dtls: Export setup_dtls() function

This is an optional call; the default is "no DTLS." Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
sailfishos-mirror · Jan 15, 2014 · f9da17e · f9da17e
1 parent 9d80f4f
commit f9da17e
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 6 deletions.
diff --git a/dtls.c b/dtls.c
@@ -581,11 +581,15 @@ static int dtls_restart(struct openconnect_info *vpninfo)
 }
 
 
-int setup_dtls(struct openconnect_info *vpninfo)
+int openconnect_setup_dtls(struct openconnect_info *vpninfo, int dtls_attempt_period)
 {
 	struct vpn_option *dtls_opt = vpninfo->dtls_options;
 	int dtls_port = 0;
 
+	vpninfo->dtls_attempt_period = dtls_attempt_period;
+	if (!dtls_attempt_period)
+		return 0;
+
 #if defined(OPENCONNECT_GNUTLS) && defined(DTLS_OPENSSL)
 	/* If we're using GnuTLS for authentication but OpenSSL for DTLS,
 	   we'll need to initialise OpenSSL now... */
@@ -855,7 +859,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
 }
 #else /* !HAVE_DTLS */
 #warning Your SSL library does not seem to support Cisco DTLS compatibility
-int setup_dtls(struct openconnect_info *vpninfo)
+int openconnect_setup_dtls(struct openconnect_info *vpninfo, int dtls_attempt_period)
 {
 	vpn_progress(vpninfo, PRG_ERR,
 		     _("Built against SSL library with no Cisco DTLS support\n"));

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
@@ -42,6 +42,7 @@ OPENCONNECT_3.1 {
 	openconnect_setup_tun_device;
 	openconnect_setup_tun_script;
 	openconnect_setup_tun_fd;
+	openconnect_setup_dtls;
 } OPENCONNECT_3.0;
 
 OPENCONNECT_PRIVATE {

diff --git a/library.c b/library.c
@@ -57,7 +57,6 @@ struct openconnect_info *openconnect_vpninfo_new(char *useragent,
 	vpninfo->cmd_fd = vpninfo->cmd_fd_write = -1;
 	vpninfo->cert_expire_warning = 60 * 86400;
 	vpninfo->deflate = 1;
-	vpninfo->dtls_attempt_period = 60;
 	vpninfo->max_qlen = 10;
 	vpninfo->localname = strdup("localhost");
 	vpninfo->useragent = openconnect_create_useragent(useragent);

diff --git a/main.c b/main.c
@@ -514,6 +514,7 @@ int main(int argc, char **argv)
 	uid_t uid = getuid();
 	int opt;
 	char *pidfile = NULL;
+	int use_dtls = 1;
 	FILE *fp = NULL;
 	char *config_arg;
 	char *token_str = NULL;
@@ -576,7 +577,7 @@ int main(int argc, char **argv)
 			vpninfo->servercert = keep_config_arg();
 			break;
 		case OPT_NO_DTLS:
-			vpninfo->dtls_attempt_period = 0;
+			use_dtls = 0;
 			break;
 		case OPT_COOKIEONLY:
 			cookieonly = 1;
@@ -925,7 +926,7 @@ int main(int argc, char **argv)
 		}
 	}
 
-	if (vpninfo->dtls_attempt_period && setup_dtls(vpninfo))
+	if (use_dtls && openconnect_setup_dtls(vpninfo, 60))
 		fprintf(stderr, _("Set up DTLS failed; using SSL instead\n"));
 
 	vpn_progress(vpninfo, PRG_INFO,

diff --git a/openconnect-internal.h b/openconnect-internal.h
@@ -377,7 +377,6 @@ int script_config_tun(struct openconnect_info *vpninfo, const char *reason);
 
 /* dtls.c */
 unsigned char unhex(const char *data);
-int setup_dtls(struct openconnect_info *vpninfo);
 int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
 int dtls_try_handshake(struct openconnect_info *vpninfo);
 int connect_dtls_socket(struct openconnect_info *vpninfo);

diff --git a/openconnect.h b/openconnect.h
@@ -271,6 +271,9 @@ int openconnect_setup_tun_script(struct openconnect_info *vpninfo, char *tun_scr
 /* Caller will provide a file descriptor for the tunnel traffic. */
 int openconnect_setup_tun_fd(struct openconnect_info *vpninfo, int tun_fd);
 
+/* Optional call to enable DTLS on the connection. */
+int openconnect_setup_dtls(struct openconnect_info *vpninfo, int dtls_attempt_period);
+
 /* Start the main loop; exits if OC_CMD_CANCEL is received on cmd_fd or
    the remote site aborts. */
 int openconnect_mainloop(struct openconnect_info *vpninfo,