const char msg[] = "Server certificate validation failed, check logs.";
int result;
+ ssize_t size_written;
char buffer[sizeof(HTTP_RESPONSE_FORMAT)
+ 3 * sizeof(error) + sizeof(msg)];
error, "", error, error, msg);
assert(result > 0 && (size_t)result < sizeof(buffer));
- gnutls_record_send(session, buffer, strlen(buffer));
+ size_written = gnutls_record_send(session, buffer, strlen(buffer));
+ if (size_written < 0) {
+ LOG(WARNING, "tls_send_invalid_cert_message(): "
+ "gnutls_record_send(): %s",
+ gnutls_strerror((int)size_written));
+ }
+ /* Just an error message, no need to check if everything was written. */
}
size_read = gnutls_record_recv(from, buffer, buffer_size);
if (size_read < 0) {
+ /* Allow rehandshakes. As handshakes might be insecure make sure that
+ * %SAFE_RENEGOTIATION is used in GnuTLS's priority string. */
+ if (size_read == GNUTLS_E_REHANDSHAKE) {
+ int result;
+
+ LOG(DEBUG1, "server requested TLS rehandshake");
+
+ result = gnutls_handshake(from);
+ if (result != GNUTLS_E_SUCCESS) {
+ LOG(WARNING, "server TLS rehandshake failed: %s",
+ gnutls_strerror(result));
+ return -1;
+ }
+ return 0;
+ }
+
LOG(WARNING, "read_from_write_to_tls(): gnutls_record_recv(): %s",
gnutls_strerror((int)size_read));
return -1;