On Mon, 2014-11-17 at 19:51 +0100, Nikos Mavrogiannopoulos wrote: > On Mon, 2014-11-17 at 18:39 +0000, David Woodhouse wrote: > > On Sat, 2014-11-15 at 16:03 +0100, Nikos Mavrogiannopoulos wrote: > > > + if (vpninfo->dtls_session_id_set) { > > > + if (memcmp(vpninfo->dtls_session_id, dtls_session_id, 32) != 0) { > > > + if (vpninfo->dtls_state != DTLS_DISABLED) { > > > + dtls_close(vpninfo); > > > + vpninfo->dtls_state = DTLS_SLEEPING; > > > + vpninfo->new_dtls_started = 0; > > > + } > > > + } > > > > Couldn't we just call dtls_reconnect() here? > > Not sure. That would start the DTLS connection while parsing the headers > and that didn't seem quite right at the moment. Yeah, in fact none of the dtls_reconnect() calls in cstp.c are really very nice. I've switched to a 'need_dtls_reconnect' flag and let dtls_mainloop() handle *actually* reconnecting. Which also fixes the fact that if we *do* just call the old dtls_reconnect() function right there as I'd suggested, we might actually end up calling it twice in quick succession. http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/038ba9e22 -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141118/11aec908/attachment.bin>