Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Work around gnutls_record_get_direction() bug
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jan 29, 2015
1 parent c36a5f0 commit 9965f1d
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 5 deletions.
6 changes: 3 additions & 3 deletions dtls.c
Expand Up @@ -812,13 +812,13 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
_("DTLS got write error: %s. Falling back to SSL\n"),
gnutls_strerror(ret));
dtls_reconnect(vpninfo);
requeue_packet(&vpninfo->outgoing_queue, this);
work_done = 1;
} else if (gnutls_record_get_direction(vpninfo->dtls_ssl)) {
} else {
/* Wake me up when it becomes writeable */
monitor_write_fd(vpninfo, dtls);
requeue_packet(&vpninfo->outgoing_queue, this);
}

requeue_packet(&vpninfo->outgoing_queue, this);
return work_done;
}
#endif
Expand Down
17 changes: 15 additions & 2 deletions gnutls.c
Expand Up @@ -240,8 +240,21 @@ int ssl_nonblock_write(struct openconnect_info *vpninfo, void *buf, int buflen)
return ret;

if (ret == GNUTLS_E_AGAIN) {
if (gnutls_record_get_direction(vpninfo->https_sess)) {
/* Waiting for the socket to become writable -- it's
/*
* Before 3.3.13, GnuTLS could return zero instead of one,
* indicating that it was waiting for a read when in fact
* it was waiting for a write. That caused us to block for
* ever, waiting for the read that it said it wanted.
*
* So instead, just *assume* it actually wants a write.
* Which is true most of the time, and on the rare occasion
* that it *isn't* true, the failure mode will just be that
* we keep waking up and calling GnuTLS again until the read
* that it's waiting for does arrive.
*/
if (GNUTLS_VERSION_NUMBER < 0x03030d ||
gnutls_record_get_direction(vpninfo->https_sess)) {
/* Waiting for the socket to become writable — it's
probably stalled, and/or the buffers are full */
monitor_write_fd(vpninfo, ssl);
}
Expand Down

0 comments on commit 9965f1d

Please sign in to comment.