cleanups and documentation updates

13 files changed, 102 insertions, 53 deletions

diff --git a/NEWS b/NEWS
index f8baf05d43..07022afd1b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,11 +1,11 @@
 Version 0.2.11
--  Changed the meaning of GNUTLS_E_REHANDSHAKE value. If this value
-   is returned, then the caller should perform a handshake or send
-   an alert to the peer.
-- Made receive buffer dynamic. Normaly if no large chunks are receive
+- Changed the meaning of GNUTLS_E_REHANDSHAKE value. If this value
+  is returned, then the caller should perform a handshake or send
+  an alert to the peer.
+- Made receive buffer dynamic. Normaly if no large chunks are received
   it occupies less space.
 - Added max_record_size extension
-- Bugfixes session handling
+- Bugfixes in session handling
 
 Version 0.2.10 (5/11/2001)
 - Corrected bugs and improved non blocking IO
diff --git a/doc/tex/Makefile.am b/doc/tex/Makefile.am
index 818fbc01eb..f8e4b1193a 100644
--- a/doc/tex/Makefile.am
+++ b/doc/tex/Makefile.am
@@ -11,7 +11,7 @@ gnutls.ps: $(TEX_OBJECTS)
 	-latex gnutls.tex && latex gnutls.tex && dvips gnutls.dvi -o gnutls.ps
 
 gnutls.html: $(TEX_OBJECTS)
-	-latex2html gnutls.tex -no_subdir 1 -split 0 -local_icons -prefix ./ \
+	-latex2html gnutls.tex -no_subdir 1 -split 0 -local_icons -html_version 3.2,math \
 	-info "" 
 
 
diff --git a/doc/tex/resumedb.tex b/doc/tex/resumedb.tex
index 13a437c964..2c11d36bbe 100644
--- a/doc/tex/resumedb.tex
+++ b/doc/tex/resumedb.tex
@@ -9,10 +9,14 @@ after a successful handshake, without the expensive calculations (by using the p
 established keys). \gnutls supports this feature, and the
 example \hyperref{resume client}{resume client (see Section }{ for more
 information)}{resume-example} illustrates a typical use of it (This is a modification of the simple client example).
+Servers only need to use the
+\hyperref{gnutls\_set\_db\_name()}{gnutls\_set\_db\_name() (see Section }{ for more
+information)}{gnutls_set_db_name} function if they want to use the gdbm
+backend to store sessions. 
 \par
 Keep in mind that sessions are expired after some time (for security reasons), thus
 it may be normal for a server not to resume a session even if you requested that.
-Also note that you must enable (using the priority functions), the
+Also note that you must enable (using the priority functions), at least the
 algorithms used in the last session.
 
 \subsection{Resuming internals}
@@ -24,11 +28,35 @@ nesessary parameters etc.).
 \par
 The server side is different\footnote{Future versions of gnutls may be
 different}. 
-Here the server only specifies a DB file to be
-used. This DB file is used to store the sessions' required parameters for
+Here the server only specifies a DB file (using 
+\hyperref{gnutls\_set\_db\_name()}{gnutls\_set\_db\_name() (see Section }{ for more
+information)}{gnutls_set_db_name}
+) to be used. This DB file is used to store the sessions' required parameters for
 resuming (and this means that this file contains very sensitive information,
 such as encryption keys). In a multi-threaded application every thread can
 read from the DB file and access all previously established sessions, but
 only one thread can write at a time. The current behaviour of gnutls is
 not to block and wait for the DB to be ready for writing, but continue the
 process normally (and do not save the parameters).  
+\par
+ After version {\emph 0.2.10} \gnutls provides callback functions such as:
+\hyperref{gnutls\_set\_db\_remove\_function()}{gnutls\_set\_db\_remove\_function() (see Section }{ for more
+information)}{gnutls_set_db_remove_function},
+\hyperref{gnutls\_set\_db\_store\_function()}{gnutls\_set\_db\_store\_function() (see Section }{ for more
+information)}{gnutls_set_db_store_function},
+\hyperref{gnutls\_set\_db\_retrieve\_function()}{gnutls\_set\_db\_retrieve\_function() (see Section }{ for more
+information)}{gnutls_set_db_retrieve_function} and
+\hyperref{gnutls\_set\_db\_ptr()}{gnutls\_set\_db\_ptr() (see Section }{ for more
+information)}{gnutls_set_db_ptr}.
+These callback functions are required in order to use a session
+storage method, other than the default gdbm backend. 
+\par
+If an alternative backend is in use, it might be usefull to be able to check
+for expired sessions in order to remove them, and save space (in the way 
+\hyperref{gnutls\_clean\_db()}{gnutls\_clean\_db() (see Section }{ for more
+information)}{gnutls_clean_db}.
+) does for the gdbm backend. \gnutls provides the function
+\hyperref{gnutls\_check\_db\_entry()}{gnutls\_check\_db\_entry() (see Section }{ for more
+information)}{gnutls_check_db_entry}, which takes as input session data, and
+returns a negative value if the data are to be removed.
+
diff --git a/doc/tex/translayer.tex b/doc/tex/translayer.tex
index 04d8a3088c..da178db154 100644
--- a/doc/tex/translayer.tex
+++ b/doc/tex/translayer.tex
@@ -2,10 +2,10 @@
 \par
 \gnutls can be used above any transport layer. To do this you will only 
 need to set up the 
-\hyperref{gnutls\_global\_set\_push\_func()}{gnutls\_global\_set\_push\_func() (see Section }{
-for more information)}{gnutls_global_set_push_func} and
-\hyperref{gnutls\_global\_set\_pull\_func()}{gnutls\_global\_set\_pull\_func() (see Section }{
-for more information)}{gnutls_global_set_pull_func}
+\hyperref{gnutls\_global\_set\_push\_function()}{gnutls\_global\_set\_push\_function() (see Section }{
+for more information)}{gnutls_global_set_push_function} and
+\hyperref{gnutls\_global\_set\_pull\_function()}{gnutls\_global\_set\_pull\_function() (see Section }{
+for more information)}{gnutls_global_set_pull_function}
 functions. These functions will then be used by gnutls in order to send and receive data.
 The functions specified should return -1 on error and probably set errno appropriately.
 \gnutls supports EINTR and EAGAIN errno values (This means that appropriate
diff --git a/lib/auth_x509.c b/lib/auth_x509.c
index bbe546940b..668466872d 100644
--- a/lib/auth_x509.c
+++ b/lib/auth_x509.c
@@ -429,10 +429,12 @@ int _gnutls_gen_x509_client_certificate(GNUTLS_STATE state, opaque ** data)
 	}
 	
 	/* if no certificates were found then send:
-	 * 00 00 03 00 00 00    // Certificate with no certs
+	 * 0B 00 00 03 00 00 00    // Certificate with no certs
 	 * instead of:
-	 * 00 00 00		// empty certificate handshake
-	 *
+	 * 0B 00 00 00		// empty certificate handshake
+         *
+	 * ( the above is the whole handshake message, not 
+	 * the one produced here )
 	 */
 
 	(*data) = gnutls_malloc(ret);
diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in
index 4516f0a22b..f7a9d9464e 100644
--- a/lib/gnutls.h.in
+++ b/lib/gnutls.h.in
@@ -234,8 +234,10 @@ typedef ssize_t (*PUSH_FUNC)(SOCKET, const void*, size_t);
 
 typedef void (*LOG_FUNC)( const char*);
 
-void gnutls_set_push_func( GNUTLS_STATE, PUSH_FUNC push_func);
-void gnutls_set_pull_func( GNUTLS_STATE, PULL_FUNC pull_func);
+void gnutls_set_push_function( GNUTLS_STATE, PUSH_FUNC push_func);
+void gnutls_set_pull_function( GNUTLS_STATE, PULL_FUNC pull_func);
+#define gnutls_set_push_func gnutls_set_push_function
+#define gnutls_set_pull_func gnutls_set_pull_function
 
 size_t gnutls_get_max_record_size( GNUTLS_STATE state);
 size_t gnutls_set_max_record_size( GNUTLS_STATE state, size_t size);
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 33b09af921..9c0413dd85 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -1,3 +1,4 @@
+#define READ_DEBUG
 /*
  *      Copyright (C) 2000,2001 Nikos Mavroyanopoulos
  *
@@ -46,7 +47,8 @@ int gnutls_insert_to_data_buffer(ContentType type, GNUTLS_STATE state, char *dat
 	int old_buffer;
 
 	if (length==0) return 0;
-	if (type == GNUTLS_APPLICATION_DATA) {
+	switch( type) {
+	case GNUTLS_APPLICATION_DATA:
 		old_buffer = state->gnutls_internals.buffer.size;
 
 		state->gnutls_internals.buffer.size += length;
@@ -57,8 +59,8 @@ int gnutls_insert_to_data_buffer(ContentType type, GNUTLS_STATE state, char *dat
 		    gnutls_realloc_fast(state->gnutls_internals.buffer.data,
 			   state->gnutls_internals.buffer.size);
 		memcpy(&state->gnutls_internals.buffer.data[old_buffer], data, length);
-	}
-	if (type == GNUTLS_HANDSHAKE) {
+		break;
+	case GNUTLS_HANDSHAKE:
 		old_buffer = state->gnutls_internals.buffer_handshake.size;
 
 		state->gnutls_internals.buffer_handshake.size += length;
@@ -69,6 +71,11 @@ int gnutls_insert_to_data_buffer(ContentType type, GNUTLS_STATE state, char *dat
 		    gnutls_realloc_fast(state->gnutls_internals.buffer_handshake.data,
 			   state->gnutls_internals.buffer_handshake.size);
 		memcpy(&state->gnutls_internals.buffer_handshake.data[old_buffer], data, length);
+		break;
+	
+	default:
+		gnutls_assert();
+		return GNUTLS_E_INVALID_PARAMETERS;
 	}
 
 	return 0;
@@ -77,10 +84,16 @@ int gnutls_insert_to_data_buffer(ContentType type, GNUTLS_STATE state, char *dat
 
 int gnutls_get_data_buffer_size(ContentType type, GNUTLS_STATE state)
 {
-	if (type == GNUTLS_APPLICATION_DATA)
-		return state->gnutls_internals.buffer.size;
-	if (type == GNUTLS_HANDSHAKE)
-		return state->gnutls_internals.buffer_handshake.size;
+	switch( type) {
+		case GNUTLS_APPLICATION_DATA:
+			return state->gnutls_internals.buffer.size;
+	
+		case GNUTLS_HANDSHAKE:
+			return state->gnutls_internals.buffer_handshake.size;
+		
+		default:
+			return GNUTLS_E_INVALID_PARAMETERS;
+	}
 	return 0;
 }
 
@@ -101,7 +114,8 @@ int gnutls_check_pending(GNUTLS_STATE state) {
 
 int gnutls_get_data_buffer(ContentType type, GNUTLS_STATE state, char *data, int length)
 {
-	if (type == GNUTLS_APPLICATION_DATA) {
+	switch(type) {
+	case GNUTLS_APPLICATION_DATA:
 	
 		if (length > state->gnutls_internals.buffer.size) {
 			length = state->gnutls_internals.buffer.size;
@@ -119,8 +133,9 @@ int gnutls_get_data_buffer(ContentType type, GNUTLS_STATE state, char *data, int
 		state->gnutls_internals.buffer.data =
 		    gnutls_realloc_fast(state->gnutls_internals.buffer.data,
 				   state->gnutls_internals.buffer.size);
-	}
-	if (type == GNUTLS_HANDSHAKE) {
+		break;
+		
+	case GNUTLS_HANDSHAKE:
 		if (length > state->gnutls_internals.buffer_handshake.size) {
 			length = state->gnutls_internals.buffer_handshake.size;
 		}
@@ -137,6 +152,10 @@ int gnutls_get_data_buffer(ContentType type, GNUTLS_STATE state, char *data, int
 		state->gnutls_internals.buffer_handshake.data =
 		    gnutls_realloc_fast(state->gnutls_internals.buffer_handshake.data,
 				   state->gnutls_internals.buffer_handshake.size);
+		break;
+	default:
+		gnutls_assert();
+		return GNUTLS_E_INVALID_PARAMETERS;
 	}
 
 
@@ -349,7 +368,7 @@ ssize_t _gnutls_read_buffered( int fd, GNUTLS_STATE state, opaque **iptr, size_t
 
 #ifdef READ_DEBUG
 	if (ret > 0)
-		_gnutls_log("RB: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", state->gnutls_internals.recv_buffer_data_size, ret, sizeOfPtr);
+		_gnutls_log("RB: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", state->gnutls_internals.recv_buffer.size, ret, sizeOfPtr);
 #endif
 	/* copy fresh data to our buffer.
 	 */
@@ -373,7 +392,7 @@ ssize_t _gnutls_read_buffered( int fd, GNUTLS_STATE state, opaque **iptr, size_t
 #ifdef READ_DEBUG
 		if (ret2 > 0) {
 			_gnutls_log("RB-PEEK: Read %d bytes in PEEK MODE.\n", ret2); 
-			_gnutls_log("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", state->gnutls_internals.recv_buffer_data_size, ret2, sizeOfPtr);
+			_gnutls_log("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", state->gnutls_internals.recv_buffer.size, ret2, sizeOfPtr);
 		}
 #endif
 
@@ -526,7 +545,7 @@ ssize_t _gnutls_write_buffered(SOCKET fd, GNUTLS_STATE state, const void *iptr,
  * TLS write buffer (ie. because the previous write was
  * interrupted.
  */
-ssize_t _gnutls_flush(SOCKET fd, GNUTLS_STATE state)
+ssize_t _gnutls_write_flush(SOCKET fd, GNUTLS_STATE state)
 {
     ssize_t ret;
 
@@ -553,7 +572,7 @@ ssize_t _gnutls_handshake_send_int( SOCKET fd, GNUTLS_STATE state, ContentType t
 	if (iptr==NULL && n == 0) {
 		/* resuming interrupted write. 
 		 */
-		return _gnutls_flush( fd, state);
+		return _gnutls_write_flush( fd, state);
 	}
 
 	/* FIXME: Potential problem here. If ie one message has been
@@ -565,16 +584,12 @@ ssize_t _gnutls_handshake_send_int( SOCKET fd, GNUTLS_STATE state, ContentType t
 	while (left > 0) {
 		i = gnutls_send_int(fd, state, type, htype, &ptr[i], left);
 		if (i <= 0) {
-			if (i==GNUTLS_E_INTERRUPTED || i==GNUTLS_E_AGAIN) {
-				i = 0;
-			} else {
+			gnutls_assert();
+			if (n-left > 0)  {
 				gnutls_assert();
-				if (n-left > 0)  {
-					gnutls_assert();
-					return n-left;
-				}
-				return i;
+				return n-left;
 			}
+			return i;
 		}
 		left -= i;
 	}
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index 6f31c714ef..430282a2ae 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -36,4 +36,4 @@ int gnutls_clear_handshake_buffer( GNUTLS_STATE state);
 
 ssize_t _gnutls_handshake_recv_int(SOCKET fd, GNUTLS_STATE, ContentType, HandshakeType, void *, size_t);
 ssize_t _gnutls_handshake_send_int(SOCKET fd, GNUTLS_STATE, ContentType, HandshakeType, void *, size_t);
-ssize_t _gnutls_flush(SOCKET fd, GNUTLS_STATE state);
+ssize_t _gnutls_write_flush(SOCKET fd, GNUTLS_STATE state);
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index d61776dac8..207a624e7c 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -203,7 +203,7 @@ static Sigfunc *
  */
 
 /**
-  * gnutls_set_pull_func - This function sets a read like function
+  * gnutls_set_pull_function - This function sets a read like function
   * @pull_func: it's a function like read
   * @state: gnutls state
   *
@@ -215,12 +215,12 @@ static Sigfunc *
   * PULL_FUNC is of the form, 
   * ssize_t (*PULL_FUNC)(SOCKET, const void*, size_t);
   **/
-void gnutls_set_pull_func( GNUTLS_STATE state, PULL_FUNC pull_func) {
+void gnutls_set_pull_function( GNUTLS_STATE state, PULL_FUNC pull_func) {
 	state->gnutls_internals._gnutls_pull_func = pull_func;
 }
 
 /**
-  * gnutls_set_push_func - This function sets the function to send data
+  * gnutls_set_push_function - This function sets the function to send data
   * @push_func: it's a function like write
   * @state: gnutls state
   *
@@ -234,6 +234,6 @@ void gnutls_set_pull_func( GNUTLS_STATE state, PULL_FUNC pull_func) {
   * PUSH_FUNC is of the form, 
   * ssize_t (*PUSH_FUNC)(SOCKET, const void*, size_t);
   **/
-void gnutls_set_push_func( GNUTLS_STATE state, PUSH_FUNC push_func) {
+void gnutls_set_push_function( GNUTLS_STATE state, PUSH_FUNC push_func) {
 	state->gnutls_internals._gnutls_push_func = push_func;
 }
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 9dbc9c6c5e..dc7e4f1f94 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -588,7 +588,7 @@ int _gnutls_send_handshake(SOCKET cd, GNUTLS_STATE state, void *i_data,
 		/* we are resuming a previously interrupted
 		 * send.
 		 */
-		return _gnutls_flush( cd, state);
+		return _gnutls_write_flush( cd, state);
 	}
 
 	if (i_data==NULL && i_datasize > 0) {
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index ac51a5dec6..651e79e4d2 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -32,9 +32,9 @@
 #define WRITE_DEBUG
 #define READ_DEBUG
 #define HANDSHAKE_DEBUG // Prints some information on handshake 
-#define RECORD_DEBUG
+#define RECORD_DEBUG*/
 #define DEBUG
-*/
+
 
 /* It might be a good idea to replace int with void*
  * here.
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 4196622c59..fca32d02dd 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -430,7 +430,7 @@ int gnutls_bye(SOCKET cd, GNUTLS_STATE state, CloseRequest how)
 		case STATE0:
 		case STATE60:
 			if (STATE==STATE60) {
-				ret = _gnutls_flush( cd, state);
+				ret = _gnutls_write_flush( cd, state);
 			} else {
 				ret = gnutls_send_alert(cd, state, GNUTLS_WARNING, GNUTLS_CLOSE_NOTIFY);
 				STATE = STATE60;
@@ -519,7 +519,7 @@ ssize_t gnutls_send_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha
 	 * from the previous run. - probably interrupted.
 	 */
 	if (state->gnutls_internals.send_buffer.size != 0) {
-		ret = _gnutls_flush(cd, state);
+		ret = _gnutls_write_flush(cd, state);
 	} else {
 		cipher_size = _gnutls_encrypt( state, headers, RECORD_HEADER_SIZE, data, data2send, &cipher, type);
 		if (cipher_size <= 0) {
@@ -586,7 +586,7 @@ ssize_t _gnutls_send_change_cipher_spec(SOCKET cd, GNUTLS_STATE state, int again
 	if (again==0)
 		return gnutls_send_int( cd, state, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1);
 	else {
-		return _gnutls_flush( cd, state);
+		return _gnutls_write_flush( cd, state);
 	}
 }
 
@@ -1119,7 +1119,7 @@ size_t gnutls_get_max_record_size( GNUTLS_STATE state) {
   * This property can only be set to clients. The server may
   * choose not to accept the requested size.
   *
-  * Acceptable values are 2^9, 2^10, 2^11 and 2^12.
+  * Acceptable values are $2^{9}, 2^{10}, 2^{11}$ and $2^{12}$.
   * Returns the new record size.
   *
   **/
diff --git a/src/cli.c b/src/cli.c
index 886cd61cdb..36e6c13145 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -242,6 +242,7 @@ int main(int argc, char** argv)
 	} else {
 		printf("- Handshake was completed\n");
 	}
+	
 	gnutls_get_current_session( state, NULL, &session_size);
 	session = malloc(session_size);
 	gnutls_get_current_session( state, session, &session_size);
@@ -251,12 +252,13 @@ int main(int argc, char** argv)
 	gnutls_get_current_session_id( state, session_id, &session_id_size);
 
 /* print some information */
-	print_info( state);
+ 	print_info( state);
 
 	printf("- Disconnecting\n");
 	do {
 		ret = gnutls_bye(sd, state, GNUTLS_SHUT_RDWR);
 	} while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN);
+	
 	shutdown( sd, SHUT_WR);
 	close(sd);
 	gnutls_deinit( state);