Bug#480041: confirmation that debian #480041 is a gnutls problem, and steps to reproduce

Joe Orton joe at manyfish.co.uk
Sat Nov 22 03:05:03 EST 2008


On Sat, Nov 22, 2008 at 12:51:05AM -0500, Daniel Kahn Gillmor wrote:
> On Fri 2008-11-21 08:20:40 -0500, Joe Orton wrote:
> 
> > neon already has a callback which does that, yeah.
> >
> > Daniel, can you try this neon patch?
> 
> OK, after figuring out how to build neon27 (don't try it in a path
> that contains the string "libneon" in it), i tried applying the patch.

I guess that's a problem with the Debian package build process?

> With tour patch, svn co just runs forever against an svn server
> configured with SSLVerifyClient optional, and never fetches anything.

Err, reading that patch again, it's complete rubbish.  Could you try the 
one below which is hopefully less rubbish?  Thanks a lot for working on 
this!

Index: src/ne_socket.c
===================================================================
--- src/ne_socket.c	(revision 1607)
+++ src/ne_socket.c	(working copy)
@@ -750,13 +750,18 @@
 static ssize_t read_gnutls(ne_socket *sock, char *buffer, size_t len)
 {
     ssize_t ret;
+    unsigned reneg = 1; /* number of allowed rehandshakes */
 
     ret = readable_gnutls(sock, sock->rdtimeout);
     if (ret) return ret;
     
     do {
-        ret = gnutls_record_recv(sock->ssl, buffer, len);
-    } while (RETRY_GNUTLS(sock, ret));
+        do {
+            ret = gnutls_record_recv(sock->ssl, buffer, len);
+        } while (RETRY_GNUTLS(sock, ret));
+        
+    } while (ret == GNUTLS_E_REHANDSHAKE && reneg--
+             && (ret = gnutls_handshake(sock->ssl)) == GNUTLS_E_SUCCESS);
 
     if (ret <= 0)
 	ret = error_gnutls(sock, ret);





More information about the neon mailing list