Bug#1106788: marked as done (unblock: ktls-utils/1.0.0-1) (2/3)
From
Debian Bug Tracking System@21:1/5 to
All on Fri May 30 00:40:01 2025
[continued from previous message]
+ len = sizeof(*saved);
ret = getsockopt(gnutls_transport_get_int(session),
IPPROTO_TCP, TCP_NODELAY, saved, &len);
if (ret < 0) {
@@ -94,10 +94,14 @@
case GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR:
tlshd_log_cert_verification_error(session);
break;
- default:
+ case -ETIMEDOUT:
tlshd_log_gnutls_error(ret);
+ parms->session_status = -ret;
+ break;
+ default:
+ tlshd_log_notice("tlshd_start_tls_handshake unhandled error %d, returning EACCES\n", ret);
+ parms->session_status = EACCES;
}
- parms->session_status = EACCES;
return;
}
@@ -115,22 +119,65 @@
void tlshd_service_socket(void)
{
struct tlshd_handshake_parms parms;
+ int ret;
if (tlshd_genl_get_handshake_parms(&parms) != 0)
goto out;
+ ret = gnutls_global_init();
+ if (ret != GNUTLS_E_SUCCESS) {
+ tlshd_log_gnutls_error(ret);
+ goto out;
+ }
+
+ if (tlshd_tls_debug)
+ gnutls_global_set_log_level(tlshd_tls_debug);
+ gnutls_global_set_log_function(tlshd_gnutls_log_func);
+ gnutls_global_set_audit_log_function(tlshd_gnutls_audit_func);
+
+#ifdef HAVE_GNUTLS_GET_SYSTEM_CONFIG_FILE
+ tlshd_log_debug("System config file: %s",
+ gnutls_get_system_config_file());
+#endif
+
switch (parms.handshake_type) {
case HANDSHAKE_MSG_TYPE_CLIENTHELLO:
- tlshd_clienthello_handshake(&parms);
+ switch (parms.ip_proto) {
+ case IPPROTO_TCP:
+ tlshd_tls13_clienthello_handshake(&parms);
+ break;
+#ifdef HAVE_GNUTLS_QUIC
+ case IPPROTO_QUIC:
+ tlshd_quic_clienthello_handshake(&parms);
+ break;
+#endif
+ default:
+ tlshd_log_debug("Unsupported ip_proto (%d)", parms.ip_proto);
+ parms.session_status = EOPNOTSUPP;
+ }
break;
case HANDSHAKE_MSG_TYPE_SERVERHELLO:
- tlshd_serverhello_handshake(&parms);
+ switch (parms.ip_proto) {
+ case IPPROTO_TCP:
+ tlshd_tls13_serverhello_handshake(&parms);
+ break;
+#ifdef HAVE_GNUTLS_QUIC
+ case IPPROTO_QUIC:
+ tlshd_quic_serverhello_handshake(&parms);
+ break;
+#endif
+ default:
+ tlshd_log_debug("Unsupported ip_proto (%d)", parms.ip_proto);
+ parms.session_status = EOPNOTSUPP;
+ }
break;
default:
tlshd_log_debug("Unrecognized handshake type (%d)",
parms.handshake_type);
}
+ gnutls_global_deinit();
+
out:
tlshd_genl_done(&parms);
diff -Nru ktls-utils-0.11/src/tlshd/main.c ktls-utils-1.0.0/src/tlshd/main.c --- ktls-utils-0.11/src/tlshd/main.c 2024-06-14 16:54:21.000000000 +0200
+++ ktls-utils-1.0.0/src/tlshd/main.c 2025-05-05 19:58:55.000000000 +0200
@@ -56,8 +56,9 @@
{ NULL, 0, NULL, 0 }
};
-void usage(char *progname) {
- fprintf(stderr, "usage: %s [-chsv]\n", progname);
+static void usage(char *progname)
+{
+ fprintf(stderr, "usage: %s [-chsv]\n", progname);
}
int main(int argc, char **argv)
diff -Nru ktls-utils-0.11/src/tlshd/netlink.c ktls-utils-1.0.0/src/tlshd/netlink.c
--- ktls-utils-0.11/src/tlshd/netlink.c 2024-06-14 16:54:21.000000000 +0200
+++ ktls-utils-1.0.0/src/tlshd/netlink.c 2025-05-05 19:58:55.000000000 +0200
@@ -237,6 +237,7 @@
struct nlattr *tb[HANDSHAKE_A_ACCEPT_MAX + 1];
struct tlshd_handshake_parms *parms = arg;
char *peername = NULL;
+ socklen_t optlen;
int err;
tlshd_log_debug("Parsing a valid netlink message\n");
@@ -255,6 +256,12 @@
tlshd_log_perror("getpeername");
return NL_STOP;
}
+ optlen = sizeof(parms->ip_proto);
+ i