[glib-networking/mcatanzaro/tls-thread] progress
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/mcatanzaro/tls-thread] progress
- Date: Mon, 30 Dec 2019 17:13:09 +0000 (UTC)
commit 4cb7473a7a56d83df4fca48181f5f55e632d3d06
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Mon Dec 30 11:13:04 2019 -0600
progress
tls/base/gtlsconnection-base.c | 125 ++------------------
tls/base/gtlsconnection-base.h | 20 ----
tls/base/gtlsoperationsthread-base.c | 188 +++++++++++++++++++++++++++++--
tls/base/gtlsoperationsthread-base.h | 26 ++++-
tls/gnutls/gtlsoperationsthread-gnutls.c | 69 ++++++------
5 files changed, 241 insertions(+), 187 deletions(-)
---
diff --git a/tls/base/gtlsconnection-base.c b/tls/base/gtlsconnection-base.c
index daa9df5..387bc13 100644
--- a/tls/base/gtlsconnection-base.c
+++ b/tls/base/gtlsconnection-base.c
@@ -135,8 +135,6 @@ typedef struct
gboolean reading;
gboolean writing;
- gboolean successful_posthandshake_op;
-
gboolean is_system_certdb;
gboolean database_is_unset;
@@ -241,6 +239,10 @@ g_tls_connection_base_initable_init (GInitable *initable,
if (priv->interaction)
g_tls_operations_thread_base_set_interaction (priv->thread, priv->interaction);
+ g_tls_operations_thread_base_set_close_notify_required (priv->thread,
+ priv->require_close_notify);
+
+
return TRUE;
}
@@ -405,6 +407,10 @@ g_tls_connection_base_set_property (GObject *object,
case PROP_REQUIRE_CLOSE_NOTIFY:
priv->require_close_notify = g_value_get_boolean (value);
+
+ if (priv->thread)
+ g_tls_operations_thread_base_set_close_notify_required (priv->thread,
+ priv->require_close_notify);
break;
case PROP_REHANDSHAKE_MODE:
@@ -745,111 +751,6 @@ yield_op (GTlsConnectionBase *tls,
g_mutex_unlock (&priv->op_mutex);
}
-/* FIXME: removable? It's only here for OpenSSL GTlsBio */
-void
-g_tls_connection_base_push_io (GTlsConnectionBase *tls,
- GIOCondition direction,
- gint64 timeout,
- GCancellable *cancellable)
-{
- g_assert (direction & (G_IO_IN | G_IO_OUT));
- g_return_if_fail (G_IS_TLS_CONNECTION_BASE (tls));
-
- if (G_TLS_CONNECTION_BASE_GET_CLASS (tls)->push_io)
- {
- G_TLS_CONNECTION_BASE_GET_CLASS (tls)->push_io (tls, direction,
- timeout, cancellable);
- }
-}
-
-/* FIXME: rename, if push_io is removed? */
-/* FIXME: this is almost certainly inappropriate because it is called on the
- * op thread. It needs to move to the op thread class.
- */
-static GTlsConnectionBaseStatus
-g_tls_connection_base_real_pop_io (GTlsConnectionBase *tls,
- GIOCondition direction,
- gboolean success,
- GError *op_error /* owned */,
- GError **error)
-{
- GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
-
- /* This function MAY or MAY NOT set error when it fails! */
-
- if (success)
- {
- g_assert (!op_error);
- return G_TLS_CONNECTION_BASE_OK;
- }
-
- if (g_error_matches (op_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
- {
- g_propagate_error (error, op_error);
- return G_TLS_CONNECTION_BASE_WOULD_BLOCK;
- }
-
- if (g_error_matches (op_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
- {
- g_propagate_error (error, op_error);
- return G_TLS_CONNECTION_BASE_TIMED_OUT;
- }
-
- if (g_tls_operations_thread_base_get_is_missing_requested_client_certificate (priv->thread) &&
- !priv->successful_posthandshake_op)
- {
- GError *interaction_error;
-
- g_assert (G_IS_TLS_CLIENT_CONNECTION (tls));
-
- interaction_error = g_tls_operations_thread_base_take_interaction_error (priv->thread);
-
- /* Probably the server requires a client certificate, but we failed to
- * provide one. With TLS 1.3 the server is no longer able to tell us
- * this, so we just have to guess. If there is an error from the TLS
- * interaction (request for user certificate), we provide that. Otherwise,
- * guess that G_TLS_ERROR_CERTIFICATE_REQUIRED is probably appropriate.
- * This could be wrong, but only applies to the small minority of
- * connections where a client cert is requested but not provided, and then
- * then only if the client has never successfully read or written.
- */
- if (interaction_error)
- {
- g_propagate_error (error, interaction_error);
- }
- else
- {
- g_clear_error (error);
- g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
- _("Server required TLS certificate"));
- }
-
- if (op_error)
- g_error_free (op_error);
- }
- else if (op_error)
- {
- g_propagate_error (error, op_error);
- }
-
- return G_TLS_CONNECTION_BASE_ERROR;
-}
-
-GTlsConnectionBaseStatus
-g_tls_connection_base_pop_io (GTlsConnectionBase *tls,
- GIOCondition direction,
- gboolean success,
- GError *op_error,
- GError **error)
-{
- g_assert (direction & (G_IO_IN | G_IO_OUT));
- g_assert (!error || !*error);
- g_return_val_if_fail (G_IS_TLS_CONNECTION_BASE (tls), G_TLS_CONNECTION_BASE_ERROR);
-
- return G_TLS_CONNECTION_BASE_GET_CLASS (tls)->pop_io (tls, direction,
- success, op_error, error);
-}
-
/* Checks whether the underlying base stream or GDatagramBased meets
* @condition.
*/
@@ -1762,7 +1663,6 @@ g_tls_connection_base_read (GTlsConnectionBase *tls,
if (status == G_TLS_CONNECTION_BASE_OK)
{
- priv->successful_posthandshake_op = TRUE;
g_tls_log_debug (tls, "successfully read %" G_GSSIZE_FORMAT " bytes from TLS connection", nread);
return nread;
}
@@ -1796,7 +1696,6 @@ g_tls_connection_base_read_message (GTlsConnectionBase *tls,
if (status == G_TLS_CONNECTION_BASE_OK)
{
- priv->successful_posthandshake_op = TRUE;
g_tls_log_debug (tls, "successfully read %" G_GSSIZE_FORMAT " bytes from TLS connection", nread);
return nread;
}
@@ -1815,7 +1714,6 @@ g_tls_connection_base_receive_messages (GDatagramBased *datagram_based,
GError **error)
{
GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (datagram_based);
- GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
guint i;
GError *child_error = NULL;
@@ -1878,7 +1776,6 @@ g_tls_connection_base_receive_messages (GDatagramBased *datagram_based,
return -1;
}
- priv->successful_posthandshake_op = TRUE;
return i;
}
@@ -1909,7 +1806,6 @@ g_tls_connection_base_write (GTlsConnectionBase *tls,
if (status == G_TLS_CONNECTION_BASE_OK)
{
- priv->successful_posthandshake_op = TRUE;
g_tls_log_debug (tls, "successfully write %" G_GSSIZE_FORMAT " bytes to TLS connection", nwrote);
return nwrote;
}
@@ -1944,7 +1840,6 @@ g_tls_connection_base_write_message (GTlsConnectionBase *tls,
if (status == G_TLS_CONNECTION_BASE_OK)
{
- priv->successful_posthandshake_op = TRUE;
g_tls_log_debug (tls, "successfully write %" G_GSSIZE_FORMAT " bytes to TLS connection", nwrote);
return nwrote;
}
@@ -1963,7 +1858,6 @@ g_tls_connection_base_send_messages (GDatagramBased *datagram_based,
GError **error)
{
GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (datagram_based);
- GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
guint i;
GError *child_error = NULL;
@@ -2014,7 +1908,6 @@ g_tls_connection_base_send_messages (GDatagramBased *datagram_based,
return -1;
}
- priv->successful_posthandshake_op = TRUE;
return i;
}
@@ -2327,8 +2220,6 @@ g_tls_connection_base_class_init (GTlsConnectionBaseClass *klass)
iostream_class->close_async = g_tls_connection_base_close_async;
iostream_class->close_finish = g_tls_connection_base_close_finish;
- klass->pop_io = g_tls_connection_base_real_pop_io;
-
/* For GTlsConnection and GDtlsConnection: */
g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream");
g_object_class_override_property (gobject_class, PROP_BASE_SOCKET, "base-socket");
diff --git a/tls/base/gtlsconnection-base.h b/tls/base/gtlsconnection-base.h
index 8c5a200..9a8501c 100644
--- a/tls/base/gtlsconnection-base.h
+++ b/tls/base/gtlsconnection-base.h
@@ -58,30 +58,10 @@ struct _GTlsConnectionBaseClass
GTlsOperationsThreadBase *(*create_op_thread) (GTlsConnectionBase *tls);
- void (*push_io) (GTlsConnectionBase *tls,
- GIOCondition direction,
- gint64 timeout, /* FIXME: remove
timeout */
- GCancellable *cancellable);
- GTlsConnectionBaseStatus (*pop_io) (GTlsConnectionBase *tls,
- GIOCondition direction,
- gboolean success,
- GError *op_error,
- GError **error);
-
void (*set_accepted_cas) (GTlsConnectionBase *tls,
GList *accepted_cas);
};
-void g_tls_connection_base_push_io (GTlsConnectionBase *tls,
- GIOCondition direction,
- gint64 timeout, /*
FIXME: remove timeout */
- GCancellable *cancellable);
-GTlsConnectionBaseStatus g_tls_connection_base_pop_io (GTlsConnectionBase *tls,
- GIOCondition direction,
- gboolean success,
- GError *op_error,
- GError **error);
-
gssize g_tls_connection_base_read (GTlsConnectionBase *tls,
void *buffer,
gsize size,
diff --git a/tls/base/gtlsoperationsthread-base.c b/tls/base/gtlsoperationsthread-base.c
index c11e27a..66f46ba 100644
--- a/tls/base/gtlsoperationsthread-base.c
+++ b/tls/base/gtlsoperationsthread-base.c
@@ -71,22 +71,28 @@ typedef struct {
/* FIXME: remove to prevent misuse? */
GTlsConnectionBase *connection;
+ /* Objects explicitly designed for unlocked multithreaded use. These are the
+ * only priv members that may be accessed without locking the mutex.
+ */
GThread *op_thread;
GMainContext *op_thread_context;
-
GAsyncQueue *queue;
- /* This mutex guards everything below. It's a bit of a failure of design.
+ /* This mutex guards everything else. It's a bit of a failure of design.
* Ideally we wouldn't need to share this data between threads and would
- * instead return data from the op thread to the calling thread using the op
- * struct.
+ * instead pass data to the op thread and return data from the op thread
+ * using the op struct. But this is not always easy.
*
- * FIXME: what of this can move into the op struct?
+ * FIXME: what of this can move into the op struct? The booleans are needed
+ * for more than handshakes, so they'd need to be part of every op.
*/
GMutex mutex;
+
GTlsInteraction *interaction;
GError *interaction_error;
- gboolean missing_requested_client_certificate; /* FIXME: out parameter of handshake op? */
+ gboolean missing_requested_client_certificate;
+ gboolean performed_successful_posthandshake_op;
+ gboolean require_close_notify;
} GTlsOperationsThreadBasePrivate;
typedef enum {
@@ -114,6 +120,7 @@ typedef struct {
GTlsCertificate *own_certificate;
gchar **advertised_protocols;
GTlsAuthenticationMode auth_mode;
+ gboolean require_close_notify;
gchar *negotiated_protocol;
GList *accepted_cas;
GTlsCertificate *peer_certificate;
@@ -208,8 +215,8 @@ g_tls_operations_thread_base_ref_interaction (GTlsOperationsThreadBase *self)
return ref;
}
-GError *
-g_tls_operations_thread_base_take_interaction_error (GTlsOperationsThreadBase *self)
+static GError *
+take_interaction_error (GTlsOperationsThreadBase *self)
{
GTlsOperationsThreadBasePrivate *priv = g_tls_operations_thread_base_get_instance_private (self);
GError *error;
@@ -258,13 +265,15 @@ g_tls_operations_thread_base_set_is_missing_requested_client_certificate (GTlsOp
{
GTlsOperationsThreadBasePrivate *priv = g_tls_operations_thread_base_get_instance_private (self);
+ /* For client connections only */
+
g_mutex_lock (&priv->mutex);
priv->missing_requested_client_certificate = TRUE;
g_mutex_unlock (&priv->mutex);
}
-gboolean
-g_tls_operations_thread_base_get_is_missing_requested_client_certificate (GTlsOperationsThreadBase *self)
+static gboolean
+get_is_missing_requested_client_certificate (GTlsOperationsThreadBase *self)
{
GTlsOperationsThreadBasePrivate *priv = g_tls_operations_thread_base_get_instance_private (self);
gboolean ret;
@@ -276,6 +285,150 @@ g_tls_operations_thread_base_get_is_missing_requested_client_certificate (GTlsOp
return ret;
}
+void
+g_tls_operations_thread_base_set_close_notify_required (GTlsOperationsThreadBase *self,
+ gboolean required)
+{
+ GTlsOperationsThreadBasePrivate *priv = g_tls_operations_thread_base_get_instance_private (self);
+
+ g_mutex_lock (&priv->mutex);
+ priv->require_close_notify = required;
+ g_mutex_unlock (&priv->mutex);
+}
+
+gboolean
+g_tls_operations_thread_base_get_close_notify_required (GTlsOperationsThreadBase *self)
+{
+ GTlsOperationsThreadBasePrivate *priv = g_tls_operations_thread_base_get_instance_private (self);
+ gboolean ret;
+
+ g_mutex_lock (&priv->mutex);
+ ret = priv->require_close_notify;
+ g_mutex_unlock (&priv->mutex);
+
+ return ret;
+}
+
+static void
+set_performed_successful_posthandshake_op (GTlsOperationsThreadBase *self)
+{
+ GTlsOperationsThreadBasePrivate *priv = g_tls_operations_thread_base_get_instance_private (self);
+
+ g_mutex_lock (&priv->mutex);
+ priv->performed_successful_posthandshake_op = TRUE;
+ g_mutex_unlock (&priv->mutex);
+}
+
+static gboolean
+has_performed_successful_posthandshake_op (GTlsOperationsThreadBase *self)
+{
+ GTlsOperationsThreadBasePrivate *priv = g_tls_operations_thread_base_get_instance_private (self);
+ gboolean ret;
+
+ g_mutex_lock (&priv->mutex);
+ ret = priv->performed_successful_posthandshake_op;
+ g_mutex_unlock (&priv->mutex);
+
+ return ret;
+}
+
+void
+g_tls_operations_thread_base_push_io (GTlsOperationsThreadBase *self,
+ GIOCondition direction,
+ gint64 timeout,
+ GCancellable *cancellable)
+{
+ g_assert (direction & (G_IO_IN | G_IO_OUT));
+
+ /* FIXME: this is weird, can't we get rid of it on OpenSSL side? */
+ if (G_TLS_OPERATIONS_THREAD_BASE_GET_CLASS (self)->push_io)
+ {
+ G_TLS_OPERATIONS_THREAD_BASE_GET_CLASS (self)->push_io (self, direction,
+ timeout, cancellable);
+ }
+}
+
+static GTlsConnectionBaseStatus
+g_tls_operations_thread_base_real_pop_io (GTlsOperationsThreadBase *self,
+ GIOCondition direction,
+ gboolean success,
+ GError *op_error /* owned */,
+ GError **error)
+{
+ /* This function MAY or MAY NOT set error when it fails! */
+
+ if (success)
+ {
+ g_assert (!op_error);
+ return G_TLS_CONNECTION_BASE_OK;
+ }
+
+ if (g_error_matches (op_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
+ {
+ g_propagate_error (error, op_error);
+ return G_TLS_CONNECTION_BASE_WOULD_BLOCK;
+ }
+
+ if (g_error_matches (op_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
+ {
+ g_propagate_error (error, op_error);
+ return G_TLS_CONNECTION_BASE_TIMED_OUT;
+ }
+
+ if (get_is_missing_requested_client_certificate (self) &&
+ !has_performed_successful_posthandshake_op (self))
+ {
+ GError *interaction_error;
+
+ interaction_error = take_interaction_error (self);
+
+ /* We are a client connection.
+ *
+ * Probably the server requires a client certificate, but we failed to
+ * provide one. With TLS 1.3 the server is no longer able to tell us
+ * this, so we just have to guess. If there is an error from the TLS
+ * interaction (request for user certificate), we provide that. Otherwise,
+ * guess that G_TLS_ERROR_CERTIFICATE_REQUIRED is probably appropriate.
+ * This could be wrong, but only applies to the small minority of
+ * connections where a client cert is requested but not provided, and then
+ * then only if the client has never successfully read or written.
+ */
+ if (interaction_error)
+ {
+ g_propagate_error (error, interaction_error);
+ }
+ else
+ {
+ g_clear_error (error);
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
+ _("Server required TLS certificate"));
+ }
+
+ if (op_error)
+ g_error_free (op_error);
+ }
+ else if (op_error)
+ {
+ g_propagate_error (error, op_error);
+ }
+
+ return G_TLS_CONNECTION_BASE_ERROR;
+}
+
+GTlsConnectionBaseStatus
+g_tls_operations_thread_base_pop_io (GTlsOperationsThreadBase *self,
+ GIOCondition direction,
+ gboolean success,
+ GError *op_error,
+ GError **error)
+{
+ g_assert (direction & (G_IO_IN | G_IO_OUT));
+ g_assert (!error || !*error);
+
+ return G_TLS_OPERATIONS_THREAD_BASE_GET_CLASS (self)->pop_io (self, direction,
+ success, op_error, error);
+}
+
static HandshakeContext *
handshake_context_new (GTlsVerifyCertificateFunc verify_callback,
gpointer user_data)
@@ -1143,6 +1296,7 @@ process_op (GAsyncQueue *queue,
{
GTlsThreadOperation *op;
GTlsOperationsThreadBaseClass *base_class;
+ gboolean performed_posthandshake_op = FALSE;
if (delayed_op)
{
@@ -1233,6 +1387,7 @@ process_op (GAsyncQueue *queue,
&op->count,
op->cancellable,
&op->error);
+ performed_posthandshake_op = TRUE;
break;
case G_TLS_THREAD_OP_READ_MESSAGE:
g_assert (base_class->read_message_fn);
@@ -1241,6 +1396,7 @@ process_op (GAsyncQueue *queue,
&op->count,
op->cancellable,
&op->error);
+ performed_posthandshake_op = TRUE;
break;
case G_TLS_THREAD_OP_WRITE:
op->result = base_class->write_fn (op->thread,
@@ -1248,6 +1404,7 @@ process_op (GAsyncQueue *queue,
&op->count,
op->cancellable,
&op->error);
+ performed_posthandshake_op = TRUE;
break;
case G_TLS_THREAD_OP_WRITE_MESSAGE:
g_assert (base_class->write_message_fn);
@@ -1256,16 +1413,21 @@ process_op (GAsyncQueue *queue,
&op->count,
op->cancellable,
&op->error);
+ performed_posthandshake_op = TRUE;
break;
case G_TLS_THREAD_OP_CLOSE:
op->result = base_class->close_fn (op->thread,
op->cancellable,
&op->error);
+ performed_posthandshake_op = TRUE;
break;
case G_TLS_THREAD_OP_SHUTDOWN_THREAD:
g_assert_not_reached ();
}
+ if (op->result == G_TLS_CONNECTION_BASE_OK && performed_posthandshake_op)
+ set_performed_successful_posthandshake_op (op->thread);
+
wait:
if (op->result == G_TLS_CONNECTION_BASE_WOULD_BLOCK &&
op->timeout != 0)
@@ -1447,8 +1609,10 @@ g_tls_operations_thread_base_class_init (GTlsOperationsThreadBaseClass *klass)
gobject_class->get_property = g_tls_operations_thread_base_get_property;
gobject_class->set_property = g_tls_operations_thread_base_set_property;
- /* FIXME: remove this. subclass has been designed to not need it!
- * Move base_iostream and base_socket up to this level.
+ klass->pop_io = g_tls_operations_thread_base_real_pop_io;
+
+ /* FIXME: remove this? subclass has been designed to not need it?
+ * Move base_iostream and base_socket up to this level?
*/
obj_properties[PROP_TLS_CONNECTION] =
g_param_spec_object ("tls-connection",
diff --git a/tls/base/gtlsoperationsthread-base.h b/tls/base/gtlsoperationsthread-base.h
index 4f04f9c..3eea680 100644
--- a/tls/base/gtlsoperationsthread-base.h
+++ b/tls/base/gtlsoperationsthread-base.h
@@ -49,6 +49,16 @@ struct _GTlsOperationsThreadBaseClass
void (*set_server_identity) (GTlsOperationsThreadBase *self,
const gchar *server_identity);
+ void (*push_io) (GTlsOperationsThreadBase *self,
+ GIOCondition direction,
+ gint64 timeout, /* FIXME:
remove timeout? */
+ GCancellable *cancellable);
+ GTlsConnectionBaseStatus (*pop_io) (GTlsOperationsThreadBase *self,
+ GIOCondition direction,
+ gboolean success,
+ GError *op_error,
+ GError **error);
+
GTlsConnectionBaseStatus (*handshake_fn) (GTlsOperationsThreadBase *self,
HandshakeContext *context,
GTlsCertificate *own_certificate,
@@ -113,8 +123,10 @@ gboolean g_tls_operations_thread_base_request_certificate
void g_tls_operations_thread_base_set_is_missing_requested_client_certificate
(GTlsOperationsThreadBase
*self);
-gboolean g_tls_operations_thread_base_get_is_missing_requested_client_certificate
- (GTlsOperationsThreadBase
*self);
+
+void g_tls_operations_thread_base_set_close_notify_required (GTlsOperationsThreadBase
*self,
+ gboolean
required);
+gboolean g_tls_operations_thread_base_get_close_notify_required (GTlsOperationsThreadBase
*self);
gboolean g_tls_operations_thread_base_verify_certificate (GTlsOperationsThreadBase
*self,
GTlsCertificate
*peer_certificate,
@@ -126,6 +138,16 @@ void g_tls_operations_thread_base_copy_client_session_state
void g_tls_operations_thread_base_set_server_identity (GTlsOperationsThreadBase
*self,
const gchar
*server_identity);
+void g_tls_operations_thread_base_push_io (GTlsOperationsThreadBase
*self,
+ GIOCondition
direction,
+ gint64
timeout, /* FIXME: remove timeout? */
+ GCancellable
*cancellable);
+GTlsConnectionBaseStatus g_tls_operations_thread_base_pop_io (GTlsOperationsThreadBase
*self,
+ GIOCondition
direction,
+ gboolean
success,
+ GError
*op_error,
+ GError
**error);
+
GTlsConnectionBaseStatus g_tls_operations_thread_base_handshake (GTlsOperationsThreadBase
*self,
GTlsCertificate
*own_certificate,
const gchar
**advertised_protocols,
diff --git a/tls/gnutls/gtlsoperationsthread-gnutls.c b/tls/gnutls/gtlsoperationsthread-gnutls.c
index 4fe1ba7..592c253 100644
--- a/tls/gnutls/gtlsoperationsthread-gnutls.c
+++ b/tls/gnutls/gtlsoperationsthread-gnutls.c
@@ -63,10 +63,10 @@ struct _GTlsOperationsThreadGnutls {
gboolean handshaking;
gboolean ever_handshaked;
- /* Valid only during current operation */
- GTlsAuthenticationMode auth_mode;
- GTlsCertificate *own_certificate;
- GTlsCertificate *peer_certificate;
+ /* This data is valid only during current operation */
+ GTlsAuthenticationMode op_auth_mode;
+ GTlsCertificate *op_own_certificate;
+ GTlsCertificate *op_peer_certificate;
GCancellable *op_cancellable;
GError *op_error;
@@ -129,15 +129,13 @@ begin_gnutls_io (GTlsOperationsThreadGnutls *self,
GIOCondition direction,
GCancellable *cancellable)
{
- GTlsConnectionBase *tls;
-
- tls = g_tls_operations_thread_base_get_connection (G_TLS_OPERATIONS_THREAD_BASE (self));
-
g_assert (!self->op_error);
g_assert (!self->op_cancellable);
+
self->op_cancellable = cancellable;
- g_tls_connection_base_push_io (tls, direction, 0, cancellable);
+ g_tls_operations_thread_base_push_io (G_TLS_OPERATIONS_THREAD_BASE (self),
+ direction, 0, cancellable);
}
static GTlsConnectionBaseStatus
@@ -147,7 +145,6 @@ end_gnutls_io (GTlsOperationsThreadGnutls *self,
GError **error,
const char *err_prefix)
{
- GTlsConnectionBase *tls;
GTlsConnectionBaseStatus status;
GError *my_error = NULL;
@@ -163,9 +160,12 @@ end_gnutls_io (GTlsOperationsThreadGnutls *self,
self->op_cancellable = NULL;
- tls = g_tls_operations_thread_base_get_connection (G_TLS_OPERATIONS_THREAD_BASE (self));
+ status = g_tls_operations_thread_base_pop_io (G_TLS_OPERATIONS_THREAD_BASE (self),
+ direction,
+ ret >= 0,
+ g_steal_pointer (&self->op_error),
+ &my_error);
- status = g_tls_connection_base_pop_io (tls, direction, ret >= 0, g_steal_pointer (&self->op_error),
&my_error);
if (status == G_TLS_CONNECTION_BASE_OK ||
status == G_TLS_CONNECTION_BASE_WOULD_BLOCK ||
status == G_TLS_CONNECTION_BASE_TIMED_OUT)
@@ -212,7 +212,7 @@ end_gnutls_io (GTlsOperationsThreadGnutls *self,
return G_TLS_CONNECTION_BASE_ERROR;
}
- if (g_tls_connection_get_require_close_notify (G_TLS_CONNECTION (tls)))
+ if (g_tls_operations_thread_base_get_close_notify_required (G_TLS_OPERATIONS_THREAD_BASE (self)))
{
g_clear_error (&my_error);
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_EOF,
@@ -489,10 +489,10 @@ compute_session_id (GTlsOperationsThreadGnutls *self)
* that different connections to the same server can use different
* certificates.
*/
- if (self->own_certificate)
+ if (self->op_own_certificate)
{
GByteArray *der = NULL;
- g_object_get (self->own_certificate,
+ g_object_get (self->op_own_certificate,
"certificate", &der,
NULL);
if (der)
@@ -601,8 +601,8 @@ g_tls_operations_thread_gnutls_handshake (GTlsOperationsThreadBase *base,
gnutls_datum_t protocol;
int ret;
- self->own_certificate = own_certificate;
- self->auth_mode = auth_mode;
+ self->op_own_certificate = own_certificate;
+ self->op_auth_mode = auth_mode;
if (!self->ever_handshaked)
set_handshake_priority (self);
@@ -641,8 +641,8 @@ g_tls_operations_thread_gnutls_handshake (GTlsOperationsThreadBase *base,
END_GNUTLS_IO (self, G_IO_IN | G_IO_OUT, ret, status,
_("Error performing TLS handshake"), error);
- self->own_certificate = NULL;
- self->auth_mode = G_TLS_AUTHENTICATION_NONE;
+ self->op_own_certificate = NULL;
+ self->op_auth_mode = G_TLS_AUTHENTICATION_NONE;
self->handshake_context = NULL;
self->handshaking = FALSE;
@@ -656,9 +656,9 @@ g_tls_operations_thread_gnutls_handshake (GTlsOperationsThreadBase *base,
*accepted_cas = g_list_copy (self->accepted_cas);
- if (!self->peer_certificate)
- self->peer_certificate = get_peer_certificate (self);
- *peer_certificate = g_steal_pointer (&self->peer_certificate);
+ if (!self->op_peer_certificate)
+ self->op_peer_certificate = get_peer_certificate (self);
+ *peer_certificate = g_steal_pointer (&self->op_peer_certificate);
return status;
}
@@ -803,19 +803,16 @@ g_tls_operations_thread_gnutls_write_message (GTlsOperationsThreadBase *base,
GError **error)
{
GTlsOperationsThreadGnutls *self = G_TLS_OPERATIONS_THREAD_GNUTLS (base);
- GTlsConnectionBase *connection;
GTlsConnectionBaseStatus status;
gssize ret;
guint i;
gsize total_message_size;
- connection = g_tls_operations_thread_base_get_connection (base);
-
/* Calculate the total message size and check it’s not too big. */
for (i = 0, total_message_size = 0; i < num_vectors; i++)
total_message_size += vectors[i].size;
- if (g_tls_connection_base_is_dtls (connection) &&
+ if (is_dtls (self) &&
gnutls_dtls_get_data_mtu (self->session) < total_message_size)
{
char *message;
@@ -1154,18 +1151,18 @@ verify_certificate_cb (gnutls_session_t session)
GTlsOperationsThreadGnutls *self = gnutls_session_get_ptr (session);
gboolean accepted;
- g_assert (!self->peer_certificate);
- self->peer_certificate = get_peer_certificate (self);
+ g_assert (!self->op_peer_certificate);
+ self->op_peer_certificate = get_peer_certificate (self);
- if (self->peer_certificate)
+ if (self->op_peer_certificate)
{
accepted = g_tls_operations_thread_base_verify_certificate (G_TLS_OPERATIONS_THREAD_BASE (self),
- self->peer_certificate,
+ self->op_peer_certificate,
self->handshake_context);
}
else
{
- accepted = is_server (self) && self->auth_mode != G_TLS_AUTHENTICATION_REQUIRED;
+ accepted = is_server (self) && self->op_auth_mode != G_TLS_AUTHENTICATION_REQUIRED;
}
/* Return 0 for the handshake to continue, non-zero to terminate.
@@ -1257,13 +1254,13 @@ get_own_certificate_internals (GTlsOperationsThreadGnutls *self,
{
clear_own_certificate_internals (self);
- if (self->own_certificate)
+ if (self->op_own_certificate)
{
gnutls_privkey_t privkey;
gnutls_privkey_init (&privkey);
gnutls_privkey_set_pin_function (privkey, pin_request_cb, self);
- g_tls_certificate_gnutls_copy_internals (G_TLS_CERTIFICATE_GNUTLS (self->own_certificate),
+ g_tls_certificate_gnutls_copy_internals (G_TLS_CERTIFICATE_GNUTLS (self->op_own_certificate),
self->interaction_id,
pcert, pcert_length, &privkey);
*pkey = privkey;
@@ -1322,7 +1319,7 @@ retrieve_certificate_cb (gnutls_session_t session,
if (g_tls_operations_thread_base_request_certificate (G_TLS_OPERATIONS_THREAD_BASE (self),
self->op_cancellable,
- &self->own_certificate))
+ &self->op_own_certificate))
get_own_certificate_internals (self, pcert, pcert_length, pkey);
if (*pcert_length == 0)
@@ -1468,8 +1465,8 @@ g_tls_operations_thread_gnutls_finalize (GObject *object)
self->accepted_cas = NULL;
}
- g_assert (!self->peer_certificate);
- g_assert (!self->own_certificate);
+ g_assert (!self->op_peer_certificate);
+ g_assert (!self->op_own_certificate);
g_assert (!self->op_cancellable);
g_assert (!self->op_error);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
