diff options
-rw-r--r-- | lib/auth_cert.c | 4 | ||||
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/gnutls_record.c | 49 | ||||
-rw-r--r-- | src/cli.c | 4 | ||||
-rw-r--r-- | src/serv.c | 1 |
5 files changed, 36 insertions, 24 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 08d5c99260..403ac2bb52 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -232,7 +232,7 @@ static int _find_openpgp_cert(const gnutls_certificate_credentials cred, */ static int get_issuers_num( gnutls_session session, opaque * data, ssize_t data_size) { -int issuers_dn_len, result; +int issuers_dn_len = 0, result; uint size; /* Count the number of the given issuers; @@ -472,7 +472,7 @@ static int _select_client_cert(gnutls_session session, gnutls_assert(); return issuers_dn_length; } - + if (issuers_dn_length > 0) { issuers_dn = gnutls_malloc( sizeof(gnutls_datum)*issuers_dn_length); if (issuers_dn == NULL) { diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 888fb17a3f..89d1fa61c7 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -131,7 +131,7 @@ typedef enum gnutls_close_request { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } gnutl typedef enum HandshakeState { STATE0=0, STATE1, STATE2, STATE3, STATE4, STATE5, STATE6, STATE7, STATE8, STATE9, STATE20=20, STATE21, - STATE30=30, STATE31, STATE50=50, STATE60=60, STATE61 } HandshakeState; + STATE30=30, STATE31, STATE50=50, STATE60=60, STATE61, STATE62 } HandshakeState; typedef enum HandshakeType { GNUTLS_HELLO_REQUEST, GNUTLS_CLIENT_HELLO, GNUTLS_SERVER_HELLO, GNUTLS_CERTIFICATE_PKT=11, GNUTLS_SERVER_KEY_EXCHANGE, diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 9cedd37f47..832cffdbda 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -169,29 +169,37 @@ void gnutls_transport_get_ptr2(gnutls_session session, **/ int gnutls_bye( gnutls_session session, gnutls_close_request how) { - int ret = 0, ret2 = 0; + int ret = 0; switch (STATE) { case STATE0: case STATE60: - if (STATE==STATE60) { - ret = _gnutls_io_write_flush( session); - } else { - ret = gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); - STATE = STATE60; + ret = _gnutls_io_write_flush( session); + STATE = STATE60; + if (ret < 0) { + gnutls_assert(); + return ret; } - if (ret < 0) - return ret; case STATE61: - if ( how == GNUTLS_SHUT_RDWR && ret >= 0) { - ret2 = _gnutls_recv_int( session, GNUTLS_ALERT, -1, NULL, 0); - if (ret2 >= 0) session->internals.may_read = 1; - } + ret = gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); STATE = STATE61; + if (ret < 0) { + gnutls_assert(); + return ret; + } - if (ret2 < 0) - return ret2; + case STATE62: + if ( how == GNUTLS_SHUT_RDWR) { + ret = _gnutls_recv_int( session, GNUTLS_ALERT, -1, NULL, 0); + if (ret >= 0) session->internals.may_read = 1; + } + STATE = STATE62; + + if (ret < 0) { + gnutls_assert(); + return ret; + } break; default: gnutls_assert(); @@ -300,7 +308,8 @@ ssize_t _gnutls_create_empty_record( gnutls_session session, ContentType type, * and only if the previous send was interrupted for some reason. * */ -ssize_t _gnutls_send_int( gnutls_session session, ContentType type, HandshakeType htype, const void *_data, size_t sizeofdata) +ssize_t _gnutls_send_int( gnutls_session session, ContentType type, + HandshakeType htype, const void *_data, size_t sizeofdata) { uint8 *cipher; int cipher_size; @@ -429,7 +438,6 @@ ssize_t _gnutls_send_int( gnutls_session session, ContentType type, HandshakeTyp gnutls_assert(); ret = GNUTLS_E_INTERNAL_ERROR; } - _gnutls_session_unresumable( session); _gnutls_session_invalidate( session); gnutls_assert(); @@ -610,7 +618,6 @@ static int _gnutls_record_check_type( gnutls_session session, ContentType recv_t if (data[0] == GNUTLS_AL_FATAL) { _gnutls_session_unresumable( session); _gnutls_session_invalidate( session); - ret = GNUTLS_E_FATAL_ALERT_RECEIVED; } @@ -681,9 +688,11 @@ static int _gnutls_record_check_type( gnutls_session session, ContentType recv_t * that it accepts the gnutls_session and the ContentType of data to * receive (if called by the user the Content is Userdata only) * It is intended to receive data, under the current session. + * + * The HandshakeType was introduced to support SSL V2.0 client hellos. */ -ssize_t _gnutls_recv_int( gnutls_session session, ContentType type, HandshakeType htype, - opaque *data, size_t sizeofdata) +ssize_t _gnutls_recv_int( gnutls_session session, ContentType type, + HandshakeType htype, opaque *data, size_t sizeofdata) { uint8 *tmpdata; int tmplen; @@ -697,7 +706,7 @@ ssize_t _gnutls_recv_int( gnutls_session session, ContentType type, HandshakeTyp uint16 header_size; int empty_packet = 0; - if (sizeofdata == 0 || data == NULL) { + if (type != GNUTLS_ALERT && (sizeofdata == 0 || data == NULL)) { return GNUTLS_E_INVALID_REQUEST; } @@ -124,7 +124,7 @@ static int cert_callback(gnutls_session session, /* Print the server's trusted CAs */ if (nreqs > 0) - printf("- Server's trusted authorities:\n"); + printf("- Server's trusted authorities (%d):\n", nreqs); else printf ("- Server did not send us any trusted authorities names.\n"); @@ -617,6 +617,8 @@ void socket_bye(socket_st * socket) gnutls_bye(socket->session, GNUTLS_SHUT_RDWR); while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); + if (ret < 0) + fprintf(stderr, "*** gnutls_bye() error: %s\n", gnutls_strerror(ret)); gnutls_deinit(socket->session); socket->session = NULL; } diff --git a/src/serv.c b/src/serv.c index 00fa77f75b..2fc08fbded 100644 --- a/src/serv.c +++ b/src/serv.c @@ -137,6 +137,7 @@ static const char *safe_strerror(int value) static void listener_free(listener_item * j) { + if (j->http_request) free(j->http_request); if (j->http_response) |