daemon/tls: fix broken compatibility with gnutls 3.3

author Grigorii Demidov <grigorii.demidov@nic.cz>

Thu, 3 Jan 2019 14:52:25 +0000 (15:52 +0100)

committer Petr Špaček <petr.spacek@nic.cz>

Fri, 4 Jan 2019 13:07:57 +0000 (14:07 +0100)
author Grigorii Demidov <grigorii.demidov@nic.cz>
Thu, 3 Jan 2019 14:52:25 +0000 (15:52 +0100)
committer Petr Špaček <petr.spacek@nic.cz>
Fri, 4 Jan 2019 13:07:57 +0000 (14:07 +0100)
diff --git a/NEWS b/NEWS

index edef30e3a98538b9de3e9ac2eb7adf37be26bdac..270b59f48f5a9a6fb00187291977dba0c793eead 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,11 @@
+Knot Resolver 3.X.Y (2019-0m-dd)
+================================
+
+Bugfixes
+--------
+- policy.TLS_FORWARD: fix problems with gnutls 3.3 (#438)
+
+
  Knot Resolver 3.2.0 (2018-12-17)
  ================================
  
diff --git a/daemon/tls.c b/daemon/tls.c

index 96f724d5396830b5741642b45e48ae4d3b12dd81..02af3a1562d9a981ef11618059500c8db7877fb4 100644 (file)
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -1188,6 +1188,20 @@ void tls_client_ctx_free(struct tls_client_ctx_t *ctx)
         free (ctx);
  }
  
+int  tls_pull_timeout_func(gnutls_transport_ptr_t h, unsigned int ms)
+{
+       struct tls_common_ctx *t = (struct tls_common_ctx *)h;
+       assert(t != NULL);
+       ssize_t avail = t->nread - t->consumed;
+       DEBUG_MSG("[%s] timeout check: available: %zu\n",
+                 t->client_side ? "tls_client" : "tls", avail);
+       if (avail <= 0) {
+               errno = EAGAIN;
+               return -1;
+       }
+       return avail;
+}
+
  int tls_client_connect_start(struct tls_client_ctx_t *client_ctx,
                              struct session *session,
                              tls_handshake_cb handshake_cb)
@@ -1202,6 +1216,7 @@ int tls_client_connect_start(struct tls_client_ctx_t *client_ctx,
  
         gnutls_session_set_ptr(ctx->tls_session, client_ctx);
         gnutls_handshake_set_timeout(ctx->tls_session, ctx->worker->engine->net.tcp.tls_handshake_timeout);
+       gnutls_transport_set_pull_timeout_function(ctx->tls_session, tls_pull_timeout_func);
         session_tls_set_client_ctx(session, client_ctx);
         ctx->handshake_cb = handshake_cb;
         ctx->handshake_state = TLS_HS_IN_PROGRESS;
@@ -1215,8 +1230,7 @@ int tls_client_connect_start(struct tls_client_ctx_t *client_ctx,
  
         /* See https://www.gnutls.org/manual/html_node/Asynchronous-operation.html */
         while (ctx->handshake_state <= TLS_HS_IN_PROGRESS) {
-               /* Don't pass the handshake callback as the connection isn't registered yet. */
-               int ret = tls_handshake(ctx, NULL);
+               int ret = tls_handshake(ctx, handshake_cb);
                 if (ret != kr_ok()) {
                         return ret;
                 }
author	Grigorii Demidov <grigorii.demidov@nic.cz>
	Thu, 3 Jan 2019 14:52:25 +0000 (15:52 +0100)
committer	Petr Špaček <petr.spacek@nic.cz>
	Fri, 4 Jan 2019 13:07:57 +0000 (14:07 +0100)
NEWS		patch \| blob \| blame \| history
daemon/tls.c		patch \| blob \| blame \| history