daemon/tls: fix handling of GNUTLS_E_AGAIN

The code incorrectly assumes GNUTLS_E_AGAIN can only be caused
by reading the entire libuv buffer. Legitime causes of GNUTLS_E_AGAIN
wouldn't be processed correctly. These could be caused by a new
session ticket sent by the server.

Fixes #489

diff --git a/NEWS b/NEWS
index e5b8aea4c12a90e6ac80c7973b024c455394e3b5..56320ddadad9a1608647fc0615d9f082d4c1a907 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,11 @@
+Knot Resolver 4.y.z (2019-aa-bb)
+================================
+
+Bugfixes
+--------
+
+- tls_client: fix issue with TLS session resumption (#489)
+
 Knot Resolver 4.1.0 (2019-07-10)
 ================================
 

diff --git a/daemon/tls.c b/daemon/tls.c
index add784b65a980adca61315c0a91f4bd8f49191a1..f88267626ce863252ce7e0597998f5666e8c9025 100644 (file)
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -484,7 +484,11 @@ ssize_t tls_process_input_data(struct session *s, const uint8_t *buf, ssize_t nr
        while (true) {
                ssize_t count = gnutls_record_recv(tls_p->tls_session, wire_buf, wire_buf_size);
                if (count == GNUTLS_E_AGAIN) {
-                       break; /* No data available */
+                       if (tls_p->consumed == tls_p->nread) {
+                               /* See https://www.gnutls.org/manual/html_node/Asynchronous-operation.html */
+                               break; /* No more data available in this libuv buffer */
+                       }
+                       continue;
                } else if (count == GNUTLS_E_INTERRUPTED) {
                        continue;
                } else if (count == GNUTLS_E_REHANDSHAKE) {