#include <limits.h>
#include <netdb.h>
#include <poll.h>
+#include <sys/socket.h>
#include <unistd.h>
#include <gnutls/x509.h>
const char msg[] = "Server certificate validation failed, check logs.";
int result;
+ ssize_t size_written;
char buffer[sizeof(HTTP_RESPONSE_FORMAT)
+ 3 * sizeof(error) + sizeof(msg)];
error, "", error, error, msg);
assert(result > 0 && (size_t)result < sizeof(buffer));
- gnutls_record_send(session, buffer, strlen(buffer));
+ size_written = gnutls_record_send(session, buffer, strlen(buffer));
+ if (size_written < 0) {
+ LOG(WARNING, "tls_send_invalid_cert_message(): "
+ "gnutls_record_send(): %s",
+ gnutls_strerror((int)size_written));
+ }
+ /* Just an error message, no need to check if everything was written. */
}
return -1;
}
if (size_read != size_written) {
- LOG(ERROR, "read_from_write_to(): only written %ld of %ld bytes!",
- (long int)size_written, (long int)size_read);
+ LOG(ERROR, "read_from_write_to(): only written %zu of %zu bytes!",
+ size_written, size_read);
return -1;
}
if (gnutls_record_get_max_size(server_session) < buffer_size) {
buffer_size = gnutls_record_get_max_size(server_session);
}
- LOG(DEBUG2, "transfer_data_tls(): suggested buffer size: %ld",
- (long int)buffer_size);
+ LOG(DEBUG2, "transfer_data_tls(): suggested buffer size: %zu",
+ buffer_size);
for (;;) {
int result = poll(fds, 2 /* fd count */, -1 /* no timeout */);
char buffer[16384]; /* GnuTLS default maximum */
if (buffer_size > sizeof(buffer)) {
- LOG(WARNING, "read_from_write_to_tls(): reduced buffer size to %ld",
- (long int)(sizeof(buffer)));
+ LOG(WARNING, "read_from_write_to_tls(): reduced buffer size to %zu",
+ sizeof(buffer));
buffer_size = sizeof(buffer);
}
size_read = gnutls_record_recv(from, buffer, buffer_size);
if (size_read < 0) {
+ /* Allow rehandshakes. As handshakes might be insecure make sure that
+ * %SAFE_RENEGOTIATION is used in GnuTLS's priority string. */
+ if (size_read == GNUTLS_E_REHANDSHAKE) {
+ int result;
+
+ LOG(DEBUG1, "server requested TLS rehandshake");
+
+ result = gnutls_handshake(from);
+ if (result != GNUTLS_E_SUCCESS) {
+ LOG(WARNING, "server TLS rehandshake failed: %s",
+ gnutls_strerror(result));
+ return -1;
+ }
+ return 0;
+ }
+
LOG(WARNING, "read_from_write_to_tls(): gnutls_record_recv(): %s",
gnutls_strerror((int)size_read));
return -1;
return -1;
}
if (size_read != size_written) {
- LOG(ERROR, "read_from_write_to_tls(): only written %ld of %ld bytes!",
- (long int)size_written, (long int)size_read);
+ LOG(ERROR, "read_from_write_to_tls(): only written %zu of %zu bytes!",
+ size_written, size_read);
return -1;
}
gai_hints.ai_protocol = 0;
gai_hints.ai_flags = AI_NUMERICSERV /* given port is numeric */
| AI_ADDRCONFIG /* supported by this computer */
- | AI_V4MAPPED; /* support IPv4 through IPv6 */
+ ;
gai_return = getaddrinfo(hostname, port, &gai_hints, &gai_result);
if (gai_return != 0) {
if (gai_return == EAI_SYSTEM) {