_("Error fetching HTTPS response\n"));
if (!retried) {
retried = 1;
- openconnect_close_https(vpninfo);
+ openconnect_close_https(vpninfo, 0);
if (openconnect_open_https(vpninfo)) {
vpn_progress(vpninfo, PRG_ERR,
int timeout;
int interval;
- openconnect_close_https(vpninfo);
+ openconnect_close_https(vpninfo, 0);
/* Requeue the original packet that was deflated */
if (vpninfo->current_ssl_pkt == vpninfo->deflate_pkt) {
return 0;
}
-void openconnect_close_https(struct openconnect_info *vpninfo)
+void openconnect_close_https(struct openconnect_info *vpninfo, int final)
{
-#ifdef HAVE_P11KIT
- if (!strncmp(vpninfo->cert, "pkcs11:", 7)) {
- char pin_source[40];
-
- sprintf(pin_source, "openconnect:%p", vpninfo);
- p11_kit_pin_unregister_callback(pin_source, pin_callback, vpninfo);
- }
-#endif
-
if (vpninfo->peer_cert) {
gnutls_x509_crt_deinit(vpninfo->peer_cert);
vpninfo->peer_cert = NULL;
FD_CLR(vpninfo->ssl_fd, &vpninfo->select_efds);
vpninfo->ssl_fd = -1;
}
+ if (final && vpninfo->https_cred) {
+ gnutls_certificate_free_credentials(vpninfo->https_cred);
+ vpninfo->https_cred = NULL;
+#ifdef HAVE_P11KIT
+ if (!strncmp(vpninfo->cert, "pkcs11:", 7)) {
+ char pin_source[40];
+
+ sprintf(pin_source, "openconnect:%p", vpninfo);
+ p11_kit_pin_unregister_callback(pin_source, pin_callback, vpninfo);
+ }
+#endif
+ }
}
void openconnect_init_ssl(void)
}
if (closeconn || vpninfo->no_http_keepalive)
- openconnect_close_https(vpninfo);
+ openconnect_close_https(vpninfo, 0);
if (body)
body[done] = 0;
/* Kill the existing connection, and a new one will happen */
free(vpninfo->peer_addr);
vpninfo->peer_addr = NULL;
- openconnect_close_https(vpninfo);
+ openconnect_close_https(vpninfo, 0);
for (opt = vpninfo->cookies; opt; opt = next) {
next = opt->next;
void openconnect_reset_ssl (struct openconnect_info *vpninfo)
{
- openconnect_close_https(vpninfo);
+ openconnect_close_https(vpninfo, 1);
if (vpninfo->peer_addr) {
free(vpninfo->peer_addr);
vpninfo->peer_addr = NULL;
}
-#if defined (OPENCONNECT_OPENSSL)
- if (vpninfo->https_ctx) {
- SSL_CTX_free(vpninfo->https_ctx);
- vpninfo->https_ctx = NULL;
- }
-#elif defined (OPENCONNECT_GNUTLS)
- if (vpninfo->https_cred) {
- gnutls_certificate_free_credentials(vpninfo->https_cred);
- vpninfo->https_cred = NULL;
- }
-#endif
-
}
int openconnect_parse_url (struct openconnect_info *vpninfo, char *url)
int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len);
int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len);
int openconnect_open_https(struct openconnect_info *vpninfo);
-void openconnect_close_https(struct openconnect_info *vpninfo);
+void openconnect_close_https(struct openconnect_info *vpninfo, int final);
int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, OPENCONNECT_X509 *cert,
char *buf);
/* This one is actually OpenSSL-specific */
return 0;
}
-void openconnect_close_https(struct openconnect_info *vpninfo)
+void openconnect_close_https(struct openconnect_info *vpninfo, int final)
{
if (vpninfo->peer_cert) {
X509_free(vpninfo->peer_cert);
FD_CLR(vpninfo->ssl_fd, &vpninfo->select_efds);
vpninfo->ssl_fd = -1;
}
+ if (final && vpninfo->https_ctx) {
+ SSL_CTX_free(vpninfo->https_ctx);
+ vpninfo->https_ctx = NULL;
+ }
}
void openconnect_init_ssl(void)