[GNUnet-SVN] [gnurl] 26/63: sectransp: handle errSSLPeerAuthCompleted fr

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 26/63: sectransp: handle errSSLPeerAuthCompleted fr

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 26/63: sectransp: handle errSSLPeerAuthCompleted from SSLRead()
Date:	Fri, 07 Jun 2019 18:36:48 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit 5c9b2e68a4e30f533a9da84d674f545c3dd27423
Author: Daniel Stenberg <address@hidden>
AuthorDate: Thu May 23 17:16:02 2019 +0200

    sectransp: handle errSSLPeerAuthCompleted from SSLRead()
    
    Reported-by: smuellerDD on github
    Fixes #3932
    Closes #3933
---
 lib/vtls/sectransp.c | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
index 2fdf662a1..3fb125ab5 100644
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@@ -2111,8 +2111,8 @@ static int append_cert_to_array(struct Curl_easy *data,
     return CURLE_OK;
 }
 
-static int verify_cert(const char *cafile, struct Curl_easy *data,
-                       SSLContextRef ctx)
+static CURLcode verify_cert(const char *cafile, struct Curl_easy *data,
+                            SSLContextRef ctx)
 {
   int n = 0, rc;
   long res;
@@ -2370,10 +2370,10 @@ sectransp_connect_step2(struct connectdata *conn, int 
sockindex)
         Leopard's headers */
       case -9841:
         if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) {
-          int res = verify_cert(SSL_CONN_CONFIG(CAfile), data,
-                                BACKEND->ssl_ctx);
-          if(res != CURLE_OK)
-            return res;
+          CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), data,
+                                        BACKEND->ssl_ctx);
+          if(result)
+            return result;
         }
         /* the documentation says we need to call SSLHandshake() again */
         return sectransp_connect_step2(conn, sockindex);
@@ -3186,7 +3186,10 @@ static ssize_t sectransp_recv(struct connectdata *conn,
   /*struct Curl_easy *data = conn->data;*/
   struct ssl_connect_data *connssl = &conn->ssl[num];
   size_t processed = 0UL;
-  OSStatus err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed);
+  OSStatus err;
+
+  again:
+  err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed);
 
   if(err != noErr) {
     switch(err) {
@@ -3207,6 +3210,16 @@ static ssize_t sectransp_recv(struct connectdata *conn,
         return -1L;
         break;
 
+        /* The below is errSSLPeerAuthCompleted; it's not defined in
+           Leopard's headers */
+      case -9841:
+        if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) {
+          CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), conn->data,
+                                        BACKEND->ssl_ctx);
+          if(result)
+            return result;
+        }
+        goto again;
       default:
         failf(conn->data, "SSLRead() return error %d", err);
         *curlcode = CURLE_RECV_ERROR;

-- 
To stop receiving notification emails like this one, please contact
address@hidden.

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 53/63: NTLM: reset proxy "multipass" state when CONNECT request is done, (continued)
- [GNUnet-SVN] [gnurl] 53/63: NTLM: reset proxy "multipass" state when CONNECT request is done, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 58/63: curl_share_setopt.3: improve wording [ci ship], gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 56/63: TODO: "at least N milliseconds between requests" [ci skip], gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 46/63: http2: Stop drain from being permanently set on, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 19/63: os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()., gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 24/63: tool_setopt: for builds with disabled-proxy, skip all proxy setopts(), gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 18/63: .github/FUNDING: mention our opencollective "home" [ci skip], gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 20/63: md4: build correctly with openssl without MD4, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 16/63: tests: Fix the line endings for the SASL alt-auth tests, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 06/63: examples: remove dead variable stores, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 26/63: sectransp: handle errSSLPeerAuthCompleted from SSLRead(), gnunet <=
- [GNUnet-SVN] [gnurl] 38/63: url: default conn->port to the same as conn->remote_port, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 31/63: nss: allow to specify TLS 1.3 ciphers if supported by NSS, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 36/63: multi: track users of a socket better, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 28/63: FAQ: more minor updates and spelling fixes, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 34/63: cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 41/63: url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 40/63: http: fix "error: equality comparison with extraneous parentheses", gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 48/63: singlesocket: use separate variable for inner loop, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 52/63: test334: verify HTTP 204 response with chunked coding header, gnunet, 2019/06/07
- [GNUnet-SVN] [gnurl] 47/63: RELEASE-NOTES: synced, gnunet, 2019/06/07

Prev by Date: [GNUnet-SVN] [gnurl] 06/63: examples: remove dead variable stores
Next by Date: [GNUnet-SVN] [gnurl] branch master updated (7959939f1 -> 5d5e1c738)
Previous by thread: [GNUnet-SVN] [gnurl] 06/63: examples: remove dead variable stores
Next by thread: [GNUnet-SVN] [gnurl] 38/63: url: default conn->port to the same as conn->remote_port
Index(es):
- Date
- Thread