From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Fri, 19 Jul 2019 13:25:38 +0000 (+0200)
Subject: daemon/tls: fix handling of GNUTLS_E_AGAIN
X-Git-Tag: v4.2.0~5^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d11ed9da4c2568cd7bbc65f21021aa190b1fdb6d;p=thirdparty%2Fknot-resolver.git

daemon/tls: fix handling of GNUTLS_E_AGAIN

The code incorrectly assumes GNUTLS_E_AGAIN can only be caused
by reading the entire libuv buffer. Legitime causes of GNUTLS_E_AGAIN
wouldn't be processed correctly. These could be caused by a new
session ticket sent by the server.

Fixes #489
---

diff --git a/NEWS b/NEWS
index e5b8aea4c..56320ddad 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,11 @@
+Knot Resolver 4.y.z (2019-aa-bb)
+================================
+
+Bugfixes
+--------
+
+- tls_client: fix issue with TLS session resumption (#489)
+
 Knot Resolver 4.1.0 (2019-07-10)
 ================================
 
diff --git a/daemon/tls.c b/daemon/tls.c
index add784b65..f88267626 100644
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -484,7 +484,11 @@ ssize_t tls_process_input_data(struct session *s, const uint8_t *buf, ssize_t nr
 	while (true) {
 		ssize_t count = gnutls_record_recv(tls_p->tls_session, wire_buf, wire_buf_size);
 		if (count == GNUTLS_E_AGAIN) {
-			break; /* No data available */
+			if (tls_p->consumed == tls_p->nread) {
+				/* See https://www.gnutls.org/manual/html_node/Asynchronous-operation.html */
+				break; /* No more data available in this libuv buffer */
+			}
+			continue;
 		} else if (count == GNUTLS_E_INTERRUPTED) {
 			continue;
 		} else if (count == GNUTLS_E_REHANDSHAKE) {