[glib-networking/mcatanzaro/#84: 7/7] gnutls: don't call failed() when rehandshaking
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/mcatanzaro/#84: 7/7] gnutls: don't call failed() when rehandshaking
- Date: Sun, 9 Jun 2019 15:15:57 +0000 (UTC)
commit f53ae5994a4dd454e17bd601089d98ddd71383a8
Author: Michael Catanzaro <mcatanzaro igalia com>
Date: Sun May 26 17:41:39 2019 -0500
gnutls: don't call failed() when rehandshaking
A rehandshake is not a real failure and should not result in the session
being removed from the session cache. This is causing the client to fail
to resume the session, causing the server to request the client cert
again for rehandshakes, which is undesirable.
When refactoring this code, I wasn't sure exactly where failed() should
be called. I noticed it was not being called in many places where it
really should have been, and overcorrected.
Note that this also moves failed() to be a vfunc of GTlsConnectionGnutls
instead of GTlsConnectionBase, since it's no longer called from Base and
OpenSSL doesn't implement it anywhere.
Fixes #84
tls/base/gtlsconnection-base.c | 5 +----
tls/base/gtlsconnection-base.h | 2 --
tls/gnutls/gtlsclientconnection-gnutls.c | 8 +++++---
tls/gnutls/gtlsconnection-gnutls.c | 9 ++++++---
tls/gnutls/gtlsconnection-gnutls.h | 2 ++
tls/gnutls/gtlsserverconnection-gnutls.c | 9 +++++----
6 files changed, 19 insertions(+), 16 deletions(-)
---
diff --git a/tls/base/gtlsconnection-base.c b/tls/base/gtlsconnection-base.c
index 4c24253..5e747c5 100644
--- a/tls/base/gtlsconnection-base.c
+++ b/tls/base/gtlsconnection-base.c
@@ -709,10 +709,10 @@ g_tls_connection_base_real_pop_io (GTlsConnectionBase *tls,
GError **error)
{
GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
- GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
GError *my_error = NULL;
/* This function MAY or MAY NOT set error when it fails! */
+
if (direction & G_IO_IN)
{
priv->read_cancellable = NULL;
@@ -752,9 +752,6 @@ g_tls_connection_base_real_pop_io (GTlsConnectionBase *tls,
else if (my_error)
g_propagate_error (error, my_error);
- if (tls_class->failed)
- tls_class->failed (tls);
-
return G_TLS_CONNECTION_BASE_ERROR;
}
diff --git a/tls/base/gtlsconnection-base.h b/tls/base/gtlsconnection-base.h
index c04294a..a24bd3f 100644
--- a/tls/base/gtlsconnection-base.h
+++ b/tls/base/gtlsconnection-base.h
@@ -84,8 +84,6 @@ struct _GTlsConnectionBaseClass
gboolean success,
GError **error);
- void (*failed) (GTlsConnectionBase *tls);
-
GTlsConnectionBaseStatus (*read_fn) (GTlsConnectionBase *tls,
void *buffer,
gsize count,
diff --git a/tls/gnutls/gtlsclientconnection-gnutls.c b/tls/gnutls/gtlsclientconnection-gnutls.c
index 12ea5f0..d450cac 100644
--- a/tls/gnutls/gtlsclientconnection-gnutls.c
+++ b/tls/gnutls/gtlsclientconnection-gnutls.c
@@ -397,9 +397,9 @@ g_tls_client_connection_gnutls_clear_session_data (GTlsClientConnectionGnutls *g
}
static void
-g_tls_client_connection_gnutls_failed (GTlsConnectionBase *tls)
+g_tls_client_connection_gnutls_failed (GTlsConnectionGnutls *gnutls)
{
- g_tls_client_connection_gnutls_clear_session_data (G_TLS_CLIENT_CONNECTION_GNUTLS (tls));
+ g_tls_client_connection_gnutls_clear_session_data (G_TLS_CLIENT_CONNECTION_GNUTLS (gnutls));
}
static void
@@ -494,6 +494,7 @@ g_tls_client_connection_gnutls_class_init (GTlsClientConnectionGnutlsClass *klas
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
+ GTlsConnectionGnutlsClass *gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
gobject_class->get_property = g_tls_client_connection_gnutls_get_property;
gobject_class->set_property = g_tls_client_connection_gnutls_set_property;
@@ -501,7 +502,8 @@ g_tls_client_connection_gnutls_class_init (GTlsClientConnectionGnutlsClass *klas
base_class->prepare_handshake = g_tls_client_connection_gnutls_prepare_handshake;
base_class->complete_handshake = g_tls_client_connection_gnutls_complete_handshake;
- base_class->failed = g_tls_client_connection_gnutls_failed;
+
+ gnutls_class->failed = g_tls_client_connection_gnutls_failed;
g_object_class_override_property (gobject_class, PROP_VALIDATION_FLAGS, "validation-flags");
g_object_class_override_property (gobject_class, PROP_SERVER_IDENTITY, "server-identity");
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index a673f07..62caa53 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -466,9 +466,12 @@ end_gnutls_io (GTlsConnectionGnutls *gnutls,
direction, timeout, cancellable); \
do {
-#define END_GNUTLS_IO(gnutls, direction, ret, status, errmsg, err) \
- status = end_gnutls_io (gnutls, direction, ret, err, errmsg); \
- } while (status == G_TLS_CONNECTION_BASE_TRY_AGAIN);
+#define END_GNUTLS_IO(gnutls, direction, ret, status, errmsg, err) \
+ status = end_gnutls_io (gnutls, direction, ret, err, errmsg); \
+ } while (status == G_TLS_CONNECTION_BASE_TRY_AGAIN); \
+ \
+ if (status == G_TLS_CONNECTION_BASE_ERROR) \
+ G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
static void
set_gnutls_error (GTlsConnectionGnutls *gnutls,
diff --git a/tls/gnutls/gtlsconnection-gnutls.h b/tls/gnutls/gtlsconnection-gnutls.h
index 03c5ef4..182afef 100644
--- a/tls/gnutls/gtlsconnection-gnutls.h
+++ b/tls/gnutls/gtlsconnection-gnutls.h
@@ -40,6 +40,8 @@ G_DECLARE_DERIVABLE_TYPE (GTlsConnectionGnutls, g_tls_connection_gnutls, G, TLS_
struct _GTlsConnectionGnutlsClass
{
GTlsConnectionBaseClass parent_class;
+
+ void (*failed) (GTlsConnectionGnutls *tls);
};
gnutls_certificate_credentials_t g_tls_connection_gnutls_get_credentials (GTlsConnectionGnutls *connection);
diff --git a/tls/gnutls/gtlsserverconnection-gnutls.c b/tls/gnutls/gtlsserverconnection-gnutls.c
index e046cf5..df46117 100644
--- a/tls/gnutls/gtlsserverconnection-gnutls.c
+++ b/tls/gnutls/gtlsserverconnection-gnutls.c
@@ -204,9 +204,9 @@ g_tls_server_connection_gnutls_retrieve_function (gnutls_session_t
}
static void
-g_tls_server_connection_gnutls_failed (GTlsConnectionBase *tls)
+g_tls_server_connection_gnutls_failed (GTlsConnectionGnutls *gnutls)
{
- gnutls_db_remove_session (g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (tls)));
+ gnutls_db_remove_session (g_tls_connection_gnutls_get_session (gnutls));
}
static void
@@ -238,7 +238,6 @@ g_tls_server_connection_gnutls_prepare_handshake (GTlsConnectionBase *tls,
}
/* Session cache management */
-
static int
g_tls_server_connection_gnutls_db_store (void *user_data,
gnutls_datum_t key,
@@ -300,13 +299,15 @@ g_tls_server_connection_gnutls_class_init (GTlsServerConnectionGnutlsClass *klas
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
+ GTlsConnectionGnutlsClass *gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
gobject_class->finalize = g_tls_server_connection_gnutls_finalize;
gobject_class->get_property = g_tls_server_connection_gnutls_get_property;
gobject_class->set_property = g_tls_server_connection_gnutls_set_property;
base_class->prepare_handshake = g_tls_server_connection_gnutls_prepare_handshake;
- base_class->failed = g_tls_server_connection_gnutls_failed;
+
+ gnutls_class->failed = g_tls_server_connection_gnutls_failed;
g_object_class_override_property (gobject_class, PROP_AUTHENTICATION_MODE, "authentication-mode");
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
