Changeset 9db4dcd in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Jan 21, 2020, 3:24:32 PM (15 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio, master, proxy-ticket
Children:
fcad37b
Parents:
4a22ee6
Message:

Handle GNUTLS_E_GOT_APPLICATION_DATA on gnutls_reauth()

Pending application data is cached in the connection input buffer, so
repeated attempts won't cause more memory allocations. If the buffer
is too small HTTP_REQUEST_ENTITY_TOO_LARGE is sent to the client.

The reauthentication test now contains a POST request so this code
path may (!) be taken during the test suite run.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • src/gnutls_hooks.c

    r4a22ee6 r9db4dcd  
    14911491        gnutls_certificate_server_set_request(ctxt->session,
    14921492                                              client_verify_mode);
    1493         if (mgs_reauth(ctxt) != GNUTLS_E_SUCCESS) {
    1494             return HTTP_FORBIDDEN;
    1495         }
    1496     }
    1497 
    1498     int rv = mgs_cert_verify(r, ctxt);
     1493        int rv = mgs_reauth(ctxt, r);
     1494        if (rv != GNUTLS_E_SUCCESS) {
     1495            if (rv == GNUTLS_E_GOT_APPLICATION_DATA)
     1496                return HTTP_REQUEST_ENTITY_TOO_LARGE;
     1497            else
     1498                return HTTP_FORBIDDEN;
     1499        }
     1500    }
     1501
     1502    int ret = mgs_cert_verify(r, ctxt);
    14991503    /* In "request" mode we always allow the request, otherwise the
    15001504     * verify result decides. */
    15011505    if (client_verify_mode == GNUTLS_CERT_REQUEST)
    15021506        return DECLINED;
    1503     return rv;
     1507    return ret;
    15041508}
    15051509
Note: See TracChangeset for help on using the changeset viewer.