Verified Commit 20e8fe26 authored by Grigorii Demidov's avatar Grigorii Demidov Committed by Vladimír Čunát

daemon/tls, daemon/worker: fix rehandshake processing

parent c2978348
......@@ -18,6 +18,7 @@ Bugfixes
--------
- http module: only run prometheus in parent process if using --forks=N,
as the submodule collects metrics from all sub-processes as well.
- policy.TLS_FORWARD fixes (!714)
- fix build with -DNOVERBOSELOG (#424)
Improvements
......
......@@ -482,6 +482,9 @@ ssize_t tls_process_input_data(struct session *s, const uint8_t *buf, ssize_t nr
continue;
} else if (count == GNUTLS_E_REHANDSHAKE) {
/* See https://www.gnutls.org/manual/html_node/Re_002dauthentication.html */
struct sockaddr *peer = session_get_peer(s);
kr_log_verbose("[%s] TLS rehandshake with %s has started\n",
logstring, kr_straddr(peer));
tls_set_hs_state(tls_p, TLS_HS_IN_PROGRESS);
while (tls_p->handshake_state <= TLS_HS_IN_PROGRESS) {
int err = tls_handshake(tls_p, tls_p->handshake_cb);
......
......@@ -713,8 +713,19 @@ static int session_tls_hs_cb(struct session *session, int status)
}
}
ret = worker_add_tcp_connected(worker, peer, session);
if (deletion_res == kr_ok() && ret == kr_ok()) {
ret = kr_ok();
if (deletion_res == kr_ok()) {
/* peer was in the waiting list, add to the connected list. */
ret = worker_add_tcp_connected(worker, peer, session);
} else {
/* peer wasn't in the waiting list.
* In this case it must be successful rehandshake.
* Peer must be already in the connected list. */
const char *key = tcpsess_key(peer);
assert(key);
assert(map_contains(&worker->tcp_connected, key) != 0);
}
if (ret == kr_ok()) {
while (!session_waitinglist_is_empty(session)) {
struct qr_task *t = session_waitinglist_get(session);
ret = qr_task_send(t, session, NULL, NULL);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment