summary openconnect 2.25 changes in spa525G

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,
?Attached you'll find the changes in openconnect-2.25 as used in
SPA525G. I didn't check the changes to vpnc-script which I attach
verbatim. The changes, if we ignore debugging output, as far as I can
see are:
1. Non-blocking connect for the CSTP socket (ssl.c)
2. Specify password on command line (main.c)
3. Added buffering when sending the CONNECT HTTP lines
4. Added some check for?form->auth_id == "main" in?parse_xml_response()
which made that client fail with ocserv - and that's the reason I got
to check these sources.

regards,
Nikos

[0].?https://gitlab.com/ocserv/ocserv/issues/55

-------------- next part --------------
diff -ur /home/nmav/cvs/openconnect-2.25/auth.c openconnect-2.25/auth.c
--- /home/nmav/cvs/openconnect-2.25/auth.c	2010-05-15 10:23:37.000000000 +0200
+++ openconnect-2.25/auth.c	2011-07-07 02:29:03.000000000 +0200
@@ -300,6 +300,7 @@
  *  = 1, when response was cancelled by user
  *  = 2, when form indicates that login was already successful
  */
+int auth_attemp = 0;
 int parse_xml_response(struct openconnect_info *vpninfo, char *response,
 		       char *request_body, int req_len, char **method,
 		       char **request_body_type)
@@ -334,7 +335,15 @@
 		ret = 2;
 		goto out;
 	}
-
+    if (!strcmp(form->auth_id, "main")) {
+        auth_attemp++;
+        if(auth_attemp > 1) {
+            LOG_VPNINFO("V_AuthFail");
+            LOG_VPNSTAT(S_VPN_DISCONNECTED);
+            exit(-1);
+        }
+    }
+    
 	if (vpninfo->nopasswd) {
 		vpninfo->progress(vpninfo, PRG_ERR, "Asked for password but '--no-passwd' set\n");
 		ret = -EPERM;
diff -ur /home/nmav/cvs/openconnect-2.25/cstp.c openconnect-2.25/cstp.c
--- /home/nmav/cvs/openconnect-2.25/cstp.c	2010-05-15 10:23:37.000000000 +0200
+++ openconnect-2.25/cstp.c	2011-07-07 02:29:03.000000000 +0200
@@ -67,6 +67,7 @@
 static int start_cstp_connection(struct openconnect_info *vpninfo)
 {
 	char buf[65536];
+	char sendbuf[65536];
 	int i;
 	int retried = 0;
 	struct vpn_option **next_dtls_option = &vpninfo->dtls_options;
@@ -101,22 +102,45 @@
 	}
 	vpninfo->split_includes = vpninfo->split_excludes = NULL;
  retry:
-	openconnect_SSL_printf(vpninfo->https_ssl, "CONNECT /CSCOSSLC/tunnel HTTP/1.1\r\n");
-	openconnect_SSL_printf(vpninfo->https_ssl, "Host: %s\r\n", vpninfo->hostname);
-	openconnect_SSL_printf(vpninfo->https_ssl, "User-Agent: %s\r\n", vpninfo->useragent);
-	openconnect_SSL_printf(vpninfo->https_ssl, "Cookie: webvpn=%s\r\n", vpninfo->cookie);
-	openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Version: 1\r\n");
-	openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Hostname: %s\r\n", vpninfo->localname);
-	if (vpninfo->deflate)
-		openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n");
-	openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-MTU: %d\r\n", vpninfo->mtu);
-	openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Address-Type: %s\r\n",
-			       vpninfo->disable_ipv6?"IPv4":"IPv6,IPv4");
-	openconnect_SSL_printf(vpninfo->https_ssl, "X-DTLS-Master-Secret: ");
-	for (i = 0; i < sizeof(vpninfo->dtls_secret); i++)
-		openconnect_SSL_printf(vpninfo->https_ssl, "%02X", vpninfo->dtls_secret[i]);
-	openconnect_SSL_printf(vpninfo->https_ssl, "\r\nX-DTLS-CipherSuite: %s\r\n\r\n",
-			       vpninfo->dtls_ciphers?:"AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA");
+	{
+		char *ptr = sendbuf;
+		memset(sendbuf, 0, 65535);
+		ptr += sprintf(ptr, "CONNECT /CSCOSSLC/tunnel HTTP/1.1\r\n");
+		ptr += sprintf(ptr, "Host: %s\r\n", vpninfo->hostname);
+		ptr += sprintf(ptr, "User-Agent: %s\r\n", vpninfo->useragent);
+		ptr += sprintf(ptr, "Cookie: webvpn=%s\r\n", vpninfo->cookie);
+		ptr += sprintf(ptr, "X-CSTP-Version: 1\r\n");
+		ptr += sprintf(ptr, "X-CSTP-Hostname: %s\r\n", vpninfo->localname);
+		if(vpninfo->deflate)
+			ptr += sprintf(ptr, "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n");
+		ptr += sprintf(ptr, "X-CSTP-MTU: %d\r\n", vpninfo->mtu);
+		ptr += sprintf(ptr, "X-CSTP-Address-Type: %s\r\n", vpninfo->disable_ipv6?"IPv4":"IPv6,IPv4");
+		ptr += sprintf(ptr, "X-DTLS-Master-Secret: ");
+		for (i = 0; i < sizeof(vpninfo->dtls_secret); i++)
+			ptr += sprintf(ptr, "%02X", vpninfo->dtls_secret[i]);
+		ptr += sprintf(ptr, "\r\nX-DTLS-CipherSuite: %s\r\n\r\n",
+								   vpninfo->dtls_ciphers?:"AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA");
+		openconnect_SSL_printf(vpninfo->https_ssl, sendbuf);
+	
+#if 0
+		openconnect_SSL_printf(vpninfo->https_ssl, "CONNECT /CSCOSSLC/tunnel HTTP/1.1\r\n");
+			openconnect_SSL_printf(vpninfo->https_ssl, "Host: %s\r\n", vpninfo->hostname);
+			openconnect_SSL_printf(vpninfo->https_ssl, "User-Agent: %s\r\n", vpninfo->useragent);
+			openconnect_SSL_printf(vpninfo->https_ssl, "Cookie: webvpn=%s\r\n", vpninfo->cookie);
+			openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Version: 1\r\n");
+			openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Hostname: %s\r\n", vpninfo->localname);
+			if (vpninfo->deflate)
+					openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n");
+			openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-MTU: %d\r\n", vpninfo->mtu);
+			openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Address-Type: %s\r\n",
+								   vpninfo->disable_ipv6?"IPv4":"IPv6,IPv4");
+			openconnect_SSL_printf(vpninfo->https_ssl, "X-DTLS-Master-Secret: ");
+			for (i = 0; i < sizeof(vpninfo->dtls_secret); i++)
+					openconnect_SSL_printf(vpninfo->https_ssl, "%02X", vpninfo->dtls_secret[i]);
+			openconnect_SSL_printf(vpninfo->https_ssl, "\r\nX-DTLS-CipherSuite: %s\r\n\r\n",
+								   vpninfo->dtls_ciphers?:"AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA");
+#endif
+	}
 
 	if (openconnect_SSL_gets(vpninfo->https_ssl, buf, 65536) < 0) {
 		vpninfo->progress(vpninfo, PRG_ERR, "Error fetching HTTPS response\n");
@@ -128,6 +152,8 @@
 				vpninfo->progress(vpninfo, PRG_ERR,
 						  "Failed to open HTTPS connection to %s\n",
 						  vpninfo->hostname);
+                LOG_VPNINFO("V_HTTPSFail");
+                LOG_VPNSTAT(S_VPN_DISCONNECTED);
 				exit(1);
 			}
 			goto retry;
@@ -152,8 +178,11 @@
 		vpninfo->progress(vpninfo, PRG_ERR,
 				  "Got inappropriate HTTP CONNECT response: %s\n",
 				  buf);
-		if (!strncmp(buf, "HTTP/1.1 401 ", 13))
+		if (!strncmp(buf, "HTTP/1.1 401 ", 13)) {
+			LOG_VPNINFO("V_HTTPSFail");
+			LOG_VPNSTAT(S_VPN_DISCONNECTED);
 			exit(2);
+		}
 		return -EINVAL;
 	}
 
@@ -381,11 +410,12 @@
 		vpninfo->progress(vpninfo, PRG_INFO,
 				  "sleep %ds, remaining timeout %ds\n",
 				  interval, timeout);
+		VPN_DEBUG("[VPN] sleep %ds, remaining timeout %ds\n", interval, timeout);
 		sleep(interval);
 		if (killed)
 			return 1;
 		timeout -= interval;
-		interval += vpninfo->reconnect_interval;
+		//interval += vpninfo->reconnect_interval;
 		if (interval > RECONNECT_INTERVAL_MAX)
 			interval = RECONNECT_INTERVAL_MAX;
 	}
@@ -596,6 +626,9 @@
 	peer_dead:
 		vpninfo->progress(vpninfo, PRG_ERR, "CSTP Dead Peer Detection detected dead peer!\n");
 	do_reconnect:
+		LOG_VPNSTAT(S_VPN_RECONNECTING);
+		VPN_DEBUG("[VPN] Reconnecting..., please wait\n");
+
 		openconnect_close_https(vpninfo);
 
 		/* It's already deflated in the old stream. Extremely
@@ -606,8 +639,11 @@
 		if (cstp_reconnect(vpninfo)) {
 			vpninfo->progress(vpninfo, PRG_ERR, "Reconnect failed\n");
 			vpninfo->quit_reason = "CSTP reconnect failed";
+			VPN_DEBUG("[VPN] Reconnect failed.");
 			return 1;
 		}
+		VPN_DEBUG("[VPN] Reconnect successed.");
+		LOG_VPNSTAT(S_VPN_CONNECTED);
 		/* I think we can leave DTLS to its own devices; when we reconnect
 		   with the same master secret, we do seem to get the same sessid */
 		return 1;
diff -ur /home/nmav/cvs/openconnect-2.25/http.c openconnect-2.25/http.c
--- /home/nmav/cvs/openconnect-2.25/http.c	2010-05-15 10:23:37.000000000 +0200
+++ openconnect-2.25/http.c	2011-07-07 02:29:03.000000000 +0200
@@ -636,6 +636,8 @@
 	buflen = process_http_response(vpninfo, &result, NULL, &form_buf);
 	if (buflen < 0) {
 		/* We'll already have complained about whatever offended us */
+        LOG_VPNINFO("V_NegFail");
+        LOG_VPNSTAT(S_VPN_DISCONNECTED);
 		exit(1);
 	}
 
diff -ur /home/nmav/cvs/openconnect-2.25/main.c openconnect-2.25/main.c
--- /home/nmav/cvs/openconnect-2.25/main.c	2010-05-15 10:23:37.000000000 +0200
+++ openconnect-2.25/main.c	2011-07-07 02:29:03.000000000 +0200
@@ -100,6 +100,7 @@
 	{"libproxy", 0, 0, 0x07},
 	{"no-http-keepalive", 0, 0, 0x08},
 	{"no-cert-check", 0, 0, 0x09},
+    {"pwd", 1, 0, 'a'},
 	{NULL, 0, 0, 0},
 };
 
@@ -193,6 +194,11 @@
 	uid_t uid = getuid();
 	int opt;
 
+    //update status - connecting
+    LOG_VPNSTAT(S_VPN_CONNECTING);
+
+    VPN_DEBUG("[VPN] welcome to openconnect!!!\n");
+
 	openconnect_init_openssl();
 
 	vpninfo = malloc(sizeof(*vpninfo));
@@ -224,7 +230,7 @@
 	else
 		vpninfo->localname = "localhost";
 
-	while ((opt = getopt_long(argc, argv, "bC:c:Ddg:hi:k:K:lpP:Q:qSs:U:u:Vvx:",
+	while ((opt = getopt_long(argc, argv, "a:bC:c:Ddg:hi:k:K:lpP:Q:qSs:U:u:Vvx:",
 				  long_options, NULL))) {
 		if (opt < 0)
 			break;
@@ -411,6 +417,9 @@
 			free(vpninfo->useragent);
 			vpninfo->useragent = optarg;
 			break;
+        case 'a':
+            vpninfo->password = optarg;
+            break;
 		default:
 			usage();
 		}
@@ -459,10 +468,14 @@
 			      &group, 443)) {
 			fprintf(stderr, "Failed to parse server URL '%s'\n",
 				url);
+            LOG_VPNINFO("V_URLFail");
+            LOG_VPNSTAT(S_VPN_DISCONNECTED);
 			exit(1);
 		}
 		if (scheme && strcmp(scheme, "https")) {
 			fprintf(stderr, "Only https:// permitted for server URL\n");
+            LOG_VPNINFO("V_HTTPSOnly");
+            LOG_VPNSTAT(S_VPN_DISCONNECTED);
 			exit(1);
 		}
 		if (group) {
@@ -477,11 +490,17 @@
 	set_openssl_ui();
 #endif
 
+    VPN_DEBUG("[VPN] init OK.\n");
+
 	if (!vpninfo->cookie && openconnect_obtain_cookie(vpninfo)) {
 		fprintf(stderr, "Failed to obtain WebVPN cookie\n");
+        LOG_VPNINFO("V_CookieFail");
+        LOG_VPNSTAT(S_VPN_DISCONNECTED);
 		exit(1);
 	}
 
+    VPN_DEBUG("[VPN] get cookie OK:\n%s\n", vpninfo->cookie);
+    
 	if (cookieonly) {
 		printf("%s\n", vpninfo->cookie);
 		if (cookieonly == 1)
@@ -490,14 +509,23 @@
 	}
 	if (make_cstp_connection(vpninfo)) {
 		fprintf(stderr, "Creating SSL connection failed\n");
+        VPN_DEBUG("[VPN] cstp connection failed ...\n");
+        LOG_VPNINFO("V_CSTPFail");
+        LOG_VPNSTAT(S_VPN_DISCONNECTED);
 		exit(1);
 	}
 
+    VPN_DEBUG("[VPN] cstp connection OK.\n");
+    
 	if (setup_tun(vpninfo)) {
 		fprintf(stderr, "Set up tun device failed\n");
+        LOG_VPNINFO("V_TUNFail");
+        LOG_VPNSTAT(S_VPN_DISCONNECTED);
 		exit(1);
 	}
 
+    VPN_DEBUG("[VPN] tun setup OK.\n");
+    
 	if (uid != getuid()) {
 		if (setuid(uid)) {
 			fprintf(stderr, "Failed to set uid %d\n", uid);
@@ -530,7 +558,11 @@
 			exit(0);
 		}
 	}
-	vpn_mainloop(vpninfo);
+
+    //update status - connected
+    LOG_VPNSTAT(S_VPN_CONNECTED);
+
+    vpn_mainloop(vpninfo);
 	exit(1);
 }
 
diff -ur /home/nmav/cvs/openconnect-2.25/mainloop.c openconnect-2.25/mainloop.c
--- /home/nmav/cvs/openconnect-2.25/mainloop.c	2010-05-15 10:23:37.000000000 +0200
+++ openconnect-2.25/mainloop.c	2011-07-07 02:29:03.000000000 +0200
@@ -130,8 +130,14 @@
 		select(vpninfo->select_nfds, &rfds, &wfds, &efds, &tv);
 	}
 
+    //update status - disconnecting
+    LOG_VPNSTAT(S_VPN_DISCONNECTING);
 	cstp_bye(vpninfo, vpninfo->quit_reason);
+	VPN_DEBUG("[VPN] Quit - %s\n", vpninfo->quit_reason);
 
+    //update status - disconnected
+    LOG_VPNSTAT(S_VPN_DISCONNECTED);
+    
 	shutdown_tun(vpninfo);
 	return 0;
 }
diff -ur /home/nmav/cvs/openconnect-2.25/Makefile openconnect-2.25/Makefile
--- /home/nmav/cvs/openconnect-2.25/Makefile	2010-05-15 10:23:37.000000000 +0200
+++ openconnect-2.25/Makefile	2011-07-07 02:29:03.000000000 +0200
@@ -3,6 +3,10 @@
 # set OPENSSL to the path to the source directory that you built openssl in
 #
 # OPENSSL := ../openssl-0.9.8i
+OPENSSL := ../component/openssl-0.9.8k
+
+CC = arm-linux-gcc
+AR = arm-linux-ar
 
 ifdef RPM_OPT_FLAGS
 OPT_FLAGS := $(RPM_OPT_FLAGS)
@@ -15,7 +19,7 @@
 # dir; there's no need to install it anywhere (we link it statically).
 ifdef OPENSSL
 SSL_CFLAGS += -I$(OPENSSL)/include
-SSL_LDFLAGS += $(OPENSSL)/libssl.a $(OPENSSL)/libcrypto.a
+SSL_LDFLAGS += $(OPENSSL)/libssl.so $(OPENSSL)/libcrypto.so
 else
 ifeq ($(wildcard /usr/include/openssl),)
 $(error "No OpenSSL in /usr/include/openssl. Cannot continue");
@@ -24,23 +28,25 @@
 SSL_LDFLAGS += -lcrypto -lssl
 endif
 
-XML2_CFLAGS += $(shell xml2-config --cflags) 
-XML2_LDFLAGS += $(shell xml2-config --libs)
+#XML2_CFLAGS += $(shell xml2-config --cflags) 
+#XML2_LDFLAGS += $(shell xml2-config --libs)
+XML2_CFLAGS += -I../component/libxml2-2.7.7/include/libxml2
+XML2_LDFLAGS += -L../component/libxml2-2.7.7/lib -lxml2 -lz -lm -ldl
 ifeq ($(XML2_LDFLAGS),)
 $(error "No libxml2 support. Cannot continue");
 endif
 
-GTK_CFLAGS += $(shell pkg-config --cflags gtk+-x11-2.0 gthread-2.0 2>/dev/null)
-GTK_LDFLAGS += $(shell pkg-config --libs gtk+-x11-2.0 gthread-2.0 2>/dev/null)
-ifeq ($(GTK_LDFLAGS),)
+#GTK_CFLAGS += $(shell pkg-config --cflags gtk+-x11-2.0 gthread-2.0 2>/dev/null)
+#GTK_LDFLAGS += $(shell pkg-config --libs gtk+-x11-2.0 gthread-2.0 2>/dev/null)
+#ifeq ($(GTK_LDFLAGS),)
 MISSINGPKGS += gtk+-x11-2.0
-endif
+#endif
 
-GCONF_CFLAGS += $(shell pkg-config --cflags gconf-2.0 2>/dev/null)
-GCONF_LDFLAGS += $(shell pkg-config --libs gconf-2.0 2>/dev/null)
-ifeq ($(GCONF_LDFLAGS),)
+#GCONF_CFLAGS += $(shell pkg-config --cflags gconf-2.0 2>/dev/null)
+#GCONF_LDFLAGS += $(shell pkg-config --libs gconf-2.0 2>/dev/null)
+#ifeq ($(GCONF_LDFLAGS),)
 MISSINGPKGS += gconf-2.0
-endif
+#endif
 
 CFLAGS := $(OPT_FLAGS) $(SSL_CFLAGS) $(XML2_CFLAGS) $(EXTRA_CFLAGS)
 LDFLAGS := -lz $(SSL_LDFLAGS) $(XML2_LDFLAGS) $(EXTRA_LDFLAGS)
diff -ur /home/nmav/cvs/openconnect-2.25/openconnect.h openconnect-2.25/openconnect.h
--- /home/nmav/cvs/openconnect-2.25/openconnect.h	2010-05-15 10:23:37.000000000 +0200
+++ openconnect-2.25/openconnect.h	2011-07-07 02:29:03.000000000 +0200
@@ -34,6 +34,7 @@
 #include <sys/time.h>
 #include <sys/types.h>
 #include <unistd.h>
+#include <sys/file.h>
 #ifdef OPENCONNECT_LIBPROXY
 #include LIBPROXY_HDR
 #endif
@@ -274,6 +275,37 @@
 #define AC_PKT_COMPRESSED	8	/* Compressed data */
 #define AC_PKT_TERM_SERVER	9	/* Server kick */
 
+typedef enum {
+	S_VPN_CONNECTING = 0,
+	S_VPN_CONNECTED,
+	S_VPN_RECONNECTING,
+	S_VPN_DISCONNECTING,
+	S_VPN_DISCONNECTED,
+	S_VPN_PAUSING,
+	S_VPN_OPEN_PAUSED,
+}vpn_state;
+
+#define LOG_VPNSTAT(x) \
+    {   \
+        FILE *fp = fopen("/tmp/vpnstat", "w");    \
+        if(fp) {    \
+            fprintf(fp, "%d", x);   \
+            fclose(fp); \
+        }   \
+    }
+
+#define LOG_VPNINFO(f, args...) \
+    {   \
+        FILE *fp = fopen("/tmp/vpninfo", "w");  \
+        if(fp) {    \
+            flock(fp, LOCK_EX); \
+            fprintf(fp, f, ## args);   \
+            flock(fp, LOCK_UN);    \
+            fsync(fp);  \
+            fclose(fp);   \
+        }   \
+    }
+
 /* Ick */
 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
 #define method_const const
@@ -350,4 +382,14 @@
 /* version.c */
 extern char openconnect_version[];
 
+#define VPN_DEBUG(f,args...) \
+        {\
+                FILE *fp_tty = fopen("/dev/console", "w" );\
+                if (fp_tty) {\
+                        fprintf( fp_tty, f , ## args );\
+                        fclose( fp_tty );\
+                }\
+        }
+
+
 #endif /* __OPENCONNECT_ANYCONNECT_H */
diff -ur /home/nmav/cvs/openconnect-2.25/ssl.c openconnect-2.25/ssl.c
--- /home/nmav/cvs/openconnect-2.25/ssl.c	2010-05-15 10:23:37.000000000 +0200
+++ openconnect-2.25/ssl.c	2011-07-07 02:29:03.000000000 +0200
@@ -801,9 +801,82 @@
 					  vpninfo->proxy?:vpninfo->hostname);
 			return -EINVAL;
 		}
-		if (connect(ssl_sock, vpninfo->peer_addr, vpninfo->peer_addrlen))
+
+		//use non-block connect instead, because block connect will block up to more than 5 minutes
+		//in the case server reboot, the recovery time will too long
+		// Set non-blocking 
+		long arg;
+		int res;
+		struct timeval tv;
+		fd_set soc_set;
+		int valopt;
+		socklen_t lon;
+		if( (arg = fcntl(ssl_sock, F_GETFL, NULL)) < 0) { 
+			fprintf(stderr, "Error fcntl(..., F_GETFL) (%s)\n", strerror(errno)); 
+			goto reconn_err;
+		} 
+		arg |= O_NONBLOCK; 
+		if( fcntl(ssl_sock, F_SETFL, arg) < 0) { 
+			fprintf(stderr, "Error fcntl(..., F_SETFL) (%s)\n", strerror(errno)); 
+			goto reconn_err;
+		}
+
+		//Try to connect with timeout
+		res = connect(ssl_sock, vpninfo->peer_addr, vpninfo->peer_addrlen);
+		if(res < 0) {
+			if (errno == EINPROGRESS) { 
+				fprintf(stderr, "EINPROGRESS in connect() - selecting\n"); 
+				do { 
+					tv.tv_sec = 10; 
+					tv.tv_usec = 0; 
+					FD_ZERO(&soc_set); 
+					FD_SET(ssl_sock, &soc_set); 
+					res = select(ssl_sock+1, NULL, &soc_set, NULL, &tv); 
+					if (res < 0 && errno != EINTR) { 
+						fprintf(stderr, "Error connecting %d - %s\n", errno, strerror(errno)); 
+						goto reconn_err;
+					} 
+					else if (res > 0) { 
+						// Socket selected for write 
+						lon = sizeof(int); 
+						if (getsockopt(ssl_sock, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon) < 0) { 
+							fprintf(stderr, "Error in getsockopt() %d - %s\n", errno, strerror(errno)); 
+							goto reconn_err;
+						} 
+						// Check the value returned... 
+						if (valopt) { 
+							fprintf(stderr, "Error in delayed connection() %d - %s\n", valopt, strerror(valopt)); 
+							goto reconn_err;
+						} 
+						break; 
+					} 
+					else { 
+						fprintf(stderr, "Timeout in select() - Cancelling!\n"); 
+						goto reconn_err;
+					} 
+				} while (0); 
+			} 
+			else { 
+				fprintf(stderr, "Error connecting %d - %s\n", errno, strerror(errno)); 
+				goto reconn_err;
+			} 
+		}
+
+		// Set to blocking mode again... 
+		if( (arg = fcntl(ssl_sock, F_GETFL, NULL)) < 0) { 
+			fprintf(stderr, "Error fcntl(..., F_GETFL) (%s)\n", strerror(errno)); 
+			goto reconn_err;
+		} 
+		arg &= (~O_NONBLOCK); 
+		if( fcntl(ssl_sock, F_SETFL, arg) < 0) { 
+			fprintf(stderr, "Error fcntl(..., F_SETFL) (%s)\n", strerror(errno)); 
 			goto reconn_err;
+		} 
 		
+		/*
+		if (connect(ssl_sock, vpninfo->peer_addr, vpninfo->peer_addrlen))
+			goto reconn_err;
+		*/	
 	} else {
 		struct addrinfo hints, *result, *rp;
 		char *hostname;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vpnc-script.xz
Type: application/x-xz
Size: 4480 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160620/7a635531/attachment-0001.xz>


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux