Changeset 6fa6095 in mod_gnutls for src/gnutls_io.c
- Timestamp:
- Jan 21, 2020, 2:29:27 AM (14 months ago)
- Branches:
- asyncio, master, proxy-ticket
- Children:
- 1c76ea7
- Parents:
- e24e3bf9
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_io.c
re24e3bf9 r6fa6095 3 3 * Copyright 2008 Nikos Mavrogiannopoulos 4 4 * Copyright 2011 Dash Shendy 5 * Copyright 2015-20 19Fiona Klute5 * Copyright 2015-2020 Fiona Klute 6 6 * 7 7 * Licensed under the Apache License, Version 2.0 (the "License"); … … 449 449 } 450 450 451 int mgs_rehandshake(mgs_handle_t * ctxt) { 452 int rv; 453 451 452 453 int mgs_reauth(mgs_handle_t * ctxt) 454 { 454 455 if (ctxt->session == NULL) 455 return -1; 456 457 rv = gnutls_rehandshake(ctxt->session); 458 459 if (rv != 0) { 460 /* the client did not want to rehandshake. goodbye */ 456 return GNUTLS_E_INVALID_REQUEST; 457 458 int rv = gnutls_reauth(ctxt->session, 0); 459 // TODO: Handle non-fatal errors: GNUTLS_E_INTERRUPTED, 460 // GNUTLS_E_AGAIN, GNUTLS_E_GOT_APPLICATION_DATA 461 462 /* GNUTLS_E_GOT_APPLICATION_DATA can (randomly, depending on 463 * timing) happen with a request containing a body. According to 464 * https://tools.ietf.org/html/rfc8446#appendix-E.1.2 465 * post-handshake authentication proves that the authenticated 466 * party is the one that did the handshake, so caching the data 467 * is appropriate. */ 468 /* Allocate cache to content-length (if available), with an upper 469 * limit to prevent resource exhaustion attacks. Do we have to 470 * prevent creating multiple caches for one connection? */ 471 /* ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, */ 472 /* "Request content: %s bytes", */ 473 /* apr_table_get(r->headers_in, "Content-Length")); */ 474 /* If the cache is too small, 475 * a) return HTTP_REQUEST_ENTITY_TOO_LARGE to the client 476 * b) IF reauth was successful set Retry-After to immediately: */ 477 /* apr_table_setn(r->err_headers_out, "Retry-After", "0"); */ 478 479 if (rv != GNUTLS_E_SUCCESS) 480 { 461 481 ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, ctxt->c, 462 "GnuTLS: Client Refused Rehandshake request."); 463 return -1; 464 } 465 466 ctxt->status = 0; 467 468 rv = gnutls_do_handshake(ctxt); 469 470 return rv; 482 "Reauthentication failed: %s (%d)", 483 gnutls_strerror(rv), rv); 484 return rv; 485 } 486 487 return GNUTLS_E_SUCCESS; 471 488 } 472 489
Note: See TracChangeset
for help on using the changeset viewer.