| From 5c61996cb5bdf23ebc4280cabb2d65dbab7597ec Mon Sep 17 00:00:00 2001 |
| From: Kevin Cernekee <cernekee@gmail.com> |
| Date: Sun, 10 Apr 2016 22:01:37 -0700 |
| Subject: [PATCH 6/8] library: Add openconnect_get_dnsname() |
| |
| openconnect_get_hostname() usually returns an IP, because it is used |
| for two-stage connections. Add a new API call that returns a hostname |
| so certificate validation can be handled externally. |
| |
| Signed-off-by: Kevin Cernekee <cernekee@gmail.com> |
| --- |
| java/src/org/infradead/libopenconnect/LibOpenConnect.java | 1 + |
| jni.c | 8 ++++++++ |
| libopenconnect.map.in | 1 + |
| library.c | 5 +++++ |
| openconnect.h | 14 ++++++++++++++ |
| 5 files changed, 29 insertions(+) |
| |
| diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java |
| index 8dc7452..3f70b2b 100644 |
| --- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java |
| +++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java |
| @@ -139,6 +139,7 @@ public abstract class LibOpenConnect { |
| /* connection info */ |
| |
| public synchronized native String getHostname(); |
| + public synchronized native String getDNSName(); |
| public synchronized native String getUrlpath(); |
| public synchronized native int getPort(); |
| public synchronized native String getCookie(); |
| diff --git a/jni.c b/jni.c |
| index b5aa92d..bfcdaa5 100644 |
| --- a/jni.c |
| +++ b/jni.c |
| @@ -1084,6 +1084,14 @@ JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getHo |
| RETURN_STRING_END |
| } |
| |
| +JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getDNSName( |
| + JNIEnv *jenv, jobject jobj) |
| +{ |
| + RETURN_STRING_START |
| + buf = openconnect_get_dnsname(ctx->vpninfo); |
| + RETURN_STRING_END |
| +} |
| + |
| JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getUrlpath( |
| JNIEnv *jenv, jobject jobj) |
| { |
| diff --git a/libopenconnect.map.in b/libopenconnect.map.in |
| index ea63e2e..deaf058 100644 |
| --- a/libopenconnect.map.in |
| +++ b/libopenconnect.map.in |
| @@ -5,6 +5,7 @@ OPENCONNECT_5.0 { |
| openconnect_free_cert_info; |
| openconnect_get_cookie; |
| openconnect_get_cstp_cipher; |
| + openconnect_get_dnsname; |
| openconnect_get_dtls_cipher; |
| openconnect_get_hostname; |
| openconnect_get_ifname; |
| diff --git a/library.c b/library.c |
| index 97be310..8524c15 100644 |
| --- a/library.c |
| +++ b/library.c |
| @@ -376,6 +376,11 @@ const char *openconnect_get_hostname(struct openconnect_info *vpninfo) |
| return vpninfo->unique_hostname?:vpninfo->hostname; |
| } |
| |
| +const char *openconnect_get_dnsname(struct openconnect_info *vpninfo) |
| +{ |
| + return vpninfo->hostname; |
| +} |
| + |
| int openconnect_set_hostname(struct openconnect_info *vpninfo, |
| const char *hostname) |
| { |
| diff --git a/openconnect.h b/openconnect.h |
| index 22f7c5e..d34aae0 100644 |
| --- a/openconnect.h |
| +++ b/openconnect.h |
| @@ -45,6 +45,7 @@ extern "C" { |
| * - Add ip_info->gateway_addr. |
| * - Add openconnect_set_setup_tun_handler(). |
| * - Add openconnect_set_reconnected_handler(). |
| + * - Add openconnect_get_dnsname(). |
| * |
| * API version 5.2 (v7.05; 2015-03-10): |
| * - Add openconnect_set_http_auth(), openconnect_set_protocol(). |
| @@ -391,7 +392,20 @@ const char *openconnect_get_dtls_cipher(struct openconnect_info *); |
| const char *openconnect_get_cstp_compression(struct openconnect_info *); |
| const char *openconnect_get_dtls_compression(struct openconnect_info *); |
| |
| +/* Returns the IP address of the exact host to which the connection |
| + * was made. In --cookieonly mode or in any other scenario involving |
| + * a "two stage" connection, it is important to reconnect by IP because |
| + * the server side may be using DNS trickery for load balancing. |
| + * |
| + * If the IP address is unavailable due to the use of a proxy, this will |
| + * fall back to returning the DNS name. */ |
| const char *openconnect_get_hostname(struct openconnect_info *); |
| + |
| +/* Returns the hostname parsed out of the server name URL. This is |
| + * intended to be used by the validate_peer_cert callback to check that |
| + * the certificate matches the server name. */ |
| +const char *openconnect_get_dnsname(struct openconnect_info *); |
| + |
| int openconnect_set_hostname(struct openconnect_info *, const char *); |
| char *openconnect_get_urlpath(struct openconnect_info *); |
| int openconnect_set_urlpath(struct openconnect_info *, const char *); |
| -- |
| 1.9.1 |
| |