Skip to content

Commit

Permalink
repeat gnutls_handshake() call in case of warnings
Browse files Browse the repository at this point in the history 
that's what the semantics of this call require
  • Loading branch information
Malte Kraus committed Aug 13, 2019
1 parent 588850a commit 9274254
Showing 1 changed file with 39 additions and 32 deletions.
71 changes: 39 additions & 32 deletions conn.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,7 @@ int conn_activate_ssl(int server_role)
char *ssl_keyfile;
char *ssl_certfile;
int err;
int handshake_repeat = 0;

if (csync_conn_usessl)
return 0;
Expand Down Expand Up @@ -333,40 +334,46 @@ int conn_activate_ssl(int server_role)
(gnutls_transport_ptr_t)(long)conn_fd_out
);

err = gnutls_handshake(conn_tls_session);
switch(err) {
case GNUTLS_E_SUCCESS:
break;

case GNUTLS_E_WARNING_ALERT_RECEIVED:
alrt = gnutls_alert_get(conn_tls_session);
fprintf(
csync_debug_out,
"SSL: warning alert received from peer: %d (%s).\n",
alrt, gnutls_alert_get_name(alrt)
);
break;

case GNUTLS_E_FATAL_ALERT_RECEIVED:
alrt = gnutls_alert_get(conn_tls_session);
fprintf(
csync_debug_out,
"SSL: fatal alert received from peer: %d (%s).\n",
alrt, gnutls_alert_get_name(alrt)
);

default:
gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
gnutls_deinit(conn_tls_session);
gnutls_certificate_free_credentials(conn_x509_cred);
gnutls_global_deinit();
do {
handshake_repeat = 0;
err = gnutls_handshake(conn_tls_session);
switch(err) {
case GNUTLS_E_SUCCESS:
break;

csync_fatal(
"SSL: handshake failed: %s (%s)\n",
gnutls_strerror(err),
gnutls_strerror_name(err)
);
}
case GNUTLS_E_WARNING_ALERT_RECEIVED:
alrt = gnutls_alert_get(conn_tls_session);
fprintf(
csync_debug_out,
"SSL: warning alert received from peer: %d (%s).\n",
alrt, gnutls_alert_get_name(alrt)
);
handshake_repeat = 1;
break;

case GNUTLS_E_FATAL_ALERT_RECEIVED:
alrt = gnutls_alert_get(conn_tls_session);
fprintf(
csync_debug_out,
"SSL: fatal alert received from peer: %d (%s).\n",
alrt, gnutls_alert_get_name(alrt)
);
// fall-through!

default:
gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
gnutls_deinit(conn_tls_session);
gnutls_certificate_free_credentials(conn_x509_cred);
gnutls_global_deinit();

csync_fatal(
"SSL: handshake failed: %s (%s)\n",
gnutls_strerror(err),
gnutls_strerror_name(err)
);
}
} while (handshake_repeat);

csync_conn_usessl = 1;

Expand Down

0 comments on commit 9274254

Please sign in to comment.