#if defined (OPENCONNECT_OPENSSL) || defined(DTLS_OPENSSL)
#include <openssl/ssl.h>
#include <openssl/err.h>
+/* Ick */
+#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+#define method_const const
+#else
+#define method_const
#endif
+#endif /* OPENSSL */
+
#if defined (OPENCONNECT_GNUTLS)
#include <gnutls/gnutls.h>
+#include <gnutls/abstract.h>
#include <gnutls/x509.h>
#ifdef HAVE_TROUSERS
#include <trousers/tss.h>
#include LIBPROXY_HDR
#endif
+#ifdef LIBSTOKEN_HDR
+#include LIBSTOKEN_HDR
+#endif
+
#ifdef ENABLE_NLS
#include <locale.h>
#include <libintl.h>
struct openconnect_info {
char *redirect_url;
+ const char *csd_xmltag;
char *csd_token;
char *csd_ticket;
char *csd_stuburl;
int uid_csd_given;
int no_http_keepalive;
+#ifdef LIBSTOKEN_HDR
+ struct stoken_ctx *stoken_ctx;
+#endif
+ int use_stoken;
+ int stoken_bypassed;
+ int stoken_tries;
+ time_t stoken_time;
+ char *stoken_pin;
+
OPENCONNECT_X509 *peer_cert;
char *cookie; /* Pointer to within cookies list */
TSS_HKEY tpm_key;
TSS_HPOLICY tpm_key_policy;
#endif
+#ifndef HAVE_GNUTLS_CERTIFICATE_SET_KEY
+#ifdef HAVE_P11KIT
+ gnutls_pkcs11_privkey_t my_p11key;
+#endif
+ gnutls_privkey_t my_pkey;
+ gnutls_x509_crt_t *my_certs;
+ unsigned int nr_my_certs;
#endif
+#endif /* OPENCONNECT_GNUTLS */
struct keepalive_info ssl_times;
int owe_ssl_dpd_response;
struct pkt *deflate_pkt;
int script_tun;
char *ifname;
- int mtu, basemtu;
+ int actual_mtu;
+ int reqmtu, basemtu;
const char *banner;
const char *vpn_addr;
const char *vpn_netmask;
struct sockaddr *peer_addr;
struct sockaddr *dtls_addr;
+ int dtls_local_port;
+
int deflate;
char *useragent;
#define AC_PKT_COMPRESSED 8 /* Compressed data */
#define AC_PKT_TERM_SERVER 9 /* Server kick */
-/* Ick */
-#ifdef DTLS_OPENSSL
-#if OPENSSL_VERSION_NUMBER >= 0x00909000L
-#define method_const const
-#else
-#define method_const
-#endif
-#endif
-
#define vpn_progress(vpninfo, ...) (vpninfo)->progress ((vpninfo)->cbdata, __VA_ARGS__)
/****************************************************************************/
#define getline openconnect__getline
ssize_t openconnect__getline(char **lineptr, size_t *n, FILE *stream);
#endif
+#ifndef HAVE_STRCASESTR
+#define strcasestr openconnect__strcasestr
+char *openconnect__strcasestr(const char *haystack, const char *needle);
+#endif
/****************************************************************************/
char **response, const char *fmt, ...);
int __attribute__ ((format (printf, 2, 3)))
openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...);
-#if defined(OPENCONNECT_OPENSSL) || defined (DTLS_OPENSSL)
-void openconnect_report_ssl_errors(struct openconnect_info *vpninfo);
+int openconnect_print_err_cb(const char *str, size_t len, void *ptr);
+#define openconnect_report_ssl_errors(v) ERR_print_errors_cb(openconnect_print_err_cb, (v))
+#ifdef FAKE_ANDROID_KEYSTORE
+#define ANDROID_KEYSTORE
+#endif
+#ifdef ANDROID_KEYSTORE
+char *keystore_strerror(int err);
+int keystore_fetch(const char *key, unsigned char **result);
#endif
/* ${SSL_LIBRARY}.c */
int queue_new_packet(struct pkt **q, void *buf, int len);
void queue_packet(struct pkt **q, struct pkt *new);
int keepalive_action(struct keepalive_info *ka, int *timeout);
-int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
+int ka_stalled_action(struct keepalive_info *ka, int *timeout);
extern int killed;
int parse_xml_response(struct openconnect_info *vpninfo, char *response,
char *request_body, int req_len, const char **method,
const char **request_body_type);
+int prepare_stoken(struct openconnect_info *vpninfo);
/* http.c */
char *openconnect_create_useragent(const char *base);
/* ssl_ui.c */
int set_openssl_ui(void);
-/* securid.c */
-int generate_securid_tokencodes(struct openconnect_info *vpninfo);
-int add_securid_pin(char *token, char *pin);
-
/* version.c */
extern const char *openconnect_version_str;