[PATCH/RFC V2 10/26] dtls: Export setup_dtls() function

Kevin Cernekee cernekee at gmail.com
Sun Aug 11 21:49:11 EDT 2013 

This is an optional call; the default is "no DTLS."

Signed-off-by: Kevin Cernekee <cernekee at gmail.com>
---
 dtls.c                 |    8 ++++++--
 libopenconnect.map.in  |    1 +
 library.c              |    1 -
 main.c                 |    5 +++--
 openconnect-internal.h |    1 -
 openconnect.h          |    3 +++
 6 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/dtls.c b/dtls.c
index 47e97d9..e08b2bf 100644
--- a/dtls.c
+++ b/dtls.c
@@ -615,11 +615,15 @@ static int dtls_restart(struct openconnect_info *vpninfo)
 }
 
 
-int setup_dtls(struct openconnect_info *vpninfo)
+int openconnect_setup_dtls(struct openconnect_info *vpninfo, int dtls_attempt_period)
 {
 	struct vpn_option *dtls_opt = vpninfo->dtls_options;
 	int dtls_port = 0;
 
+	vpninfo->dtls_attempt_period = dtls_attempt_period;
+	if (!dtls_attempt_period)
+		return 0;
+
 #if defined(OPENCONNECT_GNUTLS) && defined(DTLS_OPENSSL)
 	/* If we're using GnuTLS for authentication but OpenSSL for DTLS,
 	   we'll need to initialise OpenSSL now... */
@@ -874,7 +878,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
 }
 #else /* !HAVE_DTLS */
 #warning Your SSL library does not seem to support Cisco DTLS compatibility
-int setup_dtls(struct openconnect_info *vpninfo)
+int openconnect_setup_dtls(struct openconnect_info *vpninfo, int dtls_attempt_period)
 {
 	vpn_progress(vpninfo, PRG_ERR,
 		     _("Built against SSL library with no Cisco DTLS support\n"));
diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 72dbd84..f941e8f 100644
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -50,6 +50,7 @@ OPENCONNECT_2.3 {
 	openconnect_setup_tun_device;
 	openconnect_setup_tun_script;
 	openconnect_setup_tun_fd;
+	openconnect_setup_dtls;
 } OPENCONNECT_2.2;
 
 OPENCONNECT_PRIVATE {
diff --git a/library.c b/library.c
index 726e4dd..869f3d7 100644
--- a/library.c
+++ b/library.c
@@ -57,7 +57,6 @@ struct openconnect_info *openconnect_vpninfo_new(char *useragent,
 	vpninfo->cancel_fd = vpninfo->cancel_fd_write = -1;
 	vpninfo->cert_expire_warning = 60 * 86400;
 	vpninfo->deflate = 1;
-	vpninfo->dtls_attempt_period = 60;
 	vpninfo->max_qlen = 10;
 	vpninfo->reconnect_interval = RECONNECT_INTERVAL_MIN;
 	vpninfo->reconnect_timeout = 300;
diff --git a/main.c b/main.c
index faf0448..f3bd972 100644
--- a/main.c
+++ b/main.c
@@ -491,6 +491,7 @@ int main(int argc, char **argv)
 	uid_t uid = getuid();
 	int opt;
 	char *pidfile = NULL;
+	int use_dtls = 1;
 	FILE *fp = NULL;
 	char *config_arg;
 	char *token_str = NULL;
@@ -552,7 +553,7 @@ int main(int argc, char **argv)
 			vpninfo->servercert = keep_config_arg();
 			break;
 		case OPT_NO_DTLS:
-			vpninfo->dtls_attempt_period = 0;
+			use_dtls = 0;
 			break;
 		case OPT_COOKIEONLY:
 			cookieonly = 1;
@@ -900,7 +901,7 @@ int main(int argc, char **argv)
 		}
 	}
 
-	if (vpninfo->dtls_attempt_period && setup_dtls(vpninfo))
+	if (use_dtls && openconnect_setup_dtls(vpninfo, 60))
 		fprintf(stderr, _("Set up DTLS failed; using SSL instead\n"));
 
 	vpn_progress(vpninfo, PRG_INFO,
diff --git a/openconnect-internal.h b/openconnect-internal.h
index 226cd72..b731f0d 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -402,7 +402,6 @@ int script_config_tun(struct openconnect_info *vpninfo, const char *reason);
 
 /* dtls.c */
 unsigned char unhex(const char *data);
-int setup_dtls(struct openconnect_info *vpninfo);
 int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
 int dtls_try_handshake(struct openconnect_info *vpninfo);
 int connect_dtls_socket(struct openconnect_info *vpninfo);
diff --git a/openconnect.h b/openconnect.h
index 5641656..1f9e0c5 100644
--- a/openconnect.h
+++ b/openconnect.h
@@ -234,6 +234,9 @@ int openconnect_setup_tun_script(struct openconnect_info *vpninfo, char *tun_scr
 /* Caller will provide a file descriptor for the tunnel traffic. */
 int openconnect_setup_tun_fd(struct openconnect_info *vpninfo, int tun_fd);
 
+/* Optional call to enable DTLS on the connection. */
+int openconnect_setup_dtls(struct openconnect_info *vpninfo, int dtls_attempt_period);
+
 /* Start the main loop; exits if data is received on cancel_fd or the remote
    site aborts. */
 int openconnect_mainloop(struct openconnect_info *vpninfo);
-- 
1.7.9.5

More information about the openconnect-devel mailing list