On Wed, 2016-05-04 at 21:40 -0700, Kevin Cernekee wrote: > @@ -391,7 +392,20 @@ const char *openconnect_get_dtls_cipher(struct openconnect_info *); > ?const char *openconnect_get_cstp_compression(struct openconnect_info *); > ?const char *openconnect_get_dtls_compression(struct openconnect_info *); > ? > +/* Returns the IP address of the exact host to which the connection > + * was made. In --cookieonly mode or in any other scenario involving > + * a "two stage" connection, it is important to reconnect by IP because > + * the server side may be using DNS trickery for load balancing. > + * > + * If the IP address is unavailable due to the use of a proxy, this will > + * fall back to returning the DNS name. */ > ?const char *openconnect_get_hostname(struct openconnect_info *); > + > +/* Returns the hostname parsed out of the server name URL. This is > + * intended to be used by the validate_peer_cert callback to check that > + * the certificate matches the server name. */ > +const char *openconnect_get_dnsname(struct openconnect_info *); Thank you for improving that documentation. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5760 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160506/a5aa4d67/attachment.bin>
