin_cache;
#ifdef HAVE_TROUSERS
TSS_HCONTEXT tpm_context;
TSS_HKEY srk;
Expand All @@ -335,6 +334,7 @@ struct openconnect_info {
unsigned int nr_my_certs;
#endif
#endif /* OPENCONNECT_GNUTLS */
struct pin_cache *pin_cache;
struct keepalive_info ssl_times;
int owe_ssl_dpd_response;
struct pkt *deflate_pkt;
Expand Down

0 comments on commit e570fbb

Please sign in to comment.