GNOME Bugzilla – Bug 653645
During pending establishing connections to SSL-sites lib "fire" error-signals
Last modified: 2011-08-25 22:57:11 UTC
During pending establishing connections to SSL-sites lib "fire" error-signals caused by GNUTLS_E_AGAIN and GNUTLS_E_REHANDSHAKE
Created attachment 190931 [details] [review] Cleanup pending connection errors
Comment on attachment 190931 [details] [review] Cleanup pending connection errors What circumstances are you seeing problems in? Ignoring GNUTLS_E_AGAIN means that you break non-blocking I/O. Note that if you have glib-networking 2.28.6, there was a bug that resulted in GErrors being set when no error had occurred, and you should upgrade to 2.28.6.1 or 2.28.7 to fix that.
These errors occur on sites where required client-certificate auth
Yes I am using 2.28.6, I'll check this on 2.28.7 Thank you Dan
So, changes from 2.28.6 -> 2.28.6.1 not help, here log of my client program: (***********): GLib-GObject-WARNING **: Two different plugins tried to register 'GTlsBackendGnutls'. (***********): GLib-GObject-CRITICAL **: g_type_add_interface_dynamic: assertion `G_TYPE_IS_INSTANTIATABLE (instance_type)' failed (***********): GLib-GIO-WARNING **: Tried to register an extension of the type (null) to extension point gio-tls-backend. Expected type is GTlsBackend. >>> [***********] load_commit_cb(): uri=https://xxx.xxx.com/clientssl >>> [***********] Loading... [ Download your certificate (0%) ] >>> [***********] Loading... [ Download your certificate (50%) ] (*) Direct/Interface: Loaded 'PNG' implementation of 'IDirectFBImageProvider'. >>> [***********] Loading... [ Download your certificate (90%) ] >>> [***********] load_done_cb() success=1 >>> [***********] Loading... [ Download your certificate (100%) ] >>> [***********] load_finished_cb() Loading is finished. (***********): GLib-WARNING **: GError set over the top of a previous GError or uninitialized memory. This indicates a bug in someone's code. You must ensure an error is NULL before it's set. The overwriting error message was: Error receiving data: Resource temporarily unavailable (!) [16836: 0.000] --> Caught signal 11 (at (nil), invalid address) <-- Segmentation fault
(In reply to comment #6) > So, changes from 2.28.6 -> 2.28.6.1 not help, here log of my client program: > > (***********): GLib-GObject-WARNING **: Two different plugins tried to register > 'GTlsBackendGnutls'. That means it's trying to load both the 2.28.6 plugin and the 2.28.6.1 plugin (and presumably the 2.28.6 one is winning).
Created attachment 190988 [details] [review] clean error GNUTLS_E_REHANDSHAKE while establish ssl-connection with client certificate Dear Dan, I find that problem in non-cleaning GNUTLS_E_REHANDSHAKE error. After applying attached patch my client program working well
Comment on attachment 190988 [details] [review] clean error GNUTLS_E_REHANDSHAKE while establish ssl-connection with client certificate Can anybody review this patch?
The patch looks basically right (although you need the same check in g_tls_connection_gnutls_write() too) but I'm not sure that's exactly how I want to fix it (since it means we're allocating and then immediately freeing an error for no reason). But I want to add some regression tests before changing this code again (since this bug is actually fallout from an earlier bugfix).
Pushed a slightly different patch, and added a test to tls/tests/tls.c (which ended up revealing a different bug in the server side of rehandshaking).