Hello community,
here is the log from the commit of package glib-networking for openSUSE:Factory checked in at 2019-04-10 23:10:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/glib-networking (Old)
and /work/SRC/openSUSE:Factory/.glib-networking.new.27019 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "glib-networking"
Wed Apr 10 23:10:15 2019 rev:61 rq:692200 version:2.60.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/glib-networking/glib-networking.changes 2019-04-01 12:31:11.297761057 +0200
+++ /work/SRC/openSUSE:Factory/.glib-networking.new.27019/glib-networking.changes 2019-04-10 23:10:17.723912530 +0200
@@ -1,0 +2,14 @@
+Fri Apr 5 14:47:33 UTC 2019 - Vítězslav Čížek
From 1ce6b40da8ecbf997c5522a592a122e805aa81c4 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro
Date: Wed, 3 Apr 2019 18:00:55 -0500 Subject: [PATCH] gnutls: Handle new GNUTLS_E_CERTIFICATE_REQUIRED
This new error in GnuTLS 3.6.7 should correspond to
G_TLS_ERROR_CERTIFICATE_REQUIRED. This fixes our client auth tests when
run with GnuTLS 3.6.7.
Fixes #70
---
tls/gnutls/gtlsconnection-gnutls.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index 27bbbcd..774d668 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -1062,7 +1062,11 @@ end_gnutls_io (GTlsConnectionGnutls *gnutls,
else
return 0;
}
- else if (status == GNUTLS_E_NO_CERTIFICATE_FOUND)
+ else if (status == GNUTLS_E_NO_CERTIFICATE_FOUND
+#ifdef GNUTLS_E_CERTIFICATE_REQUIRED
+ || status == GNUTLS_E_CERTIFICATE_REQUIRED /* Added in GnuTLS 3.6.7 */
+#endif
+ )
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
_("TLS connection peer did not send a certificate"));
--
2.21.0
++++++ glib-networking-2.60.0.1.tar.xz -> glib-networking-2.60.1.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-networking-2.60.0.1/NEWS new/glib-networking-2.60.1/NEWS
--- old/glib-networking-2.60.0.1/NEWS 2019-03-12 22:15:58.000000000 +0100
+++ new/glib-networking-2.60.1/NEWS 2019-04-02 04:55:21.000000000 +0200
@@ -1,3 +1,9 @@
+2.60.1 - April 1, 2019
+======================
+
+- Improve reliability of client auth failure tests (#66)
+- Fix excessive CPU usage after sync handshake (#69)
+
2.60.0.1 - March 12, 2019
=========================
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-networking-2.60.0.1/meson.build new/glib-networking-2.60.1/meson.build
--- old/glib-networking-2.60.0.1/meson.build 2019-03-12 22:15:58.000000000 +0100
+++ new/glib-networking-2.60.1/meson.build 2019-04-02 04:55:21.000000000 +0200
@@ -1,6 +1,6 @@
project(
'glib-networking', 'c',
- version: '2.60.0.1',
+ version: '2.60.1',
license: 'LGPL2.1+',
meson_version: '>= 0.47.0',
default_options: ['c_std=c11']
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-networking-2.60.0.1/po/hr.po new/glib-networking-2.60.1/po/hr.po
--- old/glib-networking-2.60.0.1/po/hr.po 2019-03-12 22:15:58.000000000 +0100
+++ new/glib-networking-2.60.1/po/hr.po 2019-04-02 04:55:21.000000000 +0200
@@ -6,9 +6,10 @@
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2018-07-27 21:02+0000\n"
-"PO-Revision-Date: 2018-09-02 18:22+0200\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-26 12:38+0100\n"
"Last-Translator: gogo
\n"
"Language: hr\n"
@@ -16,7 +17,7 @@
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Launchpad-Export-Date: 2017-04-10 14:16+0000\n"
-"X-Generator: Poedit 2.1.1\n"
+"X-Generator: Poedit 2.0.6\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
@@ -24,79 +25,113 @@
msgid "Proxy resolver internal error."
msgstr "Unutrašnja greška proxy razrješitelja."
-#: tls/gnutls/gtlscertificate-gnutls.c:182
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Povezivanje je zatvoreno"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Radnja će blokirati"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Poslužitelj zahtijeva TLS vjerodajnicu"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Nemoguća analiza DER vjerodajnica: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:203
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Nemoguća analiza PEM vjerodajnica: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:234
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Nemoguća analiza DER privatnog ključa: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:265
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Nemoguća analiza PEM privatnog ključa: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:304
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
msgid "No certificate data provided"
msgstr "Nema pruženih podataka vjerodajnica"
-#: tls/gnutls/gtlsclientconnection-gnutls.c:447
-msgid "Server required TLS certificate"
-msgstr "Poslužitelj zahtijeva TLS vjerodajnicu"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:398
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Nemoguće stvaranje TLS povezivanja: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:711
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
-msgid "Connection is closed"
-msgstr "Povezivanje je zatvoreno"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Ne može se izvesti radnja blokiranja tijekom TLS rukovanja"
-#: tls/gnutls/gtlsconnection-gnutls.c:828
-#: tls/gnutls/gtlsconnection-gnutls.c:1432
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
msgid "Socket I/O timed out"
msgstr "Istek vremena U/I priključnice"
-#: tls/gnutls/gtlsconnection-gnutls.c:973
-#: tls/gnutls/gtlsconnection-gnutls.c:1006
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
msgid "Peer failed to perform TLS handshake"
msgstr "Čvor je odbio izvesti TLS rukovanje"
-#: tls/gnutls/gtlsconnection-gnutls.c:991
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
msgid "Peer requested illegal TLS rehandshake"
msgstr "Čvor zahtjeva ilegalno TLS ponovno rukovanje"
-#: tls/gnutls/gtlsconnection-gnutls.c:1012
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
msgid "TLS connection closed unexpectedly"
msgstr "TLS povezivanje je neočekivano zatvoreno"
-#: tls/gnutls/gtlsconnection-gnutls.c:1022
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
msgid "TLS connection peer did not send a certificate"
msgstr "TLS čvor povezivanja nije poslao vjerodajnicu"
-#: tls/gnutls/gtlsconnection-gnutls.c:1028
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Neprihvatljiva TLS vjerodajnica"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Kobno slanje točke TLS upozorenje: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1040
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
msgid "Protocol version downgrade attack detected"
msgstr "Vraćena je starija inačica protokola, napad otkriven"
-#: tls/gnutls/gtlsconnection-gnutls.c:1047
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
@@ -104,44 +139,36 @@
msgstr[1] "Poruka je prevelika za DTLS povezivanje; najviše je %u bajta"
msgstr[2] "Poruka je prevelika za DTLS povezivanje; najviše je %u bajta"
-#: tls/gnutls/gtlsconnection-gnutls.c:1054
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
msgid "The operation timed out"
msgstr "Istek vremena radnje"
-#: tls/gnutls/gtlsconnection-gnutls.c:1820
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
msgid "Peer does not support safe renegotiation"
msgstr "Točka ne podržava sigurne pregovore"
-#: tls/gnutls/gtlsconnection-gnutls.c:1847
-#: tls/gnutls/gtlsconnection-gnutls.c:1899
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
msgid "Error performing TLS handshake"
msgstr "Greška izvođenja TLS rukovanja"
-#: tls/gnutls/gtlsconnection-gnutls.c:1909
-msgid "Server did not return a valid TLS certificate"
-msgstr "Poslužitelj nije vratio valjanu TLS vjerodajnicu"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1991
-msgid "Unacceptable TLS certificate"
-msgstr "Neprihvatljiva TLS vjerodajnica"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2264
-#: tls/gnutls/gtlsconnection-gnutls.c:2356
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
msgid "Error reading data from TLS socket"
msgstr "Greška čitanja podataka iz TLS priključnice"
-#: tls/gnutls/gtlsconnection-gnutls.c:2386
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
#, c-format
msgid "Receive flags are not supported"
msgstr "Primanje oznaka nije podržano"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2463
-#: tls/gnutls/gtlsconnection-gnutls.c:2535
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
msgid "Error writing data to TLS socket"
msgstr "Greška zapisivanja podataka u TLS priključnicu"
-#: tls/gnutls/gtlsconnection-gnutls.c:2505
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
@@ -149,7 +176,7 @@
msgstr[1] "Poruka veličine %lu bajta je prevelika za DTLS povezivanje"
msgstr[2] "Poruka veličine %lu bajta je prevelika za DTLS povezivanje"
-#: tls/gnutls/gtlsconnection-gnutls.c:2507
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
@@ -157,12 +184,12 @@
msgstr[1] "(najviše je %u bajta)"
msgstr[2] "(najviše je %u bajta)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2566
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
#, c-format
msgid "Send flags are not supported"
msgstr "Slanje oznaka nije podržano"
-#: tls/gnutls/gtlsconnection-gnutls.c:2669
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
msgid "Error performing TLS close"
msgstr "Greška izvođenja TLS zatvaranja"
@@ -180,44 +207,82 @@
msgstr "Neuspjelo učitavanje spremnika povjerenja sustava: %s"
#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
msgid "Certificate has no private key"
msgstr "Vjerodajnica nema privatni ključ"
-#: tls/pkcs11/gpkcs11pin.c:111
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Ovo je posljednja šansa za upis PIN-a ispravno prije nego što se token "
-"zaključa."
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nemoguće stvaranje TLS sadržaja: %s"
-#: tls/pkcs11/gpkcs11pin.c:113
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Nekoliko PIN-ova je neispravno, i token će biti zaključan nakon budućih "
-"neuspjeha."
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Sadržaj je prevelik za RSA ključ"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Greška izvođenja TLS rukovanja: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:390
+msgid "Server did not return a valid TLS certificate"
+msgstr "Poslužitelj nije vratio valjanu TLS vjerodajnicu"
+
+#: tls/openssl/gtlsconnection-openssl.c:504
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Greška čitanja podataka iz TLS priključnice: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:530
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Greška zapisivanja podataka u TLS priključnicu: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:556
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Greška izvođenja TLS zatvaranja: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Postoji problem s vjerodajnicom: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Postoji problem s privatnim ključem vjerodajnice: %s"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Ovo je posljednja šansa za upis PIN-a ispravno prije nego što se token "
+#~ "zaključa."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Nekoliko PIN-ova je neispravno, i token će biti zaključan nakon budućih "
+#~ "neuspjeha."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Upisani PIN je neispravan."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 pokazivač modula"
-#: tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "Upisani PIN je neispravan."
-
-#: tls/pkcs11/gpkcs11slot.c:447
-msgid "Module"
-msgstr "Modul"
-
-#: tls/pkcs11/gpkcs11slot.c:448
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 pokazivač modula"
-
-#: tls/pkcs11/gpkcs11slot.c:455
-msgid "Slot ID"
-msgstr "ID utora"
-
-#: tls/pkcs11/gpkcs11slot.c:456
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 identifikator utora"
+#~ msgid "Slot ID"
+#~ msgstr "ID utora"
-#~ msgid "Operation would block"
-#~ msgstr "Radnja će blokirati"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 identifikator utora"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-networking-2.60.0.1/tls/gnutls/gtlsconnection-gnutls.c new/glib-networking-2.60.1/tls/gnutls/gtlsconnection-gnutls.c
--- old/glib-networking-2.60.0.1/tls/gnutls/gtlsconnection-gnutls.c 2019-03-12 22:15:58.000000000 +0100
+++ new/glib-networking-2.60.1/tls/gnutls/gtlsconnection-gnutls.c 2019-04-02 04:55:21.000000000 +0200
@@ -203,7 +203,7 @@
* future operations). ever_handshaked indicates that TLS has
* been successfully negotiated at some point.
*/
- gboolean need_handshake, need_finish_handshake;
+ gboolean need_handshake, need_finish_handshake, sync_handshake_completed;
gboolean started_handshake, handshaking, ever_handshaked;
GMainContext *handshake_context;
GTask *implicit_handshake;
@@ -1835,7 +1835,7 @@
}
static void
-update_peer_certificate (GTlsConnectionGnutls *gnutls)
+update_peer_certificate_and_compute_errors (GTlsConnectionGnutls *gnutls)
{
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
@@ -1863,15 +1863,18 @@
}
static gboolean
-accept_peer_certificate (GTlsConnectionGnutls *gnutls,
- GTlsCertificate *peer_certificate,
- GTlsCertificateFlags peer_certificate_errors)
+accept_or_reject_peer_certificate (gpointer user_data)
{
+ GTlsConnectionGnutls *gnutls = user_data;
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
gboolean accepted = FALSE;
g_assert (g_main_context_is_owner (priv->handshake_context));
+ g_mutex_lock (&priv->verify_certificate_mutex);
+
+ update_peer_certificate_and_compute_errors (gnutls);
+
if (G_IS_TLS_CLIENT_CONNECTION (gnutls) && priv->peer_certificate != NULL)
{
GTlsCertificateFlags validation_flags;
@@ -1883,34 +1886,20 @@
validation_flags =
g_dtls_client_connection_get_validation_flags (G_DTLS_CLIENT_CONNECTION (gnutls));
- if ((peer_certificate_errors & validation_flags) == 0)
+ if ((priv->peer_certificate_errors & validation_flags) == 0)
accepted = TRUE;
}
if (!accepted)
{
+ g_main_context_pop_thread_default (priv->handshake_context);
accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (gnutls),
- peer_certificate,
- peer_certificate_errors);
+ priv->peer_certificate,
+ priv->peer_certificate_errors);
+ g_main_context_push_thread_default (priv->handshake_context);
}
- return accepted;
-}
-
-static gboolean
-accept_certificate_cb (gpointer user_data)
-{
- GTlsConnectionGnutls *gnutls = user_data;
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
-
- g_assert (g_main_context_is_owner (priv->handshake_context));
-
- g_mutex_lock (&priv->verify_certificate_mutex);
-
- update_peer_certificate (gnutls);
- priv->peer_certificate_accepted = accept_peer_certificate (gnutls,
- priv->peer_certificate,
- priv->peer_certificate_errors);
+ priv->peer_certificate_accepted = accepted;
/* This has to be the very last statement before signaling the
* condition variable because otherwise the code could spuriously
@@ -1944,7 +1933,7 @@
* is emitted on the original thread.
*/
g_assert (priv->handshake_context);
- g_main_context_invoke (priv->handshake_context, accept_certificate_cb, gnutls);
+ g_main_context_invoke (priv->handshake_context, accept_or_reject_peer_certificate, gnutls);
/* We'll block the handshake thread until the original thread has
* decided whether to accept the certificate.
@@ -2163,7 +2152,7 @@
* anything with the result here.
*/
g_mutex_lock (&priv->verify_certificate_mutex);
- update_peer_certificate (gnutls);
+ update_peer_certificate_and_compute_errors (gnutls);
priv->peer_certificate_examined = TRUE;
priv->peer_certificate_accepted = TRUE;
g_mutex_unlock (&priv->verify_certificate_mutex);
@@ -2198,7 +2187,7 @@
g_assert (g_main_context_is_owner (priv->handshake_context));
g_mutex_lock (&priv->op_mutex);
- priv->need_finish_handshake = TRUE;
+ priv->sync_handshake_completed = TRUE;
g_mutex_unlock (&priv->op_mutex);
g_main_context_wakeup (priv->handshake_context);
@@ -2215,8 +2204,8 @@
* here. So need_finish_handshake should only change on this thread.
*/
g_mutex_lock (&priv->op_mutex);
- priv->need_finish_handshake = FALSE;
- while (!priv->need_finish_handshake && !g_cancellable_is_cancelled (cancellable))
+ priv->sync_handshake_completed = FALSE;
+ while (!priv->sync_handshake_completed && !g_cancellable_is_cancelled (cancellable))
{
g_mutex_unlock (&priv->op_mutex);
g_main_context_iteration (priv->handshake_context, TRUE);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-networking-2.60.0.1/tls/openssl/meson.build new/glib-networking-2.60.1/tls/openssl/meson.build
--- old/glib-networking-2.60.0.1/tls/openssl/meson.build 2019-03-12 22:15:58.000000000 +0100
+++ new/glib-networking-2.60.1/tls/openssl/meson.build 2019-04-02 04:55:21.000000000 +0200
@@ -35,10 +35,13 @@
)
if get_option('static_modules')
+ # link_whole is a workaround for a meson bug
+ # https://github.com/mesonbuild/meson/pull/3939
static_library('gioopenssl',
objects: module.extract_all_objects(),
install: true,
- install_dir: gio_module_dir
+ install_dir: gio_module_dir,
+ link_whole: [tlsbase]
)
pkg.generate(module)
endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-networking-2.60.0.1/tls/tests/connection.c new/glib-networking-2.60.1/tls/tests/connection.c
--- old/glib-networking-2.60.0.1/tls/tests/connection.c 2019-03-12 22:15:58.000000000 +0100
+++ new/glib-networking-2.60.1/tls/tests/connection.c 2019-04-02 04:55:21.000000000 +0200
@@ -459,9 +459,18 @@
g_io_stream_close_finish (G_IO_STREAM (object), res, &error);
if (test->expected_client_close_error)
- g_assert_error (error, test->expected_client_close_error->domain, test->expected_client_close_error->code);
+ {
+ /* Although very rare, it's OK for broken pipe errors to not occur here if
+ * they have already occured earlier during a read. If so, there should be
+ * no error here at all.
+ */
+ if (error || !g_error_matches (test->expected_client_close_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))
+ g_assert_error (error, test->expected_client_close_error->domain, test->expected_client_close_error->code);
+ }
else
- g_assert_no_error (error);
+ {
+ g_assert_no_error (error);
+ }
g_main_loop_quit (test->loop);
}
@@ -1123,9 +1132,12 @@
read_test_data_async (test);
g_main_loop_run (test->loop);
+ /* In TLS 1.2 we'll notice that a server cert was requested. For TLS 1.3 we
+ * just get dropped, usually G_TLS_ERROR_MISC but possibly also broken pipe.
+ */
if (client_can_receive_certificate_required_errors (test))
g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
- else
+ else if (!g_error_matches (test->read_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))
g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_MISC);
g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
@@ -1319,7 +1331,7 @@
/* FIXME: G_FILE_ERROR_ACCES is not a very great error to get here. */
if (client_can_receive_certificate_required_errors (test))
g_assert_error (test->read_error, G_FILE_ERROR, G_FILE_ERROR_ACCES);
- else
+ else if (!g_error_matches (test->read_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))
g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_MISC);
g_io_stream_close (test->server_connection, NULL, NULL);