From: Grigorii Demidov <grigorii.demidov@nic.cz>
Date: Thu, 3 Jan 2019 14:52:25 +0000 (+0100)
Subject: daemon/tls: fix broken compatibility with gnutls 3.3
X-Git-Tag: v3.2.1~13^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8d63231f5d80fa7294041d8b7604c0e0cb85bdba;p=thirdparty%2Fknot-resolver.git

daemon/tls: fix broken compatibility with gnutls 3.3
---

diff --git a/NEWS b/NEWS
index edef30e3a..270b59f48 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,11 @@
+Knot Resolver 3.X.Y (2019-0m-dd)
+================================
+
+Bugfixes
+--------
+- policy.TLS_FORWARD: fix problems with gnutls 3.3 (#438)
+
+
 Knot Resolver 3.2.0 (2018-12-17)
 ================================
 
diff --git a/daemon/tls.c b/daemon/tls.c
index 96f724d53..02af3a156 100644
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -1188,6 +1188,20 @@ void tls_client_ctx_free(struct tls_client_ctx_t *ctx)
 	free (ctx);
 }
 
+int  tls_pull_timeout_func(gnutls_transport_ptr_t h, unsigned int ms)
+{
+	struct tls_common_ctx *t = (struct tls_common_ctx *)h;
+	assert(t != NULL);
+	ssize_t	avail = t->nread - t->consumed;
+	DEBUG_MSG("[%s] timeout check: available: %zu\n",
+		  t->client_side ? "tls_client" : "tls", avail);
+	if (avail <= 0) {
+		errno = EAGAIN;
+		return -1;
+	}
+	return avail;
+}
+
 int tls_client_connect_start(struct tls_client_ctx_t *client_ctx,
 			     struct session *session,
 			     tls_handshake_cb handshake_cb)
@@ -1202,6 +1216,7 @@ int tls_client_connect_start(struct tls_client_ctx_t *client_ctx,
 
 	gnutls_session_set_ptr(ctx->tls_session, client_ctx);
 	gnutls_handshake_set_timeout(ctx->tls_session, ctx->worker->engine->net.tcp.tls_handshake_timeout);
+	gnutls_transport_set_pull_timeout_function(ctx->tls_session, tls_pull_timeout_func);
 	session_tls_set_client_ctx(session, client_ctx);
 	ctx->handshake_cb = handshake_cb;
 	ctx->handshake_state = TLS_HS_IN_PROGRESS;
@@ -1215,8 +1230,7 @@ int tls_client_connect_start(struct tls_client_ctx_t *client_ctx,
 
 	/* See https://www.gnutls.org/manual/html_node/Asynchronous-operation.html */
 	while (ctx->handshake_state <= TLS_HS_IN_PROGRESS) {
-		/* Don't pass the handshake callback as the connection isn't registered yet. */
-		int ret = tls_handshake(ctx, NULL);
+		int ret = tls_handshake(ctx, handshake_cb);
 		if (ret != kr_ok()) {
 			return ret;
 		}