TNCC_SHA256 will allow a future version to validate the server certificate
fingerprint (like csd-post.sh already does).
TNCC_HOSTNAME passes along the *local* hostname override from OpenConnect
(set with `--local-hostname` or `openconnect_set_localname`) to the TNCC
wrapper script.
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
for (i = 3; i < 1024 ; i++)
close(i);
+ if (setenv("TNCC_SHA256", openconnect_get_peer_cert_hash(vpninfo)+11, 1)) /* remove initial 'pin-sha256:' */
+ goto out;
+ if (setenv("TNCC_HOSTNAME", vpninfo->localname, 1))
+ goto out;
+
execl(vpninfo->csd_wrapper, vpninfo->csd_wrapper, vpninfo->hostname, NULL);
+ out:
fprintf(stderr, _("Failed to exec TNCC script %s: %s\n"),
vpninfo->csd_wrapper, strerror(errno));
exit(1);
projects / users / dwmw2 / openconnect.git / commitdiff