Process X-DTLS12-CipherSuite: header from server

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/cstp.c b/cstp.c
index cab1707f4edaf095d8589e845dbcad159ca18db0..fcd4ba3b5b1d7536e2e4e768923fa65601588e6f 100644 (file)
--- a/cstp.c
+++ b/cstp.c
@@ -384,7 +384,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
                        colon++;
 
                if (strncmp(buf, "X-DTLS-", 7) &&
-                   strncmp(buf, "X-CSTP-", 7))
+                   strncmp(buf, "X-CSTP-", 7) &&
+                   strncmp(buf, "X-DTLS12-", 9))
                        continue;
 
                new_option = malloc(sizeof(*new_option));
@@ -410,15 +411,16 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
                else
                        vpn_progress(vpninfo, PRG_DEBUG, "%s: %s\n", buf, colon);
 
-               if (!strncmp(buf, "X-DTLS-", 7)) {
+               if (((i = 7) && !strncmp(buf, "X-DTLS-", 7)) ||
+                   ((i = 9) && !strncmp(buf, "X-DTLS12-", 9))) {
                        *next_dtls_option = new_option;
                        next_dtls_option = &new_option->next;
 
-                       if (!strcmp(buf + 7, "MTU")) {
+                       if (!strcmp(buf + i, "MTU")) {
                                int dtlsmtu = atol(colon);
                                if (dtlsmtu > mtu)
                                        mtu = dtlsmtu;
-                       } else if (!strcmp(buf + 7, "Session-ID")) {
+                       } else if (!strcmp(buf + i, "Session-ID")) {
                                int dtls_sessid_changed = 0;
                                int vsize;
 
@@ -435,7 +437,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 
                                if (dtls_sessid_changed && vpninfo->dtls_state > DTLS_SLEEPING)
                                        vpninfo->dtls_need_reconnect = 1;
-                       } else if (!strcmp(buf + 7, "App-ID")) {
+                       } else if (!strcmp(buf + i, "App-ID")) {
                                int dtls_appid_changed = 0;
                                int vsize;
 
@@ -453,7 +455,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 
                                if (dtls_appid_changed && vpninfo->dtls_state > DTLS_SLEEPING)
                                        vpninfo->dtls_need_reconnect = 1;
-                       } else if (!strcmp(buf + 7, "Content-Encoding")) {
+                       } else if (!strcmp(buf + i, "Content-Encoding")) {
                                if (!strcmp(colon, "lzs"))
                                        vpninfo->dtls_compr = COMPR_LZS;
                                else if (!strcmp(colon, "oc-lz4"))
@@ -464,6 +466,10 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
                                                     colon);
                                        return -EINVAL;
                                }
+                       } else if (!strcmp(buf + i, "CipherSuite")) {
+                               /* Remember if it came from a 'X-DTLS12-CipherSuite:' header */
+                               vpninfo->cisco_dtls12 = (i == 9);
+                               vpninfo->dtls_cipher = strdup(colon);
                        }
                        continue;
                }

diff --git a/dtls.c b/dtls.c
index 4ce74dccbe19469ccaff087b4a292f35da9b4577..d8e0d2f81b0fb3102d41304e6181c73e90b4e3a3 100644 (file)
--- a/dtls.c
+++ b/dtls.c
@@ -200,25 +200,23 @@ int dtls_setup(struct openconnect_info *vpninfo, int dtls_attempt_period)
                             _("DTLS option %s : %s\n"),
                             dtls_opt->option, dtls_opt->value);
 
-               if (!strcmp(dtls_opt->option + 7, "Port")) {
+               if (!strcmp(dtls_opt->option, "X-DTLS-Port")) {
                        dtls_port = atol(dtls_opt->value);
-               } else if (!strcmp(dtls_opt->option + 7, "Keepalive")) {
+               } else if (!strcmp(dtls_opt->option, "X-DTLS-Keepalive")) {
                        vpninfo->dtls_times.keepalive = atol(dtls_opt->value);
-               } else if (!strcmp(dtls_opt->option + 7, "DPD")) {
+               } else if (!strcmp(dtls_opt->option, "X-DTLS-DPD")) {
                        int j = atol(dtls_opt->value);
                        if (j && (!vpninfo->dtls_times.dpd || j < vpninfo->dtls_times.dpd))
                                vpninfo->dtls_times.dpd = j;
-               } else if (!strcmp(dtls_opt->option + 7, "Rekey-Method")) {
+               } else if (!strcmp(dtls_opt->option, "X-DTLS-Rekey-Method")) {
                        if (!strcmp(dtls_opt->value, "new-tunnel"))
                                vpninfo->dtls_times.rekey_method = REKEY_TUNNEL;
                        else if (!strcmp(dtls_opt->value, "ssl"))
                                vpninfo->dtls_times.rekey_method = REKEY_SSL;
                        else
                                vpninfo->dtls_times.rekey_method = REKEY_NONE;
-               } else if (!strcmp(dtls_opt->option + 7, "Rekey-Time")) {
+               } else if (!strcmp(dtls_opt->option, "X-DTLS-Rekey-Time")) {
                        vpninfo->dtls_times.rekey = atol(dtls_opt->value);
-               } else if (!strcmp(dtls_opt->option + 7, "CipherSuite")) {
-                       vpninfo->dtls_cipher = strdup(dtls_opt->value);
                }
 
                dtls_opt = dtls_opt->next;

diff --git a/openconnect-internal.h b/openconnect-internal.h
index a696b1b7ca7ec3b70d9ec56de05c1df65939c64c..e6af1708614811195c6ee97b175423ce884d19f8 100644 (file)
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -558,6 +558,7 @@ struct openconnect_info {
        unsigned char dtls_app_id[32];
        unsigned dtls_app_id_size;
 
+       int cisco_dtls12;
        char *dtls_cipher;
        char *vpnc_script;
 #ifndef _WIN32