Commit f53ae599 authored by Michael Catanzaro's avatar Michael Catanzaro

gnutls: don't call failed() when rehandshaking

A rehandshake is not a real failure and should not result in the session
being removed from the session cache. This is causing the client to fail
to resume the session, causing the server to request the client cert
again for rehandshakes, which is undesirable.

When refactoring this code, I wasn't sure exactly where failed() should
be called. I noticed it was not being called in many places where it
really should have been, and overcorrected.

Note that this also moves failed() to be a vfunc of GTlsConnectionGnutls
instead of GTlsConnectionBase, since it's no longer called from Base and
OpenSSL doesn't implement it anywhere.

Fixes #84
parent 4df12ad3
Pipeline #87210 passed with stage
in 1 minute and 48 seconds
......@@ -709,10 +709,10 @@ g_tls_connection_base_real_pop_io (GTlsConnectionBase *tls,
GError **error)
{
GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
GError *my_error = NULL;
/* This function MAY or MAY NOT set error when it fails! */
if (direction & G_IO_IN)
{
priv->read_cancellable = NULL;
......@@ -752,9 +752,6 @@ g_tls_connection_base_real_pop_io (GTlsConnectionBase *tls,
else if (my_error)
g_propagate_error (error, my_error);
if (tls_class->failed)
tls_class->failed (tls);
return G_TLS_CONNECTION_BASE_ERROR;
}
......
......@@ -84,8 +84,6 @@ struct _GTlsConnectionBaseClass
gboolean success,
GError **error);
void (*failed) (GTlsConnectionBase *tls);
GTlsConnectionBaseStatus (*read_fn) (GTlsConnectionBase *tls,
void *buffer,
gsize count,
......
......@@ -397,9 +397,9 @@ g_tls_client_connection_gnutls_clear_session_data (GTlsClientConnectionGnutls *g
}
static void
g_tls_client_connection_gnutls_failed (GTlsConnectionBase *tls)
g_tls_client_connection_gnutls_failed (GTlsConnectionGnutls *gnutls)
{
g_tls_client_connection_gnutls_clear_session_data (G_TLS_CLIENT_CONNECTION_GNUTLS (tls));
g_tls_client_connection_gnutls_clear_session_data (G_TLS_CLIENT_CONNECTION_GNUTLS (gnutls));
}
static void
......@@ -494,6 +494,7 @@ g_tls_client_connection_gnutls_class_init (GTlsClientConnectionGnutlsClass *klas
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
GTlsConnectionGnutlsClass *gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
gobject_class->get_property = g_tls_client_connection_gnutls_get_property;
gobject_class->set_property = g_tls_client_connection_gnutls_set_property;
......@@ -501,7 +502,8 @@ g_tls_client_connection_gnutls_class_init (GTlsClientConnectionGnutlsClass *klas
base_class->prepare_handshake = g_tls_client_connection_gnutls_prepare_handshake;
base_class->complete_handshake = g_tls_client_connection_gnutls_complete_handshake;
base_class->failed = g_tls_client_connection_gnutls_failed;
gnutls_class->failed = g_tls_client_connection_gnutls_failed;
g_object_class_override_property (gobject_class, PROP_VALIDATION_FLAGS, "validation-flags");
g_object_class_override_property (gobject_class, PROP_SERVER_IDENTITY, "server-identity");
......
......@@ -466,9 +466,12 @@ end_gnutls_io (GTlsConnectionGnutls *gnutls,
direction, timeout, cancellable); \
do {
#define END_GNUTLS_IO(gnutls, direction, ret, status, errmsg, err) \
status = end_gnutls_io (gnutls, direction, ret, err, errmsg); \
} while (status == G_TLS_CONNECTION_BASE_TRY_AGAIN);
#define END_GNUTLS_IO(gnutls, direction, ret, status, errmsg, err) \
status = end_gnutls_io (gnutls, direction, ret, err, errmsg); \
} while (status == G_TLS_CONNECTION_BASE_TRY_AGAIN); \
\
if (status == G_TLS_CONNECTION_BASE_ERROR) \
G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
static void
set_gnutls_error (GTlsConnectionGnutls *gnutls,
......
......@@ -40,6 +40,8 @@ G_DECLARE_DERIVABLE_TYPE (GTlsConnectionGnutls, g_tls_connection_gnutls, G, TLS_
struct _GTlsConnectionGnutlsClass
{
GTlsConnectionBaseClass parent_class;
void (*failed) (GTlsConnectionGnutls *tls);
};
gnutls_certificate_credentials_t g_tls_connection_gnutls_get_credentials (GTlsConnectionGnutls *connection);
......
......@@ -204,9 +204,9 @@ g_tls_server_connection_gnutls_retrieve_function (gnutls_session_t
}
static void
g_tls_server_connection_gnutls_failed (GTlsConnectionBase *tls)
g_tls_server_connection_gnutls_failed (GTlsConnectionGnutls *gnutls)
{
gnutls_db_remove_session (g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (tls)));
gnutls_db_remove_session (g_tls_connection_gnutls_get_session (gnutls));
}
static void
......@@ -238,7 +238,6 @@ g_tls_server_connection_gnutls_prepare_handshake (GTlsConnectionBase *tls,
}
/* Session cache management */
static int
g_tls_server_connection_gnutls_db_store (void *user_data,
gnutls_datum_t key,
......@@ -300,13 +299,15 @@ g_tls_server_connection_gnutls_class_init (GTlsServerConnectionGnutlsClass *klas
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
GTlsConnectionGnutlsClass *gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
gobject_class->finalize = g_tls_server_connection_gnutls_finalize;
gobject_class->get_property = g_tls_server_connection_gnutls_get_property;
gobject_class->set_property = g_tls_server_connection_gnutls_set_property;
base_class->prepare_handshake = g_tls_server_connection_gnutls_prepare_handshake;
base_class->failed = g_tls_server_connection_gnutls_failed;
gnutls_class->failed = g_tls_server_connection_gnutls_failed;
g_object_class_override_property (gobject_class, PROP_AUTHENTICATION_MODE, "authentication-mode");
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment