Commit 20e8fe26 authored by Grigorii Demidov's avatar Grigorii Demidov Committed by Vladimír Čunát

daemon/tls, daemon/worker: fix rehandshake processing

parent c2978348
...@@ -18,6 +18,7 @@ Bugfixes ...@@ -18,6 +18,7 @@ Bugfixes
-------- --------
- http module: only run prometheus in parent process if using --forks=N, - http module: only run prometheus in parent process if using --forks=N,
as the submodule collects metrics from all sub-processes as well. as the submodule collects metrics from all sub-processes as well.
- policy.TLS_FORWARD fixes (!714)
- fix build with -DNOVERBOSELOG (#424) - fix build with -DNOVERBOSELOG (#424)
Improvements Improvements
......
...@@ -482,6 +482,9 @@ ssize_t tls_process_input_data(struct session *s, const uint8_t *buf, ssize_t nr ...@@ -482,6 +482,9 @@ ssize_t tls_process_input_data(struct session *s, const uint8_t *buf, ssize_t nr
continue; continue;
} else if (count == GNUTLS_E_REHANDSHAKE) { } else if (count == GNUTLS_E_REHANDSHAKE) {
/* See https://www.gnutls.org/manual/html_node/Re_002dauthentication.html */ /* See https://www.gnutls.org/manual/html_node/Re_002dauthentication.html */
struct sockaddr *peer = session_get_peer(s);
kr_log_verbose("[%s] TLS rehandshake with %s has started\n",
logstring, kr_straddr(peer));
tls_set_hs_state(tls_p, TLS_HS_IN_PROGRESS); tls_set_hs_state(tls_p, TLS_HS_IN_PROGRESS);
while (tls_p->handshake_state <= TLS_HS_IN_PROGRESS) { while (tls_p->handshake_state <= TLS_HS_IN_PROGRESS) {
int err = tls_handshake(tls_p, tls_p->handshake_cb); int err = tls_handshake(tls_p, tls_p->handshake_cb);
......
...@@ -713,8 +713,19 @@ static int session_tls_hs_cb(struct session *session, int status) ...@@ -713,8 +713,19 @@ static int session_tls_hs_cb(struct session *session, int status)
} }
} }
ret = worker_add_tcp_connected(worker, peer, session); ret = kr_ok();
if (deletion_res == kr_ok() && ret == kr_ok()) { if (deletion_res == kr_ok()) {
/* peer was in the waiting list, add to the connected list. */
ret = worker_add_tcp_connected(worker, peer, session);
} else {
/* peer wasn't in the waiting list.
* In this case it must be successful rehandshake.
* Peer must be already in the connected list. */
const char *key = tcpsess_key(peer);
assert(key);
assert(map_contains(&worker->tcp_connected, key) != 0);
}
if (ret == kr_ok()) {
while (!session_waitinglist_is_empty(session)) { while (!session_waitinglist_is_empty(session)) {
struct qr_task *t = session_waitinglist_get(session); struct qr_task *t = session_waitinglist_get(session);
ret = qr_task_send(t, session, NULL, NULL); ret = qr_task_send(t, session, NULL, NULL);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment