Make openconnect_open_https() and openconnect_close_https() more forgiving.

If openconnect_open_https() is called with the connection already open,
return immediate success. Thus, the caller doesn't have to poke at
vpninfo->https_ssl to check it.

And if openconnect_close_https() is called when the connection isn't open,
don't attempt to close/free things that don't exist.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/ssl.c b/ssl.c
index 7f28753..843026a 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -1014,6 +1014,9 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
        int ssl_sock = -1;
        int err;
 
+       if (vpninfo->https_ssl)
+               return 0;
+
        if (!vpninfo->port)
                vpninfo->port = 443;
 
@@ -1297,13 +1300,17 @@ void openconnect_close_https(struct openconnect_info *vpninfo)
                X509_free(vpninfo->peer_cert);
                vpninfo->peer_cert = NULL;
        }
-       SSL_free(vpninfo->https_ssl);
-       vpninfo->https_ssl = NULL;
-       close(vpninfo->ssl_fd);
-       FD_CLR(vpninfo->ssl_fd, &vpninfo->select_rfds);
-       FD_CLR(vpninfo->ssl_fd, &vpninfo->select_wfds);
-       FD_CLR(vpninfo->ssl_fd, &vpninfo->select_efds);
-       vpninfo->ssl_fd = -1;
+       if (vpninfo->https_ssl) {
+               SSL_free(vpninfo->https_ssl);
+               vpninfo->https_ssl = NULL;
+       }
+       if (vpninfo->ssl_fd != -1) {
+               close(vpninfo->ssl_fd);
+               FD_CLR(vpninfo->ssl_fd, &vpninfo->select_rfds);
+               FD_CLR(vpninfo->ssl_fd, &vpninfo->select_wfds);
+               FD_CLR(vpninfo->ssl_fd, &vpninfo->select_efds);
+               vpninfo->ssl_fd = -1;
+       }
 }
 
 void openconnect_init_openssl(void)