From 9b1f90ff671b7a53e38881d1d9395dfd5c9f0d40 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 28 Nov 2014 09:34:11 +0100
Subject: [PATCH] when DTLS is not connected do not return a bogus cipher

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 library.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/library.c b/library.c
index f5d3dc9..72e2913 100644
--- a/library.c
+++ b/library.c
@@ -702,6 +702,11 @@ int openconnect_setup_tun_device(struct openconnect_info *vpninfo,
 const char *openconnect_get_dtls_cipher(struct openconnect_info *vpninfo)
 {
 #if defined(DTLS_GNUTLS)
+	if (vpninfo->dtls_state != DTLS_CONNECTED) {
+		gnutls_free(vpninfo->gnutls_dtls_cipher);
+		vpninfo->gnutls_dtls_cipher = NULL;
+		return NULL;
+	}
 	/* in DTLS rehandshakes don't switch the ciphersuite as only
 	 * one is enabled. */
 	if (vpninfo->gnutls_dtls_cipher == NULL)
-- 
1.9.3