From: Nikos Mavrogiannopoulos Date: Thu, 11 Jan 2024 13:07:37 +0000 (+0100) Subject: openconnect_disable_dtls: allow disabling DTLS unless already connected X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=22129b7ad1fabbf77e35ab9c47f0c729ac06b88e;p=users%2Fdwmw2%2Fopenconnect.git openconnect_disable_dtls: allow disabling DTLS unless already connected The openconnect client disables DTLS if it fails to connect. Openconnect-gui couldn't do that because of the restrictions of openconnect_disable_dtls(). This MR removes those restrictions and allows disabling DTLS even if we attempted connection before. Resolves: #697 Signed-off-by: Nikos Mavrogiannopoulos --- diff --git a/library.c b/library.c index 840846de..2abea4d1 100644 --- a/library.c +++ b/library.c @@ -927,13 +927,12 @@ int openconnect_disable_dtls(struct openconnect_info *vpninfo) * connection is currently connected or has been * connected previously. * - * XX: It would be better to allow it when DTLS is not - * in use, but other than DTLS already being disabled, - * we currently do not have a reliable indicator of - * this. + * We allow to disable DTLS if not yet connected to + * allow clients using the library disable DTLS if it + * fails to connect, similarly to what openconnect does. */ - if (vpninfo->dtls_state != DTLS_NOSECRET - || vpninfo->ssl_times.last_tx != 0) + if (vpninfo->dtls_state == DTLS_ESTABLISHED + || vpninfo->dtls_state == DTLS_CONNECTED) return -EINVAL; vpninfo->dtls_state = DTLS_DISABLED; return 0; diff --git a/www/changelog.xml b/www/changelog.xml index 043a070d..69c2ebd6 100644 --- a/www/changelog.xml +++ b/www/changelog.xml @@ -30,6 +30,7 @@ !497).
  • Fix bug which has caused GlobalProtect split-include IPv6 routes to be broken since v9.00 (64f0c03d).
  • Sort GlobalProtect gateways according to portal's regionalized priority list (#663, !495).
    • +
  • openconnect_disable_dtls() allows to disable DTLS unless it is already connected (#697)

  • OpenConnect v9.12