• David Woodhouse's avatar
    Canonicalise hostname during authentication if necessary · 173c3143
    David Woodhouse authored
    Some people have round-robin servers, all addressed by the same hostname
    but with different SSL certificates. Where we do the authentication (and
    user-interactive approval of certificates) from a GUI via libopenconnect,
    or with 'openconnect --authenticate', we end up being given the SHA1 on
    the server's certificate and the non-interactive connection is going to
    expect to see exactly that certificate. So if there is more than one
    result in the original DNS lookup, *change* vpninfo->hostname to hold
    the IP address that we actually connected to.
    
    This means that the Host: header in what we send will be the numeric IP
    address instead of the hostname, but that doesn't seem to hurt. It could
    potentially, theoretically, break virtual hosts but I don't think that
    kind of setup could ever existing in practice.
    
    This also works only in the case where we're *not* connecting via a proxy.
    We currently let the proxy do the DNS lookups *for* us, and we'd have to
    do them locally and then ask the proxy for a connection by IP address
    even for the *first* connection.
    Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
    (cherry picked from commit b0b4b34f
     and subsequent fix commit 3e6ecfa5)
    173c3143
Name
Last commit
Last update
.tx Loading commit data...
po Loading commit data...
www Loading commit data...
.gitignore Loading commit data...
AUTHORS Loading commit data...
Android.mk Loading commit data...
COPYING.LGPL Loading commit data...
Makefile.am Loading commit data...
README.DTLS Loading commit data...
TODO Loading commit data...
acinclude.m4 Loading commit data...
auth.c Loading commit data...
autogen.sh Loading commit data...
compat.c Loading commit data...
configure.ac Loading commit data...
cstp.c Loading commit data...
dtls.c Loading commit data...
gnutls.c Loading commit data...
gnutls.h Loading commit data...
gnutls_pkcs12.c Loading commit data...
gnutls_tpm.c Loading commit data...
http.c Loading commit data...
libopenconnect.map.in Loading commit data...
library.c Loading commit data...
main.c Loading commit data...
mainloop.c Loading commit data...
openconnect-internal.h Loading commit data...
openconnect.8.in Loading commit data...
openconnect.h Loading commit data...
openconnect.pc.in Loading commit data...
openssl.c Loading commit data...
ssl.c Loading commit data...
ssl_ui.c Loading commit data...
tun.c Loading commit data...
version.sh Loading commit data...
xml.c Loading commit data...