File 0002-repeat-gnutls_handshake-call-in-case-of-warnings.patch of Package csync2.19969
From c0faaf9dda0c8301d46c2145a0bbaccf3de8bb14 Mon Sep 17 00:00:00 2001
From: Malte Kraus <malte.kraus@suse.com>
Date: Tue, 13 Aug 2019 13:36:26 +0200
Subject: [PATCH 2/3] repeat gnutls_handshake() call in case of warnings
that's what the semantics of this call require
---
conn.c | 71 ++++++++++++++++++++++++++++++++--------------------------
1 file changed, 39 insertions(+), 32 deletions(-)
diff --git a/conn.c b/conn.c
index be26f72..c013860 100644
--- a/conn.c
+++ b/conn.c
@@ -276,6 +276,7 @@ int conn_activate_ssl(int server_role)
char *ssl_keyfile;
char *ssl_certfile;
int err;
+ int handshake_repeat = 0;
if (csync_conn_usessl)
return 0;
@@ -333,40 +334,46 @@ int conn_activate_ssl(int server_role)
(gnutls_transport_ptr_t)(long)conn_fd_out
);
- err = gnutls_handshake(conn_tls_session);
- switch(err) {
- case GNUTLS_E_SUCCESS:
- break;
-
- case GNUTLS_E_WARNING_ALERT_RECEIVED:
- alrt = gnutls_alert_get(conn_tls_session);
- fprintf(
- csync_debug_out,
- "SSL: warning alert received from peer: %d (%s).\n",
- alrt, gnutls_alert_get_name(alrt)
- );
- break;
-
- case GNUTLS_E_FATAL_ALERT_RECEIVED:
- alrt = gnutls_alert_get(conn_tls_session);
- fprintf(
- csync_debug_out,
- "SSL: fatal alert received from peer: %d (%s).\n",
- alrt, gnutls_alert_get_name(alrt)
- );
- default:
- gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
- gnutls_deinit(conn_tls_session);
- gnutls_certificate_free_credentials(conn_x509_cred);
- gnutls_global_deinit();
+ do {
+ handshake_repeat = 0;
+ err = gnutls_handshake(conn_tls_session);
+ switch(err) {
+ case GNUTLS_E_SUCCESS:
+ break;
- csync_fatal(
- "SSL: handshake failed: %s (%s)\n",
- gnutls_strerror(err),
- gnutls_strerror_name(err)
- );
- }
+ case GNUTLS_E_WARNING_ALERT_RECEIVED:
+ alrt = gnutls_alert_get(conn_tls_session);
+ fprintf(
+ csync_debug_out,
+ "SSL: warning alert received from peer: %d (%s).\n",
+ alrt, gnutls_alert_get_name(alrt)
+ );
+ handshake_repeat = 1;
+ break;
+
+ case GNUTLS_E_FATAL_ALERT_RECEIVED:
+ alrt = gnutls_alert_get(conn_tls_session);
+ fprintf(
+ csync_debug_out,
+ "SSL: fatal alert received from peer: %d (%s).\n",
+ alrt, gnutls_alert_get_name(alrt)
+ );
+ // fall-through!
+
+ default:
+ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
+ gnutls_deinit(conn_tls_session);
+ gnutls_certificate_free_credentials(conn_x509_cred);
+ gnutls_global_deinit();
+
+ csync_fatal(
+ "SSL: handshake failed: %s (%s)\n",
+ gnutls_strerror(err),
+ gnutls_strerror_name(err)
+ );
+ }
+ } while (handshake_repeat);
csync_conn_usessl = 1;
--
2.26.2