Bug#1106788: unblock: ktls-utils/1.0.0-1 (5/10)
From
Ben Hutchings@1:229/2 to
All on Thu May 29 22:40:01 2025
[continued from previous message]
+ tlshd_log_debug("client x509.private_key pathname \"%s\" is not accessible", pathname);
+ g_free(pathname);
return false;
}
@@ -321,6 +331,7 @@
return false;
} else if (access(pathname, F_OK)) {
tlshd_log_debug("server x509.truststore pathname \"%s\" is not accessible", pathname);
+ g_free(pathname);
return false;
}
@@ -357,6 +368,7 @@
return false;
} else if (access(pathname, F_OK)) {
tlshd_log_debug("server x509.certificate pathname \"%s\" is not accessible", pathname);
+ g_free(pathname);
return false;
}
@@ -378,6 +390,7 @@
tlshd_log_debug("Retrieved %u x.509 server certificate(s) from %s",
*certs_len, pathname);
+ g_free(pathname);
return true;
}
@@ -403,6 +416,7 @@
return false;
} else if (access(pathname, F_OK)) {
tlshd_log_debug("server x509.privkey pathname \"%s\" is not accessible", pathname);
+ g_free(pathname);
return false;
}
diff -Nru ktls-utils-0.11/src/tlshd/handshake.c ktls-utils-1.0.0/src/tlshd/handshake.c
--- ktls-utils-0.11/src/tlshd/handshake.c 2024-06-14 16:54:21.000000000 +0200
+++ ktls-utils-1.0.0/src/tlshd/handshake.c 2025-05-05 19:58:55.000000000 +0200
@@ -59,7 +59,7 @@
int ret;
- len = sizeof(saved);
+ len = sizeof(*saved);
ret = getsockopt(gnutls_transport_get_int(session),
IPPROTO_TCP, TCP_NODELAY, saved, &len);
if (ret < 0) {
@@ -94,10 +94,14 @@
case GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR:
tlshd_log_cert_verification_error(session);
break;
- default:
+ case -ETIMEDOUT:
tlshd_log_gnutls_error(ret);
+ parms->session_status = -ret;
+ break;
+ default:
+ tlshd_log_notice("tlshd_start_tls_handshake unhandled error %d, returning EACCES\n", ret);
+ parms->session_status = EACCES;
}
- parms->session_status = EACCES;
return;
}
@@ -115,22 +119,65 @@
void tlshd_service_socket(void)
{
struct tlshd_handshake_parms parms;
+ int ret;
if (tlshd_genl_get_handshake_parms(&parms) != 0)
goto out;
+ ret = gnutls_global_init