[PATCH V3 4/7] library: Add openconnect_get_dnsname()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



openconnect_get_hostname() usually returns an IP, because it is used
for two-stage connections.  Add a new API call that returns a hostname
so certificate validation can be handled externally.

Signed-off-by: Kevin Cernekee <cernekee at gmail.com>
---
 java/src/org/infradead/libopenconnect/LibOpenConnect.java |  1 +
 jni.c                                                     |  8 ++++++++
 libopenconnect.map.in                                     |  1 +
 library.c                                                 |  5 +++++
 openconnect.h                                             | 14 ++++++++++++++
 5 files changed, 29 insertions(+)

diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
index 8dc7452..3f70b2b 100644
--- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java
+++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
@@ -139,6 +139,7 @@ public abstract class LibOpenConnect {
 	/* connection info */
 
 	public synchronized native String getHostname();
+	public synchronized native String getDNSName();
 	public synchronized native String getUrlpath();
 	public synchronized native int getPort();
 	public synchronized native String getCookie();
diff --git a/jni.c b/jni.c
index b5aa92d..bfcdaa5 100644
--- a/jni.c
+++ b/jni.c
@@ -1084,6 +1084,14 @@ JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getHo
 	RETURN_STRING_END
 }
 
+JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getDNSName(
+	JNIEnv *jenv, jobject jobj)
+{
+	RETURN_STRING_START
+	buf = openconnect_get_dnsname(ctx->vpninfo);
+	RETURN_STRING_END
+}
+
 JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getUrlpath(
 	JNIEnv *jenv, jobject jobj)
 {
diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 49c2b14..974ccf7 100644
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -78,6 +78,7 @@ OPENCONNECT_5_3 {
  global:
 	openconnect_override_getaddrinfo;
 	openconnect_get_cstp_compression;
+	openconnect_get_dnsname;
 	openconnect_get_dtls_compression;
 	openconnect_disable_ipv6;
 	openconnect_set_localname;
diff --git a/library.c b/library.c
index 97be310..8524c15 100644
--- a/library.c
+++ b/library.c
@@ -376,6 +376,11 @@ const char *openconnect_get_hostname(struct openconnect_info *vpninfo)
 	return vpninfo->unique_hostname?:vpninfo->hostname;
 }
 
+const char *openconnect_get_dnsname(struct openconnect_info *vpninfo)
+{
+	return vpninfo->hostname;
+}
+
 int openconnect_set_hostname(struct openconnect_info *vpninfo,
 			     const char *hostname)
 {
diff --git a/openconnect.h b/openconnect.h
index 22f7c5e..d34aae0 100644
--- a/openconnect.h
+++ b/openconnect.h
@@ -45,6 +45,7 @@ extern "C" {
  *  - Add ip_info->gateway_addr.
  *  - Add openconnect_set_setup_tun_handler().
  *  - Add openconnect_set_reconnected_handler().
+ *  - Add openconnect_get_dnsname().
  *
  * API version 5.2 (v7.05; 2015-03-10):
  *  - Add openconnect_set_http_auth(), openconnect_set_protocol().
@@ -391,7 +392,20 @@ const char *openconnect_get_dtls_cipher(struct openconnect_info *);
 const char *openconnect_get_cstp_compression(struct openconnect_info *);
 const char *openconnect_get_dtls_compression(struct openconnect_info *);
 
+/* Returns the IP address of the exact host to which the connection
+ * was made. In --cookieonly mode or in any other scenario involving
+ * a "two stage" connection, it is important to reconnect by IP because
+ * the server side may be using DNS trickery for load balancing.
+ *
+ * If the IP address is unavailable due to the use of a proxy, this will
+ * fall back to returning the DNS name. */
 const char *openconnect_get_hostname(struct openconnect_info *);
+
+/* Returns the hostname parsed out of the server name URL. This is
+ * intended to be used by the validate_peer_cert callback to check that
+ * the certificate matches the server name. */
+const char *openconnect_get_dnsname(struct openconnect_info *);
+
 int openconnect_set_hostname(struct openconnect_info *, const char *);
 char *openconnect_get_urlpath(struct openconnect_info *);
 int openconnect_set_urlpath(struct openconnect_info *, const char *);
-- 
1.9.1




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux