confirmation that debian #480041 is a gnutls problem, and steps to reproduce
Joe Orton
joe at manyfish.co.uk
Fri Nov 21 14:20:40 CET 2008
On Fri, Nov 21, 2008 at 03:03:49PM +0200, Nikos Mavrogiannopoulos wrote:
> Actually you only need to do this test on record_recv().
OK.
> Note that usually servers request upgrade in order to receive a client
> certificate, thus it might be a good idea to notify or prompt the user
> about that.
neon already has a callback which does that, yeah.
Daniel, can you try this neon patch?
Index: src/ne_socket.c
===================================================================
--- src/ne_socket.c (revision 1607)
+++ src/ne_socket.c (working copy)
@@ -750,13 +750,15 @@
static ssize_t read_gnutls(ne_socket *sock, char *buffer, size_t len)
{
ssize_t ret;
+ int reneg = 1; /* number of rehandshakes allowed */
ret = readable_gnutls(sock, sock->rdtimeout);
if (ret) return ret;
do {
ret = gnutls_record_recv(sock->ssl, buffer, len);
- } while (RETRY_GNUTLS(sock, ret));
+ } while (RETRY_GNUTLS(sock, ret)
+ || (ret == GNUTLS_E_REHANDSHAKE && reneg-- > 0));
if (ret <= 0)
ret = error_gnutls(sock, ret);
More information about the Gnutls-devel
mailing list