* connection is currently connected or has been
* connected previously.
*
- * XX: It would be better to allow it when DTLS is not
- * in use, but other than DTLS already being disabled,
- * we currently do not have a reliable indicator of
- * this.
+ * We allow to disable DTLS if not yet connected to
+ * allow clients using the library disable DTLS if it
+ * fails to connect, similarly to what openconnect does.
*/
- if (vpninfo->dtls_state != DTLS_NOSECRET
- || vpninfo->ssl_times.last_tx != 0)
+ if (vpninfo->dtls_state == DTLS_ESTABLISHED
+ || vpninfo->dtls_state == DTLS_CONNECTED)
return -EINVAL;
vpninfo->dtls_state = DTLS_DISABLED;
return 0;
<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/497">!497</a>).</li>
<li>Fix bug which has caused GlobalProtect split-include IPv6 routes to be broken since v9.00 (<a href="https://gitlab.com/openconnect/openconnect/-/commit/64f0c03d660f1d17834f7ff7ce9d0151704bb32f">64f0c03d</a>).</li>
<li>Sort GlobalProtect gateways according to portal's regionalized priority list (<a href="https://gitlab.com/openconnect/openconnect/-/issues/663">#663</a>, <a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/498">!495</a>).</li>
+ <li>openconnect_disable_dtls() allows to disable DTLS unless it is already connected (<a href="https://gitlab.com/openconnect/openconnect/-/issues/697">#697</a>)</li>
</ul><br/>
</li>
<li><b><a href="https://www.infradead.org/openconnect/download/openconnect-9.12.tar.gz">OpenConnect v9.12</a></b>
projects / users / dwmw2 / openconnect.git / commitdiff