Re: [gtk-vnc-devel] PATCH: Fix handling of TLS
- From: Anthony Liguori <anthony codemonkey ws>
- To: "Daniel P. Berrange" <berrange redhat com>
- Cc: gtk-vnc-devel <gtk-vnc-devel lists sourceforge net>
- Subject: Re: [gtk-vnc-devel] PATCH: Fix handling of TLS
- Date: Tue, 31 Jul 2007 20:39:23 -0500
Daniel P. Berrange wrote:
On Thu, Jul 26, 2007 at 05:41:15PM +0100, Daniel P. Berrange wrote:
For some reason I can't now believe, when I wrote the TLS support for GTK-VNC
I made it do the IO yield inside our gvnc_tls_push/pull functions. We were
lucky and this worked before. Now that we have interruptable sleeps though,
we could get interrupted while in our push/pull functions, and then call
back into more GNU TLS APIs. This is totally disasterous because they're
not intended to be re-entrant safe in this way. The fix is trivial, just
do the IO yield based on the gnutls_read/gnutls_write function return status.
In doing this we also need to yeild if the gnutls_handshake function blocks.
The attached patch fixes this, and removes the hardcoded 'foo' for the cert
hostname check. So TLS now works correctly & I've confirmed Anthony's patch
for interruptable waits is working as planned.
Since I figured no negative feedback is positive feedback I pushed this
change to HG. I split it into 3 separate commits since the patch really
had 3 logically separate fixes. Let me know if there's any problems with
it & i'll fix them - it didn't change the semantics of non-TLS code so
I doubt there are any.
Sorry, I missed a few emails. The commits look fine though.
Regards,
Anthony Liguor
Regards,
Dan.
[Date Prev][
Date Next] [Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
