[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Lynx-dev] [GnuTLS] connection error on re-handshake request
From: |
Andreas Metzler |
Subject: |
[Lynx-dev] [GnuTLS] connection error on re-handshake request |
Date: |
Tue, 1 Sep 2015 19:48:53 +0200 |
User-agent: |
tin/2.3.1-20141224 ("Tallant") (UNIX) (Linux/3.16.0-4-amd64 (x86_64)) |
Hello,
this is http://bugs.debian.org/797059 originally submitted by Enrico
Zini:
| thank you for maintaining lynx. A simple
| lynx https://contributors.debian.org currently fails:
|
| $ lynx -dump -nolist https://contributors.debian.org
|
| Looking up contributors.debian.org
| Making HTTPS connection to contributors.debian.org
| Verified connection to contributors.debian.org
(cert=contributors.debian.org)
| Certificate issued by: /C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard
SSL CA 2
| Secure 256-bit TLS1.2 (ECDHE_RSA_AES_256_GCM_SHA384) HTTP connection
| Sending HTTP request.
| HTTP request sent; waiting for response.
| Alert!: Unexpected network read error; connection aborted.
| Can't Access `https://contributors.debian.org/'
| Alert!: Unable to access document.
|
| lynx: Can't access startfile
|
| We currently added "SSLVerifyClient optional" to the server
| configuration to support authentication with client certificates, but
| client certificates are not required to connect. The relevant apache
| configuration is here:
|
|
https://wiki.debian.org/DebianSingleSignOn#Documentation_for_web_application_owners-1
|
| links can access the site.
Simon Kainz <address@hidden> has diagnosed this as missing rehandshaking
support and has even provided the attached patch to fix this. I would
appreciate some review and integration into lynx upstream.
Thanks in advance, kind regards
Andreas
============================================================================
Description: Add support for GNUTLS rehandshake
Author: Simon Kainz <address@hidden>
Bug-Debian: https://bugs.debian.org/797059
---
Origin: other
Bug-Debian: https://bugs.debian.org/797059
Forwarded: no
--- lynx-cur-2.8.9dev6.orig/WWW/Library/Implementation/tidy_tls.h
+++ lynx-cur-2.8.9dev6/WWW/Library/Implementation/tidy_tls.h
@@ -98,6 +98,9 @@ struct _SSL {
gnutls_transport_ptr_t rfd;
gnutls_transport_ptr_t wfd;
+
+ void *sendbuffer;
+ int bytes_sent;
};
/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
--- lynx-cur-2.8.9dev6.orig/src/tidy_tls.c
+++ lynx-cur-2.8.9dev6/src/tidy_tls.c
@@ -530,7 +530,6 @@ SSL *SSL_new(SSL_CTX * ctx)
{
SSL *ssl;
int rc;
-
if ((ssl = typeCalloc(SSL)) != 0) {
rc = gnutls_certificate_allocate_credentials(&ssl->gnutls_cred);
@@ -564,6 +563,9 @@ SSL *SSL_new(SSL_CTX * ctx)
ssl->wfd = (gnutls_transport_ptr_t) (-1);
}
}
+ ssl->bytes_sent=0;
+ ssl->sendbuffer=0;
+
return ssl;
}
@@ -576,13 +578,22 @@ int SSL_read(SSL * ssl, void *buffer, in
int rc;
rc = gnutls_record_recv(ssl->gnutls_state, buffer, length);
- ssl->last_error = rc;
+ if ( rc <0 && gnutls_error_is_fatal(rc) == 0) {
+ if (rc == GNUTLS_E_REHANDSHAKE ) {
+ rc=gnutls_handshake(ssl->gnutls_state);
+ gnutls_record_send(ssl->gnutls_state,ssl->sendbuffer,ssl->bytes_sent);
+ rc = gnutls_record_recv(ssl->gnutls_state, buffer, length);
+ }
+ }
+
+ ssl->last_error = rc;
+
if (rc < 0) {
- last_error = rc;
- rc = 0;
+ last_error = rc;
+ rc = 0;
}
-
+
return rc;
}
@@ -611,6 +622,15 @@ int SSL_write(SSL * ssl, const void *buf
last_error = rc;
rc = 0;
}
+ else {
+ if (ssl->sendbuffer)
+ {
+ free(ssl->sendbuffer);
+ }
+ ssl->sendbuffer=malloc(rc);
+ ssl->bytes_sent=rc;
+ }
+
return rc;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Lynx-dev] [GnuTLS] connection error on re-handshake request,
Andreas Metzler <=