Changeset 80acb6d

Timestamp:

2011-11-14T10:43:03Z (13 years ago)

Author:

Wilmer van der Gaast <wilmer@…>

Branches:

master

Children:

5dd725d

Parents:

03a8f8e

Message:

GnuTLS now also needs ssl_pending() implemented. Bug #860.

Location:

lib

Files:

• http_client.c (modified) (1 diff)
• ssl_client.h (modified) (1 diff)
• ssl_gnutls.c (modified) (4 diffs)
• ssl_nss.c (modified) (1 diff)
• ssl_openssl.c (modified) (1 diff)

lib/http_client.c

@@ -240 +240 @@
                                  http_incoming_data, req );
         
-        return FALSE;
+        if( ssl_pending( req->ssl ) )
+                return http_incoming_data( data, source, cond );
+        else
+                return FALSE;
 
 got_reply:

lib/ssl_client.h

@@ -63 +63 @@
 G_MODULE_EXPORT int ssl_write( void *conn, const char *buf, int len );
 
-/* See ssl_openssl.c for an explanation. */
+/* Now needed by most SSL libs. See for more info:
+   http://www.gnu.org/software/gnutls/manual/gnutls.html#index-gnutls_005frecord_005fcheck_005fpending-209
+   http://www.openssl.org/docs/ssl/SSL_pending.html
+   
+   Required because OpenSSL empties the TCP buffer completely but doesn't
+   necessarily give us all the unencrypted data. Or maybe you didn't ask
+   for all of it because your buffer is too small.
+   
+   Returns 0 if there's nothing left, 1 if there's more data. */
 G_MODULE_EXPORT int ssl_pending( void *conn );
 

lib/ssl_gnutls.c

@@ -135 +135 @@
         gnutls_certificate_allocate_credentials( &conn->xcred );
         gnutls_init( &conn->session, GNUTLS_CLIENT );
-        gnutls_transport_set_lowat( conn->session, 1 ); 
+#if GNUTLS_VERSION_NUMBER < 0x020c00
+        gnutls_transport_set_lowat( conn->session, 0 );
+#endif
         gnutls_set_default_priority( conn->session );
         gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred );
@@ -187 +189 @@
         {
                 ssl_errno = SSL_NOHANDSHAKE;
-                return( -1 );
+                return -1;
         }
         
@@ -208 +210 @@
         {
                 ssl_errno = SSL_NOHANDSHAKE;
-                return( -1 );
+                return -1;
         }
         
@@ -222 +224 @@
 }
 
-/* See ssl_openssl.c for an explanation. */
 int ssl_pending( void *conn )
 {
-        return 0;
+        if( conn == NULL )
+                return 0;
+        
+        if( !((struct scd*)conn)->established )
+        {
+                ssl_errno = SSL_NOHANDSHAKE;
+                return 0;
+        }
+        
+        return gnutls_record_check_pending( ((struct scd*)conn)->session ) != 0;
 }
 

lib/ssl_nss.c

@@ -207 +207 @@
 }
 
-/* See ssl_openssl.c for an explanation. */
 int ssl_pending( void *conn )
 {

lib/ssl_openssl.c

@@ -241 +241 @@
 }
 
-/* Only OpenSSL *really* needs this (and well, maybe NSS). See for more info:
-   http://www.gnu.org/software/gnutls/manual/gnutls.html#index-gnutls_005frecord_005fcheck_005fpending-209
-   http://www.openssl.org/docs/ssl/SSL_pending.html
-   
-   Required because OpenSSL empties the TCP buffer completely but doesn't
-   necessarily give us all the unencrypted data.
-   
-   Returns 0 if there's nothing left or if we don't have to care (GnuTLS),
-   1 if there's more data. */
 int ssl_pending( void *conn )
 {