From 164cf94ff0e57c8e9f273226df4588d56517cd26 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 27 Oct 2014 10:48:03 +0100 Subject: [PATCH 2/3] Added API to read the ciphersuites used for CSTP and DTLS Signed-off-by: Nikos Mavrogiannopoulos --- gnutls.c | 14 ++++++++++++++ library.c | 11 +++++++++++ openconnect-internal.h | 1 + openconnect.h | 3 +++ openssl.c | 6 ++++++ 5 files changed, 35 insertions(+) diff --git a/gnutls.c b/gnutls.c index 475e41f..eac4d04 100644 --- a/gnutls.c +++ b/gnutls.c @@ -2167,6 +2167,20 @@ void openconnect_init_ssl(void) gnutls_global_init(); } +const char *openconnect_get_cstp_cipher(struct openconnect_info * vpninfo) +{ + if (vpninfo->cstp_cipher == NULL) { +#if GNUTLS_VERSION_NUMBER > 0x03010a + vpninfo->cstp_cipher = gnutls_session_get_desc(vpninfo->https_sess); +#else + vpninfo->cstp_cipher = gnutls_strdup(gnutls_cipher_suite_get_name( + gnutls_kx_get(vpninfo->https_sess), gnutls_cipher_get(vpninfo->https_sess), + gnutls_mac_get(vpninfo->https_sess))); +#endif + } + return vpninfo->cstp_cipher; +} + int openconnect_sha1(unsigned char *result, void *data, int datalen) { gnutls_datum_t d; diff --git a/library.c b/library.c index 698b128..c146f57 100644 --- a/library.c +++ b/library.c @@ -191,6 +191,11 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo) free(vpninfo->servercert); free(vpninfo->ifname); free(vpninfo->dtls_cipher); +#if defined(OPENCONNECT_GNUTLS) + gnutls_free(vpninfo->dtls_cipher); +#else + free(vpninfo->dtls_cipher); +#endif free(vpninfo->dtls_addr); if (vpninfo->csd_scriptname) { @@ -659,3 +664,9 @@ int openconnect_setup_tun_device(struct openconnect_info *vpninfo, return openconnect_setup_tun_fd(vpninfo, tun_fd); } + +const char *openconnect_get_dtls_cipher(struct openconnect_info *vpninfo) +{ + return vpninfo->dtls_cipher; +} + diff --git a/openconnect-internal.h b/openconnect-internal.h index 4589f7e..4d79299 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -349,6 +349,7 @@ struct openconnect_info { unsigned char dtls_secret[48]; char *dtls_cipher; + char *cstp_cipher; char *vpnc_script; int script_tun; char *ifname; diff --git a/openconnect.h b/openconnect.h index bd27158..930a722 100644 --- a/openconnect.h +++ b/openconnect.h @@ -303,6 +303,9 @@ int openconnect_passphrase_from_fsid(struct openconnect_info *vpninfo); int openconnect_obtain_cookie(struct openconnect_info *vpninfo); void openconnect_init_ssl(void); +const char *openconnect_get_cstp_cipher(struct openconnect_info *); +const char *openconnect_get_dtls_cipher(struct openconnect_info *); + const char *openconnect_get_hostname(struct openconnect_info *); int openconnect_set_hostname(struct openconnect_info *, const char *); char *openconnect_get_urlpath(struct openconnect_info *); diff --git a/openssl.c b/openssl.c index 6d8433b..58620bf 100644 --- a/openssl.c +++ b/openssl.c @@ -1593,3 +1593,9 @@ int openconnect_local_cert_md5(struct openconnect_info *vpninfo, return 0; } + +const char *openconnect_get_cstp_cipher(struct openconnect_info * vpninfo) +{ + /* no idea */ + return NULL; +} -- 1.9.3