about summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES7
-rw-r--r--WWW/Library/Implementation/tidy_tls.h7
-rw-r--r--src/tidy_tls.c20
3 files changed, 29 insertions, 5 deletions
diff --git a/CHANGES b/CHANGES
index 9d7200b3..4f51a9e0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,9 +1,12 @@
--- $LynxId: CHANGES,v 1.801 2015/06/02 00:32:43 tom Exp $
+-- $LynxId: CHANGES,v 1.802 2015/09/02 00:16:04 tom Exp $
 ===============================================================================
 Changes since Lynx 2.8 release
 ===============================================================================
 
-2015-05-27 (2.8.9dev.7)
+2015-09-01 (2.8.9dev.7)
+* fix for gnutls logic to support rehandshake on negotiation for optional
+  client certificate, e.g., for https://contributors.debian.org (patch by
+  Simon Kainz, Debian #797059).
 * update sv.po from
     http://translationproject.org/latest/lynx
 * use gnutls_set_default_priority() to simplify algorithm priorities in the
diff --git a/WWW/Library/Implementation/tidy_tls.h b/WWW/Library/Implementation/tidy_tls.h
index 040ed305..631e8a2a 100644
--- a/WWW/Library/Implementation/tidy_tls.h
+++ b/WWW/Library/Implementation/tidy_tls.h
@@ -1,6 +1,6 @@
 /*
- * $LynxId: tidy_tls.h,v 1.4 2014/01/11 17:09:33 tom Exp $
- * Copyright 2008-2011,2014 Thomas E. Dickey
+ * $LynxId: tidy_tls.h,v 1.6 2015/09/02 01:16:04 tom Exp $
+ * Copyright 2008-2013,2015 Thomas E. Dickey
  */
 #ifndef TIDY_TLS_H
 #define TIDY_TLS_H
@@ -98,6 +98,9 @@ struct _SSL {
 
     gnutls_transport_ptr_t rfd;
     gnutls_transport_ptr_t wfd;
+
+    void *sendbuffer;
+    int bytes_sent;
 };
 
 /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
diff --git a/src/tidy_tls.c b/src/tidy_tls.c
index 8ebaa6b8..5dca26c3 100644
--- a/src/tidy_tls.c
+++ b/src/tidy_tls.c
@@ -1,5 +1,5 @@
 /*
- * $LynxId: tidy_tls.c,v 1.27 2015/06/02 00:39:46 tom Exp $
+ * $LynxId: tidy_tls.c,v 1.28 2015/09/02 00:16:04 Simon.Kainz Exp $
  * Copyright 2008-2014,2015 Thomas E. Dickey
  * with fix Copyright 2008 by Thomas Viehmann
  *
@@ -443,6 +443,9 @@ SSL *SSL_new(SSL_CTX * ctx)
 	    ssl->wfd = (gnutls_transport_ptr_t) (-1);
 	}
     }
+    ssl->bytes_sent = 0;
+    ssl->sendbuffer = 0;
+
     return ssl;
 }
 
@@ -455,6 +458,15 @@ int SSL_read(SSL * ssl, void *buffer, int length)
     int rc;
 
     rc = gnutls_record_recv(ssl->gnutls_state, buffer, length);
+
+    if (rc < 0 && gnutls_error_is_fatal(rc) == 0) {
+	if (rc == GNUTLS_E_REHANDSHAKE) {
+	    rc = gnutls_handshake(ssl->gnutls_state);
+	    gnutls_record_send(ssl->gnutls_state, ssl->sendbuffer, ssl->bytes_sent);
+	    rc = gnutls_record_recv(ssl->gnutls_state, buffer, length);
+	}
+    }
+
     ssl->last_error = rc;
 
     if (rc < 0) {
@@ -489,6 +501,12 @@ int SSL_write(SSL * ssl, const void *buffer, int length)
     if (rc < 0) {
 	last_error = rc;
 	rc = 0;
+    } else {
+	if (ssl->sendbuffer) {
+	    free(ssl->sendbuffer);
+	}
+	ssl->sendbuffer = malloc(rc);
+	ssl->bytes_sent = rc;
     }
 
     return rc;
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-12-14 07:51:20 +0000