* Give function parameters const correctness.
* Use similar variable names as the other backends -- this will reduce
the diff between them.
* Check for more kinds of errors in retrieving the peer's certificate.
* Log failure to generate fingerprints, like the MbedTLS backend does.
Use the variable name instead of its type as an argument to a sizeof
allocation. This will prevent possible future errors being introduced
when the type of the variable is changed, but the sizeof argument is
not updated.
* Add more debugging assertions
* Cancel timeouts and callbacks when handshake succeeds or hard fails
* Differentiate between kernel and library errors
* Increase F->handshake_count on handshake success
I'm still not exactly sure what this is even used for. It may be
removed from all backends at a later time if I find it's not being
used for anything important, as right now it can only have the values
0 or 1.
This is similar to commit db12df5c16 for
the MbedTLS backend.
The difference is, GNUTLS will not accept positive values as input to
gnutls_strerror(), so we invert the sign bit after retrieving the value
too, not just when storing it.
Also add a forgotten ssl_errno assignment to rb_ssl_connect_common().
This avoids a compiler warning regarding casting a file descriptor to a
pointer (as input to gnutls_transport_set_ptr()), and also ensures that
the pointer is valid for the lifetime of the session.
If gnutls_bye() fails with a fatal error, we would reattempt it again
and again, even though this may then go on to e.g. cause a segmentation
fault.
Now we just keep retrying if it was interrupted, in line with the other
backends, up to a maximum of 3 retries.
Yeah, I know, I said I was happy with it and wouldn't be changing it.
However, the new GNUTLS backend I'm working on has prompted this.
E.g. MbedTLS error codes and GNUTLS error codes are both negative ints,
but GNUTLS will not tolerate positive input values. Let's treat
both backends the same.
* Move file/data assignments to the top of the function
* Don't attempt to set a hardcoded P-384 ECDH key if we have the new
SSL_CTX_set1_curves_list() function (OpenSSL 1.0.2+)
* Rename variables consistent with other backends and wrap the function
arguments.
* Disable OpenSSL's disabling of TLS 1/n-1 record splitting.
In other words, enable TLS 1/n-1 record splitting.
* Other misc cleanups.
OpenSSL is perfectly capable of having a single context that is shared
by both client and server sessions alike; one simply needs to call
SSL_set_accept_state (for server) or SSL_set_connect_state (for client)
before attempting handshaking.