Re: [gtk-vnc-devel] PATCH: Fix handling of TLS

["Daniel P. Berrange" <berrange redhat com>]

On Thu, Jul 26, 2007 at 05:41:15PM +0100, Daniel P. Berrange wrote:
> For some reason I can't now believe, when I wrote the TLS support for GTK-VNC
> I made it do the IO yield inside our gvnc_tls_push/pull functions. We were
> lucky and this worked before. Now that we have interruptable sleeps though,
> we could get interrupted while in our push/pull functions, and then call
> back into more GNU TLS APIs. This is totally disasterous because they're
> not intended to be re-entrant safe in this way. The fix is trivial, just
> do the IO yield based on the gnutls_read/gnutls_write function return status.
> In doing this we also need to yeild if the gnutls_handshake function blocks.
> The attached patch fixes this, and removes the hardcoded 'foo' for the cert
> hostname check. So TLS now works correctly & I've confirmed Anthony's patch
> for interruptable waits is working as planned.

Since I figured no negative feedback is positive feedback I pushed this 
change to HG. I split it into 3 separate commits since the patch really
had 3 logically separate fixes. Let me know if there's any problems with
it & i'll fix them - it didn't change the semantics of non-TLS code so
I doubt there are any.


Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|