Move DTLS secret initialisation to openconnect_setup_dtls()

Kevin Cernekee cernekee at
Thu Jun 26 09:30:10 PDT 2014

> This was added in commit ec2408e5 ("dtls: Align new-tunnel rekey behavior
> with Cisco clients"), and was causing the NetworkManager authentication
> dialog to crash because it was calling openconnect_random() before the SSL
> library was initialised by openconnect_init_ssl().
> The auth dialog didn't need it anyway. Move it to openconnect_setup_dtls()
> where it belongs.

When I tried running with this patch, it caused
start_cstp_connection() to send a dtls_secret value that was all

> Clear got_cancel_cmd when returning from openconnect_obtain_cookie()
> Otherwise, nothing ever clears it and next time the auth dialog calls
> openconnect_obtain_cookie() to attempt a connection, it will immediately
> abort.

Do we have any guidelines on when it is legal to reuse a "dirty"
library instance left over from a failed connection?

On Android I am assuming the worst - once anything has disconnected
for any reason, I create a new instance.  This might be too

More information about the openconnect-devel mailing list