Commit 632b6f1b authored by Sebastien Decugis's avatar Sebastien Decugis
Browse files

Add timeout in gnutls_handshake for version 3.1.x

parent ca008917
...@@ -455,6 +455,10 @@ int diameap_tls_process_receive(struct tls_data * data) ...@@ -455,6 +455,10 @@ int diameap_tls_process_receive(struct tls_data * data)
int ret; int ret;
data->p_length = data->tlsResp.datalength; data->p_length = data->tlsResp.datalength;
#ifdef GNUTLS_VERSION_310
gnutls_handshake_set_timeout( data->session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
#endif /* GNUTLS_VERSION_310 */
ret = gnutls_handshake(data->session); ret = gnutls_handshake(data->session);
if (ret < 0) if (ret < 0)
......
...@@ -841,7 +841,10 @@ again: ...@@ -841,7 +841,10 @@ again:
{ {
switch (ret) { switch (ret) {
case GNUTLS_E_REHANDSHAKE: case GNUTLS_E_REHANDSHAKE:
if (!fd_cnx_teststate(conn, CC_STATUS_CLOSING)) if (!fd_cnx_teststate(conn, CC_STATUS_CLOSING)) {
#ifdef GNUTLS_VERSION_310
GNUTLS_TRACE( gnutls_handshake_set_timeout( session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT));
#endif /* GNUTLS_VERSION_310 */
CHECK_GNUTLS_DO( ret = gnutls_handshake(session), CHECK_GNUTLS_DO( ret = gnutls_handshake(session),
{ {
if (TRACE_BOOL(INFO)) { if (TRACE_BOOL(INFO)) {
...@@ -849,6 +852,7 @@ again: ...@@ -849,6 +852,7 @@ again:
} }
goto end; goto end;
} ); } );
}
case GNUTLS_E_AGAIN: case GNUTLS_E_AGAIN:
case GNUTLS_E_INTERRUPTED: case GNUTLS_E_INTERRUPTED:
...@@ -885,7 +889,11 @@ again: ...@@ -885,7 +889,11 @@ again:
{ {
switch (ret) { switch (ret) {
case GNUTLS_E_REHANDSHAKE: case GNUTLS_E_REHANDSHAKE:
if (!fd_cnx_teststate(conn, CC_STATUS_CLOSING)) if (!fd_cnx_teststate(conn, CC_STATUS_CLOSING)) {
#ifdef GNUTLS_VERSION_310
GNUTLS_TRACE( gnutls_handshake_set_timeout( session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT));
#endif /* GNUTLS_VERSION_310 */
CHECK_GNUTLS_DO( ret = gnutls_handshake(session), CHECK_GNUTLS_DO( ret = gnutls_handshake(session),
{ {
if (TRACE_BOOL(INFO)) { if (TRACE_BOOL(INFO)) {
...@@ -893,6 +901,7 @@ again: ...@@ -893,6 +901,7 @@ again:
} }
goto end; goto end;
} ); } );
}
case GNUTLS_E_AGAIN: case GNUTLS_E_AGAIN:
case GNUTLS_E_INTERRUPTED: case GNUTLS_E_INTERRUPTED:
...@@ -1286,7 +1295,10 @@ int fd_cnx_handshake(struct cnxctx * conn, int mode, char * priority, void * alt ...@@ -1286,7 +1295,10 @@ int fd_cnx_handshake(struct cnxctx * conn, int mode, char * priority, void * alt
/* Handshake master session */ /* Handshake master session */
{ {
int ret; int ret;
#ifdef GNUTLS_VERSION_310
GNUTLS_TRACE( gnutls_handshake_set_timeout( conn->cc_tls_para.session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT));
#endif /* GNUTLS_VERSION_310 */
/* When gnutls 2.10.1 is around, we should use gnutls_certificate_set_verify_function and fd_tls_verify_credentials, so that handshake fails directly. */ /* When gnutls 2.10.1 is around, we should use gnutls_certificate_set_verify_function and fd_tls_verify_credentials, so that handshake fails directly. */
CHECK_GNUTLS_DO( ret = gnutls_handshake(conn->cc_tls_para.session), CHECK_GNUTLS_DO( ret = gnutls_handshake(conn->cc_tls_para.session),
......
...@@ -462,6 +462,9 @@ static void * handshake_resume_th(void * arg) ...@@ -462,6 +462,9 @@ static void * handshake_resume_th(void * arg)
} }
TRACE_DEBUG(FULL, "Starting TLS resumed handshake on stream %hu", ctx->strid); TRACE_DEBUG(FULL, "Starting TLS resumed handshake on stream %hu", ctx->strid);
#ifdef GNUTLS_VERSION_310
GNUTLS_TRACE( gnutls_handshake_set_timeout( ctx->session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT));
#endif /* GNUTLS_VERSION_310 */
CHECK_GNUTLS_DO( gnutls_handshake( ctx->session ), return NULL); CHECK_GNUTLS_DO( gnutls_handshake( ctx->session ), return NULL);
GNUTLS_TRACE( resumed = gnutls_session_is_resumed(ctx->session) ); GNUTLS_TRACE( resumed = gnutls_session_is_resumed(ctx->session) );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment