1. Forum
  2. Usenet
  3. LINUX.DEBIAN.KERNEL

  • Bug#1106788: unblock: ktls-utils/1.0.0-1 (3/10)

    From Ben Hutchings@1:229/2 to All on Thu May 29 22:40:01 2025
    [continued from previous message]

    +From: Benjamin Coddington <[email protected]>
    +Date: Tue, 20 May 2025 09:06:19 -0400
    +Subject: tlshd: fix a regression for certificate verification
    +Origin: https://github.com/oracle/ktls-utils/commit/2f609c509e8c9087c584be96fe07a53e929a0746
    +Bug: https://github.com/oracle/ktls-utils/issues/98
    +
    +Commit b010190cfed2 left session_status unset for +GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR. Fix this by always setting
    +EACCESS in the error handling switch statement.
    +
    +Fixes: b010190cfed2 ("tlshd: Pass ETIMEDOUT from gnutls to kernel")
    +Closes: #98
    +Signed-off-by: Benjamin Coddington <[email protected]>
    +---
    + src/tlshd/handshake.c | 3 ++-
    + 1 file changed, 2 insertions(+), 1 deletion(-)
    +
    +diff --git a/src/tlshd/handshake.c b/src/tlshd/handshake.c
    +index 53c91e2..b9de6b3 100644
    +--- a/src/tlshd/handshake.c
    ++++ b/src/tlshd/handshake.c
    +@@ -90,6 +90,8 @@ void tlshd_start_tls_handshake(gnutls_session_t session,
    + } while (ret < 0 && !gnutls_error_is_fatal(ret));
    + tlshd_set_nagle(session, saved);
    + if (ret < 0) {
    ++ /* Any errors here should default to blocking access: */
    ++ parms->session_status = EACCES;
    + switch (ret) {
    + case GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR:
    + tlshd_log_cert_verification_error(session);
    +@@ -100,7 +102,6 @@ void tlshd_start_tls_handshake(gnutls_session_t session,
    + break;
    + default:
    + tlshd_log_notice("tlshd_start_tls_handshake unhandled error %d, returning EACCES\n", ret);
    +- parms->session_status = EACCES;
    + }
    + return;
    + }
    diff -Nru ktls-utils-0.11/debian/watch ktls-utils-1.0.0/debian/watch
    --- ktls-utils-0.11/debian/watch 2023-07-21 18:26:05.000000000 +0200
    +++ ktls-utils-1.0.0/debian/watch 2025-05-19 20:15:29.000000000 +0200
    @@ -1,4 +1,4 @@
    version=3
    -opts="mode=git, gitmode=shallow, pgpmode=gittag" \
    +opts="mode=git, gitmode=shallow" \
    https://github.com/oracle/ktls-utils.git \
    refs/tags/ktls-utils-(.*) debian
    diff -Nru ktls-utils-0.11/src/tlshd/Makefile.am ktls-utils-1.0.0/src/tlshd/Makefile.am
    --- ktls-utils-0.11/src/tlshd/Makefile.am 2024-06-14 16:54:21.000000000 +0200
    +++ ktls-utils-1.0.0/src/tlshd/Makefile.am 2025-05-05 19:58:55.000000000 +0200
    @@ -24,10 +24,11 @@

    sbin_PROGRAMS = tlshd
    tlshd_CFLAGS = -Werror -Wall -Wextra $(LIBGNUTLS_CFLAGS) \
    - $(LIBKEYUTILS_CFLAGS) $(GLIB_CFLAGS) $(LIBNL3_CFLAGS) + $(LIBKEYUTILS_CFLAGS) $(GLIB_CFLAGS) $(LIBNL3_CFLAGS) \
    + $(LIBNL_GENL3_CFLAGS)
    tlshd_SOURCES = client.c config.c handshake.c keyring.c ktls.c log.c \
    - main.c netlink.c netlink.h server.c tlshd.h
    + main.c netlink.c netlink.h server.c tlshd.h