From 73135a9d06bad370b5817e0d2cfbb2dc57296f2e Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 9 Jan 2019 12:36:05 +0000 Subject: [PATCH] Process X-DTLS12-CipherSuite: header from server Signed-off-by: David Woodhouse --- cstp.c | 18 ++++++++++++------ dtls.c | 12 +++++------- openconnect-internal.h | 1 + 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/cstp.c b/cstp.c index cab1707f..fcd4ba3b 100644 --- a/cstp.c +++ b/cstp.c @@ -384,7 +384,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) colon++; if (strncmp(buf, "X-DTLS-", 7) && - strncmp(buf, "X-CSTP-", 7)) + strncmp(buf, "X-CSTP-", 7) && + strncmp(buf, "X-DTLS12-", 9)) continue; new_option = malloc(sizeof(*new_option)); @@ -410,15 +411,16 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) else vpn_progress(vpninfo, PRG_DEBUG, "%s: %s\n", buf, colon); - if (!strncmp(buf, "X-DTLS-", 7)) { + if (((i = 7) && !strncmp(buf, "X-DTLS-", 7)) || + ((i = 9) && !strncmp(buf, "X-DTLS12-", 9))) { *next_dtls_option = new_option; next_dtls_option = &new_option->next; - if (!strcmp(buf + 7, "MTU")) { + if (!strcmp(buf + i, "MTU")) { int dtlsmtu = atol(colon); if (dtlsmtu > mtu) mtu = dtlsmtu; - } else if (!strcmp(buf + 7, "Session-ID")) { + } else if (!strcmp(buf + i, "Session-ID")) { int dtls_sessid_changed = 0; int vsize; @@ -435,7 +437,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) if (dtls_sessid_changed && vpninfo->dtls_state > DTLS_SLEEPING) vpninfo->dtls_need_reconnect = 1; - } else if (!strcmp(buf + 7, "App-ID")) { + } else if (!strcmp(buf + i, "App-ID")) { int dtls_appid_changed = 0; int vsize; @@ -453,7 +455,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) if (dtls_appid_changed && vpninfo->dtls_state > DTLS_SLEEPING) vpninfo->dtls_need_reconnect = 1; - } else if (!strcmp(buf + 7, "Content-Encoding")) { + } else if (!strcmp(buf + i, "Content-Encoding")) { if (!strcmp(colon, "lzs")) vpninfo->dtls_compr = COMPR_LZS; else if (!strcmp(colon, "oc-lz4")) @@ -464,6 +466,10 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) colon); return -EINVAL; } + } else if (!strcmp(buf + i, "CipherSuite")) { + /* Remember if it came from a 'X-DTLS12-CipherSuite:' header */ + vpninfo->cisco_dtls12 = (i == 9); + vpninfo->dtls_cipher = strdup(colon); } continue; } diff --git a/dtls.c b/dtls.c index 4ce74dcc..d8e0d2f8 100644 --- a/dtls.c +++ b/dtls.c @@ -200,25 +200,23 @@ int dtls_setup(struct openconnect_info *vpninfo, int dtls_attempt_period) _("DTLS option %s : %s\n"), dtls_opt->option, dtls_opt->value); - if (!strcmp(dtls_opt->option + 7, "Port")) { + if (!strcmp(dtls_opt->option, "X-DTLS-Port")) { dtls_port = atol(dtls_opt->value); - } else if (!strcmp(dtls_opt->option + 7, "Keepalive")) { + } else if (!strcmp(dtls_opt->option, "X-DTLS-Keepalive")) { vpninfo->dtls_times.keepalive = atol(dtls_opt->value); - } else if (!strcmp(dtls_opt->option + 7, "DPD")) { + } else if (!strcmp(dtls_opt->option, "X-DTLS-DPD")) { int j = atol(dtls_opt->value); if (j && (!vpninfo->dtls_times.dpd || j < vpninfo->dtls_times.dpd)) vpninfo->dtls_times.dpd = j; - } else if (!strcmp(dtls_opt->option + 7, "Rekey-Method")) { + } else if (!strcmp(dtls_opt->option, "X-DTLS-Rekey-Method")) { if (!strcmp(dtls_opt->value, "new-tunnel")) vpninfo->dtls_times.rekey_method = REKEY_TUNNEL; else if (!strcmp(dtls_opt->value, "ssl")) vpninfo->dtls_times.rekey_method = REKEY_SSL; else vpninfo->dtls_times.rekey_method = REKEY_NONE; - } else if (!strcmp(dtls_opt->option + 7, "Rekey-Time")) { + } else if (!strcmp(dtls_opt->option, "X-DTLS-Rekey-Time")) { vpninfo->dtls_times.rekey = atol(dtls_opt->value); - } else if (!strcmp(dtls_opt->option + 7, "CipherSuite")) { - vpninfo->dtls_cipher = strdup(dtls_opt->value); } dtls_opt = dtls_opt->next; diff --git a/openconnect-internal.h b/openconnect-internal.h index a696b1b7..e6af1708 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -558,6 +558,7 @@ struct openconnect_info { unsigned char dtls_app_id[32]; unsigned dtls_app_id_size; + int cisco_dtls12; char *dtls_cipher; char *vpnc_script; #ifndef _WIN32 -- 2.50.1