/* prototypes */
-static void check_rehandshake(socket_st * socket, int ret);
+static void check_server_cmd(socket_st * socket, int ret);
static void init_global_tls_stuff(void);
static int cert_verify_ocsp(gnutls_session_t session);
printf("*** Received alert [%d]: %s\n", alert, str);
}
- check_rehandshake(hd, err);
+ check_server_cmd(hd, err);
return ret;
}
}
}
+static int try_rekey(socket_st * hd)
+{
+ int ret;
+
+ do {
+ ret = gnutls_session_key_update(hd->session, GNUTLS_KU_PEER);
+ } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Rekey has failed: %s\n", gnutls_strerror(ret));
+ return ret;
+ } else {
+ printf("- Rekey was completed\n");
+ return 0;
+ }
+}
+
static int try_resume(socket_st * hd)
{
int ret, socket_flags = 0;
switch (cmd->cmd_found) {
case INLINE_COMMAND_RESUME:
return try_resume(hd);
+ case INLINE_COMMAND_REKEY:
+ return try_rekey(hd);
case INLINE_COMMAND_RENEGOTIATE:
return try_rehandshake(hd);
default:
if (disable_extensions)
init_flags |= GNUTLS_NO_EXTENSIONS;
+ if (HAVE_OPT(SINGLE_KEY_SHARE))
+ init_flags |= GNUTLS_KEY_SHARE_TOP;
+
+ if (HAVE_OPT(POST_HANDSHAKE_AUTH))
+ init_flags |= GNUTLS_POST_HANDSHAKE_AUTH;
+
inline_commands = HAVE_OPT(INLINE_COMMANDS);
if (HAVE_OPT(INLINE_COMMANDS_PREFIX)) {
if (strlen(OPT_ARG(INLINE_COMMANDS_PREFIX)) > 1) {
}
}
-static void check_rehandshake(socket_st * socket, int ret)
+static void check_server_cmd(socket_st * socket, int ret)
{
- if (socket->secure && ret == GNUTLS_E_REHANDSHAKE) {
- /* There is a race condition here. If application
- * data is sent after the rehandshake request,
- * the server thinks we ignored his request.
- * This is a bad design of this client.
- */
- printf("*** Received rehandshake request\n");
- /* gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_NO_RENEGOTIATION); */
+ if (socket->secure) {
+ if (ret == GNUTLS_E_REHANDSHAKE) {
+ /* There is a race condition here. If application
+ * data is sent after the rehandshake request,
+ * the server thinks we ignored his request.
+ * This is a bad design of this client.
+ */
+ printf("*** Received rehandshake request\n");
+ /* gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_NO_RENEGOTIATION); */
+
+ ret = do_handshake(socket);
- ret = do_handshake(socket);
+ if (ret == 0) {
+ printf("*** Rehandshake was performed.\n");
+ } else {
+ printf("*** Rehandshake Failed: %s\n", gnutls_strerror(ret));
+ }
+ } else if (ret == GNUTLS_E_REAUTH_REQUEST) {
+ do {
+ ret = gnutls_reauth(socket->session, 0);
+ } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret == 0) {
- printf("*** Rehandshake was performed.\n");
- } else {
- printf("*** Rehandshake Failed.\n");
+ if (ret == 0) {
+ printf("*** Re-auth was performed.\n");
+ } else {
+ printf("*** Re-auth failed: %s\n", gnutls_strerror(ret));
+ }
}
}
}
*/
typedef enum INLINE_COMMAND { INLINE_COMMAND_NONE,
INLINE_COMMAND_RESUME,
- INLINE_COMMAND_RENEGOTIATE
+ INLINE_COMMAND_RENEGOTIATE,
+ INLINE_COMMAND_REKEY
} inline_command_t;
#define NUM_INLINE_COMMANDS 2
/* All inline commands will contain a trailing LF */
struct inline_command_definitions inline_commands_def[] = {
{INLINE_COMMAND_RESUME, "^resume^\n"},
+ {INLINE_COMMAND_REKEY, "^rekey^\n"},
{INLINE_COMMAND_RENEGOTIATE, "^renegotiate^\n"},
};
priorities = "NORMAL";
if (dtls)
- gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_POST_HANDSHAKE_AUTH);
else
- gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_POST_HANDSHAKE_AUTH);
/* allow the use of private ciphersuites.
*/
strip(request);
fprintf(stderr, "received: %s\n", request);
if (check_command(session, request)) {
- *response = NULL;
- *response_length = 0;
+ *response = strdup("Successfully executed command\n");
+ if (*response == NULL) {
+ fprintf(stderr, "Memory error\n");
+ exit(1);
+ }
+ *response_length = strlen(*response);
return;
}
*response = strdup(request);
projects / thirdparty / gnutls.git / commitdiff
