If gnutls_bye() fails with a fatal error, we would reattempt it again
and again, even though this may then go on to e.g. cause a segmentation
fault.
Now we just keep retrying if it was interrupted, in line with the other
backends, up to a maximum of 3 retries.
Yeah, I know, I said I was happy with it and wouldn't be changing it.
However, the new GNUTLS backend I'm working on has prompted this.
E.g. MbedTLS error codes and GNUTLS error codes are both negative ints,
but GNUTLS will not tolerate positive input values. Let's treat
both backends the same.
* Move file/data assignments to the top of the function
* Don't attempt to set a hardcoded P-384 ECDH key if we have the new
SSL_CTX_set1_curves_list() function (OpenSSL 1.0.2+)
* Rename variables consistent with other backends and wrap the function
arguments.
* Disable OpenSSL's disabling of TLS 1/n-1 record splitting.
In other words, enable TLS 1/n-1 record splitting.
* Other misc cleanups.
OpenSSL is perfectly capable of having a single context that is shared
by both client and server sessions alike; one simply needs to call
SSL_set_accept_state (for server) or SSL_set_connect_state (for client)
before attempting handshaking.
OpenSSL uses `unsigned long' type for its error codes, so that's
what (lib)ratbox used to store the error values.
Unfortunately, MbedTLS uses int, and its error codes are negative.
On machines where `int' and `long' are the same size, this could
result in storing a truncated error code.
This patch inverts the sign bit on error codes and then casts them
to unsigned long for storage.
MbedTLS itself (specifically, `mbedtls_strerror()') will function
properly with negative or positive input values. It even converts
negative input values to positive before checking them against the
list of known error codes!
See also: `library/error.c' in the MbedTLS 2.1+ distribution.
All 3 backends (MbedTLS, OpenSSL, GNUTLS) are going to have the same
function name for returning error strings. This will help to reduce the
diffs between them.
* Add generic direction enum for negotiation setup.
* Rename a rather long wrapper function to a shorter one consistent with
what it does.
* Rework context setup function.
* Don't check for handshake state before beginning handshaking.
The old backend began a handshake and then stepped into the callback
function if it was interrupted; the current one just jumps right into
it, so there is no need to check if it has previously succeeded,
because it hasn't been attempted yet.
* Add missing errno assignment to one of the handshake wrappers.
* Don't bother checking if SSL_P(F) is NULL when we already checked if
F->ssl is NULL -- this should be impossible.
* Don't bother checking if SSL_C(F) is NULL -- this was a no-op.
* Change the socket send and recv functions to not peer into a foreign
ratbox structure -- use the correct function to get the socket fd.
* Rewrap some lines and function arguments.
Other backends will be brought into line with this backend soon.
This will enable easier maintenance of the backends, by reducing the
diffs between them, which should make different behaviour easier to
spot.
At the moment, if a link quits in just the right (wrong [1]) way,
the quit reason will resemble:
<-- foo (~bar@baz) has quit (Read error: (-0x0) )
This should resolve that.
[1] Peers should send a close_notify alert before abruptly shutting
down their socket. This will result in a sane quit message:
<-- foo (~bar@baz) has quit (Read error: (-0x7880) SSL -
The peer notified us that the connection is going to be closed)
[ci skip]
