Move DTLS secret initialisation to openconnect_setup_dtls()
Kevin Cernekee
cernekee at gmail.com
Thu Jun 26 09:30:10 PDT 2014
> This was added in commit ec2408e5 ("dtls: Align new-tunnel rekey behavior
> with Cisco clients"), and was causing the NetworkManager authentication
> dialog to crash because it was calling openconnect_random() before the SSL
> library was initialised by openconnect_init_ssl().
>
> The auth dialog didn't need it anyway. Move it to openconnect_setup_dtls()
> where it belongs.
When I tried running with this patch, it caused
start_cstp_connection() to send a dtls_secret value that was all
zeroes.
> Clear got_cancel_cmd when returning from openconnect_obtain_cookie()
>
> Otherwise, nothing ever clears it and next time the auth dialog calls
> openconnect_obtain_cookie() to attempt a connection, it will immediately
> abort.
Do we have any guidelines on when it is legal to reuse a "dirty"
library instance left over from a failed connection?
On Android I am assuming the worst - once anything has disconnected
for any reason, I create a new instance. This might be too
pessimistic.
More information about the openconnect-devel
mailing list