mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-07-24 11:45:18 +03:00
101 lines
2.6 KiB
Diff
101 lines
2.6 KiB
Diff
From 92742544a56bcbcd9ec99ca15f898b31797e39e2 Mon Sep 17 00:00:00 2001
|
|
From: Malte Kraus <malte.kraus@suse.com>
|
|
Date: Tue, 13 Aug 2019 13:36:26 +0200
|
|
Subject: [PATCH] repeat gnutls_handshake() call in case of warnings
|
|
|
|
that's what the semantics of this call require
|
|
---
|
|
conn.c | 71 ++++++++++++++++++++++++++++++++--------------------------
|
|
1 file changed, 39 insertions(+), 32 deletions(-)
|
|
|
|
diff --git a/conn.c b/conn.c
|
|
index be26f72..c013860 100644
|
|
--- a/conn.c
|
|
+++ b/conn.c
|
|
@@ -276,6 +276,7 @@ int conn_activate_ssl(int server_role)
|
|
char *ssl_keyfile;
|
|
char *ssl_certfile;
|
|
int err;
|
|
+ int handshake_repeat = 0;
|
|
|
|
if (csync_conn_usessl)
|
|
return 0;
|
|
@@ -333,40 +334,46 @@ int conn_activate_ssl(int server_role)
|
|
(gnutls_transport_ptr_t)(long)conn_fd_out
|
|
);
|
|
|
|
- err = gnutls_handshake(conn_tls_session);
|
|
- switch(err) {
|
|
- case GNUTLS_E_SUCCESS:
|
|
- break;
|
|
-
|
|
- case GNUTLS_E_WARNING_ALERT_RECEIVED:
|
|
- alrt = gnutls_alert_get(conn_tls_session);
|
|
- fprintf(
|
|
- csync_debug_out,
|
|
- "SSL: warning alert received from peer: %d (%s).\n",
|
|
- alrt, gnutls_alert_get_name(alrt)
|
|
- );
|
|
- break;
|
|
-
|
|
- case GNUTLS_E_FATAL_ALERT_RECEIVED:
|
|
- alrt = gnutls_alert_get(conn_tls_session);
|
|
- fprintf(
|
|
- csync_debug_out,
|
|
- "SSL: fatal alert received from peer: %d (%s).\n",
|
|
- alrt, gnutls_alert_get_name(alrt)
|
|
- );
|
|
|
|
- default:
|
|
- gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
|
|
- gnutls_deinit(conn_tls_session);
|
|
- gnutls_certificate_free_credentials(conn_x509_cred);
|
|
- gnutls_global_deinit();
|
|
+ do {
|
|
+ handshake_repeat = 0;
|
|
+ err = gnutls_handshake(conn_tls_session);
|
|
+ switch(err) {
|
|
+ case GNUTLS_E_SUCCESS:
|
|
+ break;
|
|
|
|
- csync_fatal(
|
|
- "SSL: handshake failed: %s (%s)\n",
|
|
- gnutls_strerror(err),
|
|
- gnutls_strerror_name(err)
|
|
- );
|
|
- }
|
|
+ case GNUTLS_E_WARNING_ALERT_RECEIVED:
|
|
+ alrt = gnutls_alert_get(conn_tls_session);
|
|
+ fprintf(
|
|
+ csync_debug_out,
|
|
+ "SSL: warning alert received from peer: %d (%s).\n",
|
|
+ alrt, gnutls_alert_get_name(alrt)
|
|
+ );
|
|
+ handshake_repeat = 1;
|
|
+ break;
|
|
+
|
|
+ case GNUTLS_E_FATAL_ALERT_RECEIVED:
|
|
+ alrt = gnutls_alert_get(conn_tls_session);
|
|
+ fprintf(
|
|
+ csync_debug_out,
|
|
+ "SSL: fatal alert received from peer: %d (%s).\n",
|
|
+ alrt, gnutls_alert_get_name(alrt)
|
|
+ );
|
|
+ // fall-through!
|
|
+
|
|
+ default:
|
|
+ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
|
|
+ gnutls_deinit(conn_tls_session);
|
|
+ gnutls_certificate_free_credentials(conn_x509_cred);
|
|
+ gnutls_global_deinit();
|
|
+
|
|
+ csync_fatal(
|
|
+ "SSL: handshake failed: %s (%s)\n",
|
|
+ gnutls_strerror(err),
|
|
+ gnutls_strerror_name(err)
|
|
+ );
|
|
+ }
|
|
+ } while (handshake_repeat);
|
|
|
|
csync_conn_usessl = 1;
|
|
|