Re: [gtk-vnc-devel] PATCH: Fix handling of TLS
- From: "Daniel P. Berrange" <berrange redhat com>
- To: gtk-vnc-devel <gtk-vnc-devel lists sourceforge net>
- Subject: Re: [gtk-vnc-devel] PATCH: Fix handling of TLS
- Date: Tue, 31 Jul 2007 01:18:25 +0100
On Thu, Jul 26, 2007 at 05:41:15PM +0100, Daniel P. Berrange wrote:
> For some reason I can't now believe, when I wrote the TLS support for GTK-VNC
> I made it do the IO yield inside our gvnc_tls_push/pull functions. We were
> lucky and this worked before. Now that we have interruptable sleeps though,
> we could get interrupted while in our push/pull functions, and then call
> back into more GNU TLS APIs. This is totally disasterous because they're
> not intended to be re-entrant safe in this way. The fix is trivial, just
> do the IO yield based on the gnutls_read/gnutls_write function return status.
> In doing this we also need to yeild if the gnutls_handshake function blocks.
> The attached patch fixes this, and removes the hardcoded 'foo' for the cert
> hostname check. So TLS now works correctly & I've confirmed Anthony's patch
> for interruptable waits is working as planned.
Since I figured no negative feedback is positive feedback I pushed this
change to HG. I split it into 3 separate commits since the patch really
had 3 logically separate fixes. Let me know if there's any problems with
it & i'll fix them - it didn't change the semantics of non-TLS code so
I doubt there are any.
Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]