forked from enlightenment/efl
implement ssl rehandshakes
convert bool variable to bool fix bug where ssl read/write could improperly result in disconnect SVN revision: 52710
This commit is contained in:
parent
8ea3bbdd2e
commit
0d535058a9
|
@ -1796,17 +1796,20 @@ _ecore_con_cl_read(Ecore_Con_Server *svr)
|
|||
for (tries = 0; tries < 16; tries++)
|
||||
{
|
||||
int num;
|
||||
int lost_server = 1;
|
||||
Eina_Bool lost_server = EINA_TRUE;
|
||||
unsigned char buf[READBUFSIZ];
|
||||
|
||||
if (svr->handshaking && (!ecore_con_ssl_server_init(svr)))
|
||||
lost_server = EINA_FALSE;
|
||||
|
||||
if (!(svr->type & ECORE_CON_SSL))
|
||||
{
|
||||
num = read(svr->fd, buf, READBUFSIZ);
|
||||
if ((num < 0) && (errno == EAGAIN))
|
||||
lost_server = 0;
|
||||
lost_server = EINA_FALSE;
|
||||
}
|
||||
else if (!(num = ecore_con_ssl_server_read(svr, buf, READBUFSIZ)))
|
||||
lost_server = 0;
|
||||
lost_server = EINA_FALSE;
|
||||
|
||||
if (num < 1)
|
||||
{
|
||||
|
@ -2121,6 +2124,9 @@ _ecore_con_svr_cl_read(Ecore_Con_Client *cl)
|
|||
|
||||
errno = 0;
|
||||
|
||||
if (cl->handshaking && (!ecore_con_ssl_client_init(cl)))
|
||||
lost_client = EINA_FALSE;
|
||||
|
||||
if (!(cl->host_server->type & ECORE_CON_SSL))
|
||||
{
|
||||
if ((num = read(cl->fd, buf, READBUFSIZ)) <= 0)
|
||||
|
@ -2259,19 +2265,17 @@ _ecore_con_server_flush(Ecore_Con_Server *svr)
|
|||
|
||||
num = svr->write_buf_size - svr->write_buf_offset;
|
||||
|
||||
if (!(svr->type & ECORE_CON_SSL))
|
||||
count = write(
|
||||
svr->fd, svr->write_buf + svr->write_buf_offset, num);
|
||||
else
|
||||
count = ecore_con_ssl_server_write(
|
||||
svr, svr->write_buf + svr->write_buf_offset, num);
|
||||
if (svr->handshaking && (ecore_con_ssl_server_init(svr)))
|
||||
return _ecore_con_server_kill(svr);
|
||||
|
||||
if (count < 1)
|
||||
{
|
||||
if (!(svr->type & ECORE_CON_SSL))
|
||||
count = write(svr->fd, svr->write_buf + svr->write_buf_offset, num);
|
||||
else
|
||||
count = ecore_con_ssl_server_write(svr, svr->write_buf + svr->write_buf_offset, num);
|
||||
|
||||
if (count < 0)
|
||||
/* we lost our server! */
|
||||
_ecore_con_server_kill(svr);
|
||||
return;
|
||||
}
|
||||
return _ecore_con_server_kill(svr);
|
||||
|
||||
svr->write_buf_offset += count;
|
||||
if (svr->write_buf_offset >= svr->write_buf_size)
|
||||
|
@ -2281,27 +2285,31 @@ _ecore_con_server_flush(Ecore_Con_Server *svr)
|
|||
free(svr->write_buf);
|
||||
svr->write_buf = NULL;
|
||||
if (svr->fd_handler)
|
||||
ecore_main_fd_handler_active_set(svr->fd_handler,
|
||||
ECORE_FD_READ);
|
||||
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_READ);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
_ecore_con_client_flush(Ecore_Con_Client *cl)
|
||||
{
|
||||
int count, num;
|
||||
int num, count = 0;
|
||||
|
||||
if (!cl->buf)
|
||||
return;
|
||||
|
||||
num = cl->buf_size - cl->buf_offset;
|
||||
if (!(cl->host_server->type & ECORE_CON_SSL))
|
||||
count = write(
|
||||
cl->fd, cl->buf + cl->buf_offset, num);
|
||||
else
|
||||
count = ecore_con_ssl_client_write(cl, cl->buf + cl->buf_offset, num);
|
||||
if (cl->handshaking && (ecore_con_ssl_client_init(cl)))
|
||||
count = -1;
|
||||
|
||||
if (count < 1)
|
||||
if (!count)
|
||||
{
|
||||
num = cl->buf_size - cl->buf_offset;
|
||||
if (!(cl->host_server->type & ECORE_CON_SSL))
|
||||
count = write(cl->fd, cl->buf + cl->buf_offset, num);
|
||||
else
|
||||
count = ecore_con_ssl_client_write(cl, cl->buf + cl->buf_offset, num);
|
||||
}
|
||||
|
||||
if (count < 0)
|
||||
{
|
||||
if ((errno == EIO) || (errno == EBADF) || (errno == EPIPE) ||
|
||||
(errno == EINVAL) || (errno == ENOSPC) || (errno == ECONNREFUSED))
|
||||
|
|
|
@ -439,7 +439,7 @@ _ecore_con_ssl_server_init_gnutls(Ecore_Con_Server *svr)
|
|||
if (!((svr->type & ECORE_CON_SSL) & ECORE_CON_LOAD_CERT))
|
||||
{
|
||||
int kx[] = { GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_ANON_DH, 0 };
|
||||
int cipher[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, 0 };
|
||||
int cipher[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_DES_CBC, 0 };
|
||||
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_cipher_set_priority(svr->session, cipher));
|
||||
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_kx_set_priority(svr->session, kx));
|
||||
}
|
||||
|
@ -579,13 +579,25 @@ _ecore_con_ssl_server_read_gnutls(Ecore_Con_Server *svr, unsigned char *buf,
|
|||
{
|
||||
int num;
|
||||
|
||||
if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
|
||||
{
|
||||
if (!ecore_con_ssl_server_init_gnutls(svr))
|
||||
return 0;
|
||||
return -1;
|
||||
}
|
||||
|
||||
num = gnutls_record_recv(svr->session, buf, size);
|
||||
if (num > 0)
|
||||
return num;
|
||||
|
||||
if ((num == GNUTLS_E_AGAIN) ||
|
||||
(num == GNUTLS_E_REHANDSHAKE) ||
|
||||
(num == GNUTLS_E_INTERRUPTED))
|
||||
if (num == GNUTLS_E_REHANDSHAKE)
|
||||
{
|
||||
svr->handshaking = EINA_TRUE;
|
||||
svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
|
||||
if (!_ecore_con_ssl_server_init_gnutls(svr))
|
||||
return 0;
|
||||
}
|
||||
else if ((num == GNUTLS_E_AGAIN) || (num == GNUTLS_E_INTERRUPTED))
|
||||
return 0;
|
||||
|
||||
return -1;
|
||||
|
@ -597,13 +609,26 @@ _ecore_con_ssl_server_write_gnutls(Ecore_Con_Server *svr, unsigned char *buf,
|
|||
{
|
||||
int num;
|
||||
|
||||
|
||||
if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
|
||||
{
|
||||
if (!_ecore_con_ssl_server_init_gnutls(svr))
|
||||
return 0;
|
||||
return -1;
|
||||
}
|
||||
|
||||
num = gnutls_record_send(svr->session, buf, size);
|
||||
if (num > 0)
|
||||
return num;
|
||||
|
||||
if ((num == GNUTLS_E_AGAIN) ||
|
||||
(num == GNUTLS_E_REHANDSHAKE) ||
|
||||
(num == GNUTLS_E_INTERRUPTED))
|
||||
if (num == GNUTLS_E_REHANDSHAKE)
|
||||
{
|
||||
svr->handshaking = EINA_TRUE;
|
||||
svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
|
||||
if (!_ecore_con_ssl_server_init_gnutls(svr))
|
||||
return 0;
|
||||
}
|
||||
else if ((num == GNUTLS_E_AGAIN) || (num == GNUTLS_E_INTERRUPTED))
|
||||
return 0;
|
||||
|
||||
return -1;
|
||||
|
@ -795,13 +820,25 @@ _ecore_con_ssl_client_read_gnutls(Ecore_Con_Client *cl, unsigned char *buf,
|
|||
{
|
||||
int num;
|
||||
|
||||
if (cl->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
|
||||
{
|
||||
if (!_ecore_con_ssl_client_init_gnutls(cl))
|
||||
return 0;
|
||||
return -1;
|
||||
}
|
||||
|
||||
num = gnutls_record_recv(cl->session, buf, size);
|
||||
if (num > 0)
|
||||
return num;
|
||||
|
||||
if ((num == GNUTLS_E_AGAIN) ||
|
||||
(num == GNUTLS_E_REHANDSHAKE) ||
|
||||
(num == GNUTLS_E_INTERRUPTED))
|
||||
if (num == GNUTLS_E_REHANDSHAKE)
|
||||
{
|
||||
cl->handshaking = EINA_TRUE;
|
||||
cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
|
||||
if (!_ecore_con_ssl_client_init_gnutls(cl))
|
||||
return 0;
|
||||
}
|
||||
else if ((num == GNUTLS_E_AGAIN) || (num == GNUTLS_E_INTERRUPTED))
|
||||
return 0;
|
||||
|
||||
return -1;
|
||||
|
@ -813,13 +850,26 @@ _ecore_con_ssl_client_write_gnutls(Ecore_Con_Client *cl, unsigned char *buf,
|
|||
{
|
||||
int num;
|
||||
|
||||
|
||||
if (cl->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
|
||||
{
|
||||
if (!_ecore_con_ssl_client_init_gnutls(cl))
|
||||
return 0;
|
||||
return -1;
|
||||
}
|
||||
|
||||
num = gnutls_record_send(cl->session, buf, size);
|
||||
if (num > 0)
|
||||
return num;
|
||||
|
||||
if ((num == GNUTLS_E_AGAIN) ||
|
||||
(num == GNUTLS_E_REHANDSHAKE) ||
|
||||
(num == GNUTLS_E_INTERRUPTED))
|
||||
if (num == GNUTLS_E_REHANDSHAKE)
|
||||
{
|
||||
cl->handshaking = EINA_TRUE;
|
||||
cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
|
||||
if (!_ecore_con_ssl_client_init_gnutls(cl))
|
||||
return 0;
|
||||
}
|
||||
else if ((num == GNUTLS_E_AGAIN) || (num == GNUTLS_E_INTERRUPTED))
|
||||
return 0;
|
||||
|
||||
return -1;
|
||||
|
@ -1105,15 +1155,10 @@ _ecore_con_ssl_server_read_openssl(Ecore_Con_Server *svr, unsigned char *buf,
|
|||
|
||||
if (svr->fd_handler)
|
||||
{
|
||||
if (svr->ssl && svr->ssl_err ==
|
||||
SSL_ERROR_WANT_READ)
|
||||
ecore_main_fd_handler_active_set(svr->fd_handler,
|
||||
ECORE_FD_READ);
|
||||
else if (svr->ssl && svr->ssl_err ==
|
||||
SSL_ERROR_WANT_WRITE)
|
||||
ecore_main_fd_handler_active_set(
|
||||
svr->fd_handler,
|
||||
ECORE_FD_WRITE);
|
||||
if (svr->ssl && svr->ssl_err == SSL_ERROR_WANT_READ)
|
||||
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_READ);
|
||||
else if (svr->ssl && svr->ssl_err == SSL_ERROR_WANT_WRITE)
|
||||
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_WRITE);
|
||||
}
|
||||
|
||||
if ((svr->ssl_err == SSL_ERROR_ZERO_RETURN) ||
|
||||
|
|
Loading…
Reference in New Issue