| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
| |
And we block ourselves until the socket is available. This is to
be able to lock over the ssl object and avoid deadlocks when writing
and reading at the same time.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This is mostly harmless, but it causes a spurious wakeup the first time
a TLS source is created while an op is waiting. The cancellable source
fires immediately instead of when the op is yielded.
The cancellation here is not required for correctness because
tls_source_sync() will use a timeout source instead if there is no op or
IO waiting.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If handshake_context is reused -- i.e., it is assigned to using
g_main_context_ref_thread_default() rather than g_main_context_new() and
g_main_context_push_thread_default() -- then we do not need to, and must
not, pop it before emitting the accept-certificate callback. I was
thinking that reffing the thread default context would increase its
"reference count" on the stack, such that the pop call here would be
paired with the ref and ultimately ignored. That's absolutely not how it
works.
We'll invert the meaning of sync_handshake_completed to become
sync_handshake_in_progress so that we can reuse it here.
Fixes #85
|
| |
|
|
|
| |
We do have tests to cover explicit sync handshake, but they didn't catch
this.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The FIXME is wrong. I misunderstood the purpose of this test when adding
the FIXME. The point of the test is to see what happens when the
GTlsInteraction's certificate request fails. Our mock request uses
G_FILE_ERROR_ACCES in this case, so that's the error we should expect.
We spent some time today on IRC trying to debug why we were getting
G_TLS_CERTIFICATE_ERROR instead for GnuTLS. Turns out, we're not. The
preprocessor guard is just misleading. OPENSSL_VERSION_NUMBER is not
defined when compiling for GnuTLS, so that turns into 0, and 0 <
0x10101000L, so we actually are building the first case here, not the
second. Whoops!
Fixes #87
|
| |
|
|
|
|
|
|
|
|
| |
LeakSanitizer is crashing occasionally on the CI. Let's reduce the odds
of this happening by running the tests under asan only once per run.
Additionally, let's be a bit less aggressive with repeating the tests to
try to finish more quickly.
Sort of fixes #86
|
| |
|
|
| |
Fixes https://gitlab.gnome.org/GNOME/glib-networking/issues/78
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a fun non-mutex deadlock here (backtrace below). Problem is
that after the client's handshake thread completes, then
handshake_thread_completed() is called in the client, during which
g_task_return_boolean() will be called to end the asynchronous operation
started with g_tls_connection_base_handshake_async(). Everything goes
fine if g_task_return() decides to execute its callback on the next
iteration of the main context, which is what usually happens when
running this test. But sometimes it executes its callback immediately
instead, which is legal, documentated behavior of GTask. So we need to
be prepared for this to happen. When it does, the test's
socket_client_timed_out_write() is then executed, and control will not
return to the main context until this function call completes. i.e. the
main context iteration cannot proceed until
socket_client_timed_out_write() is finished. But this callback is
performing a synchronous read, first to test that the read works
properly, then to test what happens when it times out. The problem is
the *first* read will time out, because it can't proceed until the
server writes data. But the server cannot write data, because its main
context is blocked waiting for the client to read the data that is not
forthcoming. So the first read will time out instead. Drat!
This is the only affected test because this is the only test that tests
writing after an explicit async handshake. (GSocketClient is kind enough
to perform an explicit handshake for us. Most of our tests trigger
implicit handshakes instead.)
(gdb) bt
#0 0x00007ffff7a6eeb5 in raise () from /lib64/libc.so.6
#1 0x00007ffff7a59895 in abort () from /lib64/libc.so.6
#2 0x00007ffff7ca8e0f in g_assertion_message (domain=0x40d07c "GLib-Net",
file=0x40d040 "../../../../Projects/glib-networking/tls/tests/connection.c", line=1480,
func=0x40e2d0 <__func__.28691> "socket_client_timed_out_write",
message=0x5c4d10 "assertion failed (error == NULL): Socket I/O timed out (g-io-error-quark, 24)")
at ../../../../Projects/glib/glib/gtestutils.c:2860
#3 0x00007ffff7ca92ea in g_assertion_message_error (domain=0x40d07c "GLib-Net",
file=0x40d040 "../../../../Projects/glib-networking/tls/tests/connection.c", line=1480,
func=0x40e2d0 <__func__.28691> "socket_client_timed_out_write", expr=0x40d0e8 "error", error=0x460b00,
error_domain=0, error_code=0) at ../../../../Projects/glib/glib/gtestutils.c:2975
#4 0x0000000000408de5 in socket_client_timed_out_write (source=0x413960, result=0x454100, user_data=0x449580)
at ../../../../Projects/glib-networking/tls/tests/connection.c:1480
#5 0x00007ffff7e848ff in g_task_return_now (task=0x454100) at ../../../../Projects/glib/gio/gtask.c:1209
#6 0x00007ffff7e84ab8 in g_task_return (task=0x454100, type=G_TASK_RETURN_SUCCESS)
at ../../../../Projects/glib/gio/gtask.c:1281
#7 0x00007ffff7e85585 in g_task_return_pointer (task=0x454100, result=0x8e1890,
result_destroy=0x7ffff7d7d45b <g_object_unref>) at ../../../../Projects/glib/gio/gtask.c:1686
#8 0x00007ffff7e774ff in g_socket_client_async_connect_complete (data=0x452ca0)
at ../../../../Projects/glib/gio/gsocketclient.c:1442
#9 0x00007ffff7e77718 in g_socket_client_tls_handshake_callback (object=0x4731b0, result=0x454280,
user_data=0x452ca0) at ../../../../Projects/glib/gio/gsocketclient.c:1501
#10 0x00007ffff7e848ff in g_task_return_now (task=0x454280) at ../../../../Projects/glib/gio/gtask.c:1209
#11 0x00007ffff7e84ab8 in g_task_return (task=0x454280, type=G_TASK_RETURN_SUCCESS)
at ../../../../Projects/glib/gio/gtask.c:1281
#12 0x00007ffff7e85961 in g_task_return_boolean (task=0x454280, result=1)
at ../../../../Projects/glib/gio/gtask.c:1798
#13 0x00007ffff7c14bb4 in handshake_thread_completed (object=0x4731b0, result=0x454040, user_data=0x454280)
at ../../../../Projects/glib-networking/tls/base/gtlsconnection-base.c:1613
#14 0x00007ffff7e848ff in g_task_return_now (task=0x454040) at ../../../../Projects/glib/gio/gtask.c:1209
#15 0x00007ffff7e84996 in complete_in_idle_cb (task=0x454040) at ../../../../Projects/glib/gio/gtask.c:1225
#16 0x00007ffff7c7bb96 in g_idle_dispatch (source=0x7fffec006b20, callback=0x7ffff7e8494d <complete_in_idle_cb>,
user_data=0x454040) at ../../../../Projects/glib/glib/gmain.c:5633
#17 0x00007ffff7c78f95 in g_main_dispatch (context=0x4496f0) at ../../../../Projects/glib/glib/gmain.c:3196
#18 0x00007ffff7c79e8d in g_main_context_dispatch (context=0x4496f0) at ../../../../Projects/glib/glib/gmain.c:3862
#19 0x00007ffff7c7a071 in g_main_context_iterate (context=0x4496f0, block=1, dispatch=1, self=0x448960)
at ../../../../Projects/glib/glib/gmain.c:3935
#20 0x00007ffff7c7a4a0 in g_main_loop_run (loop=0x428070) at ../../../../Projects/glib/glib/gmain.c:4129
#21 0x00000000004090ca in test_connection_read_time_out_write (test=0x449580, data=0x0)
at ../../../../Projects/glib-networking/tls/tests/connection.c:1523
#22 0x00007ffff7ca82f4 in test_case_run (tc=0x42baa0) at ../../../../Projects/glib/glib/gtestutils.c:2579
#23 0x00007ffff7ca86b0 in g_test_run_suite_internal (suite=0x4208c0,
path=0x7fffffffd838 "/tls/connection/read-time-out-then-write")
at ../../../../Projects/glib/glib/gtestutils.c:2667
#24 0x00007ffff7ca8759 in g_test_run_suite_internal (suite=0x4208a0,
path=0x7fffffffd838 "/tls/connection/read-time-out-then-write")
at ../../../../Projects/glib/glib/gtestutils.c:2679
#25 0x00007ffff7ca8759 in g_test_run_suite_internal (suite=0x420880,
path=0x7fffffffd838 "/tls/connection/read-time-out-then-write")
at ../../../../Projects/glib/glib/gtestutils.c:2679
#26 0x00007ffff7ca8947 in g_test_run_suite (suite=0x420880) at ../../../../Projects/glib/glib/gtestutils.c:2751
#27 0x00007ffff7ca754c in g_test_run () at ../../../../Projects/glib/glib/gtestutils.c:1989
#28 0x000000000040bcc1 in main (argc=1, argv=0x7fffffffd448)
at ../../../../Projects/glib-networking/tls/tests/connection.c:2287
|
| | |
|
| |
|
| |
This reverts commit 2b519213dd800a3bafae2a16206f33a6883c268f
|
| |
|
| |
See: #86
|
| | |
|
| |
|
|
| |
The certificate verification happens on handshake on our case
|
| | |
|
| |
|
|
| |
It's passing again.
|
| |
|
|
|
|
|
|
|
| |
This effectively reverts 9e762996. It's required to solve a race in the
client auth failure test. We need to check for an error on the server
and then run the next test, but the expected_server_error functionality
isn't expressive enough to actually do that. So just manually add waits
everywhere instead, to make sure the server is finished, and then check
for the error. This is actually simpler than before anyway!
|
| |
|
|
| |
This is now unused.
|
| |
|
|
|
|
|
|
| |
This error needs to be checked when the server is closed. There's a
small but significant chance that might not have happened yet at this
point. We have already set expected_server_error to ensure the assert
happens, so this misplaced check is redundant and it's a simple mistake
that it wasn't removed already.
|
| |
|
|
| |
Back to the way it was before....
|
| |
|
|
| |
This is the same as before, except easier to read.
|
| |
|
|
|
| |
It's unclear why this was not previously a problem, but we certainly
need to unref the source after attaching it.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
With a new version of openssl when shutting down it is highly
possible to get G_IO_ERROR_BROKEN_PIPE when writing the openssl
shutdown data. This is expected and we should not error out.
|
| |
|
|
| |
Oops.
|
| |
|
|
| |
GnuTLS will handle the copying.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The SSL_set_verify callback is only called if the verify
method is called and openssl seems to call this only for the
client
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
If we try to get the peer certificate out of the ssl object
from inside the verify callback it will return null since
the peer certificate has not been accepted yet. Instead we
need to store the peer certificate when doing the verification
out of the X509_CTX
|
| | |
|
| |
|
|
| |
Port of 206c6b252becd613da6ecf8d18d2446bd57091b2
|
| |
|
|
| |
Port of 373813f05a3db3d1b73dd52eb30776fc79536d0c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I was hoping to avoid a huge unreadable commit like this, but it's just
not practical to do otherwise. This commit unifies three very distinct
branches of the code:
* glib-networking master, GnuTLS backend: currently in the best shape,
and most up-to-date, but not using the base classes
* glib-networking master, OpenSSL backend: uses the base classes, but
missing the past 2.5 years' of development on the GnuTLS backend
* glib-networking wip/tlssplit branch, where GnuTLS does use the base
classes, but everything is 2.5 years' outdated
The main conflicts here were the addition of DTLS support and the
certificate verification rework.
Fixes #74
|
| | |
|
| |
|
|
|
|
|
| |
There's no reason for this to be derivable. It has one vfunc that is not
needed because nothing inherits from it. (It used to be derivable for
GnuTLS only to support the old GnuTLS PKCS#11 backend's separate
GTlsDatabase.)
|
| |
|
|
| |
Port 1ba8c0bffbc27605d7188c16f71a0964d6b49f6f
|
| |
|
|
| |
Port f856e264e917d82131e441f19e73b08a7644cc55
|
| |
|
|
| |
Port of 1f6717ed8e8d8cf71e91812ac3f3f3a782bf16ef
|
| |
|
|
| |
As in bb69e58f7e9ddf9983183c5d19108d4ca634d332
|
| |
|
|
|
|
| |
This is a port of e5dac2ba5f21fc53f1461992224cf56e4a345cdb. Previously,
only the first portion of the commit had been adopted by the base
classes.
|
| |
|
|
| |
Port of 6e84378392696c8780addfc8b9c958cb6917a81a and 40285bf52105c782730dff2e85d7c21efefa150a
|
