[glib-networking/mcatanzaro/tls-thread: 5/5] progress

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking/mcatanzaro/tls-thread: 5/5] progress
Date: Mon, 30 Dec 2019 00:56:56 +0000 (UTC)
commit 86c58f8f80d780870cf39cc8ea2e01b67355765c
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Sun Dec 29 18:03:48 2019 -0600

    progress

 tls/base/gtlsoperationsthread-base.c     | 10 ++++------
 tls/gnutls/gtlsoperationsthread-gnutls.c | 17 ++++++++++++++---
 tls/tests/connection.c                   |  3 +++
 3 files changed, 21 insertions(+), 9 deletions(-)
---
diff --git a/tls/base/gtlsoperationsthread-base.c b/tls/base/gtlsoperationsthread-base.c
index b54fe48..c11e27a 100644
--- a/tls/base/gtlsoperationsthread-base.c
+++ b/tls/base/gtlsoperationsthread-base.c
@@ -641,8 +641,7 @@ verify_certificate_data_new (GTlsOperationsThreadBase *thread,
 
   data = g_new0 (VerifyCertificateData, 1);
   data->thread = g_object_ref (thread);
-  /* FIXME: don't emit accept-certificate when peer_certificate is NULL, glib-2-62 branch regression */
-  data->peer_certificate = peer_certificate ? g_object_ref (peer_certificate) : NULL;
+  data->peer_certificate = g_object_ref (peer_certificate);
   data->context = context;
 
   g_mutex_init (&data->mutex);
@@ -655,10 +654,7 @@ static void
 verify_certificate_data_free (VerifyCertificateData *data)
 {
   g_object_unref (data->thread);
-
-  /* FIXME: don't emit accept-certificate when peer_certificate is NULL, glib-2-62 branch regression */
-  if (data->peer_certificate)
-    g_object_unref (data->peer_certificate);
+  g_object_unref (data->peer_certificate);
 
   g_mutex_clear (&data->mutex);
   g_cond_clear (&data->condition);
@@ -691,6 +687,8 @@ g_tls_operations_thread_base_verify_certificate (GTlsOperationsThreadBase *self,
   gboolean accepted;
 
   g_assert (g_main_context_is_owner (priv->op_thread_context));
+  g_assert (G_IS_TLS_CERTIFICATE (peer_certificate));
+  g_assert (context);
 
   data = verify_certificate_data_new (self, peer_certificate, context);
 
diff --git a/tls/gnutls/gtlsoperationsthread-gnutls.c b/tls/gnutls/gtlsoperationsthread-gnutls.c
index b5cd329..4fe1ba7 100644
--- a/tls/gnutls/gtlsoperationsthread-gnutls.c
+++ b/tls/gnutls/gtlsoperationsthread-gnutls.c
@@ -64,6 +64,7 @@ struct _GTlsOperationsThreadGnutls {
   gboolean                 ever_handshaked;
 
   /* Valid only during current operation */
+  GTlsAuthenticationMode   auth_mode;
   GTlsCertificate         *own_certificate;
   GTlsCertificate         *peer_certificate;
   GCancellable            *op_cancellable;
@@ -601,6 +602,7 @@ g_tls_operations_thread_gnutls_handshake (GTlsOperationsThreadBase  *base,
   int ret;
 
   self->own_certificate = own_certificate;
+  self->auth_mode = auth_mode;
 
   if (!self->ever_handshaked)
     set_handshake_priority (self);
@@ -640,6 +642,7 @@ g_tls_operations_thread_gnutls_handshake (GTlsOperationsThreadBase  *base,
                  _("Error performing TLS handshake"), error);
 
   self->own_certificate = NULL;
+  self->auth_mode = G_TLS_AUTHENTICATION_NONE;
   self->handshake_context = NULL;
   self->handshaking = FALSE;
 
@@ -1153,9 +1156,17 @@ verify_certificate_cb (gnutls_session_t session)
 
   g_assert (!self->peer_certificate);
   self->peer_certificate = get_peer_certificate (self);
-  accepted = g_tls_operations_thread_base_verify_certificate (G_TLS_OPERATIONS_THREAD_BASE (self),
-                                                              self->peer_certificate,
-                                                              self->handshake_context);
+
+  if (self->peer_certificate)
+    {
+      accepted = g_tls_operations_thread_base_verify_certificate (G_TLS_OPERATIONS_THREAD_BASE (self),
+                                                                  self->peer_certificate,
+                                                                  self->handshake_context);
+    }
+  else
+    {
+      accepted = is_server (self) && self->auth_mode != G_TLS_AUTHENTICATION_REQUIRED;
+    }
 
   /* Return 0 for the handshake to continue, non-zero to terminate.
    * Complete opposite of what OpenSSL does.
diff --git a/tls/tests/connection.c b/tls/tests/connection.c
index ab36a63..4d0d0d1 100644
--- a/tls/tests/connection.c
+++ b/tls/tests/connection.c
@@ -210,6 +210,9 @@ on_accept_certificate (GTlsConnection       *conn,
                        gpointer              user_data)
 {
   TestConnection *test = user_data;
+
+  g_assert_nonnull (cert);
+
   return errors == test->accept_flags;
 }
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]