Bug#638595: WWWOFFLE HTTPS now unusable

Andrew M. Bishop amb at gedanken.demon.co.uk
Mon Aug 29 17:48:38 CEST 2011 

jidanni at jidanni.org writes:

> reopen 638595
> thanks
>>>>>> "AM" == Andreas Metzler <ametzler at downhill.at.eu.org> writes:
> AM> it seems to fix the issue for me, the minimal testcase (lynx -dump
> AM> https://localhost:8443/) now works.
> Did you try the test cases I listed?
> No.

I don't know why the problem occurs now and not before but I don't
think that this part of it is a gnutls bug (although it may be a
change in gnutls behaviour that WWWOFFLE doesn't handle well).

The problem that you are having seems to be that one chunk of data
from gnutls_record_recv() uncompresses into much more data than the
output buffer can hold.  This means that there is still lots of
uncompressed raw data from the socket left over.  This patch for
WWWOFFLE tries to empty the existing socket buffer before requesting
more (otherwise you end up requesting data after the last packet and
gnutls gives an error).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: io.c.diff
Type: text/x-diff
Size: 4103 bytes
Desc: not available
URL: </pipermail/attachments/20110829/19e4bbef/attachment.diff>
-------------- next part --------------


As a side-note to the gnutls thing I found that this change in
WWWOFFLE worked around the problem that we had instead of changing
libgnutls.  I can't be sure that it does the same thing though because
my test showed that calling gnutls_x509_crt_deinit() was safe so it
might be that we don't now free the crt when we finish.

-------------------- certificates.c.diff --------------------
--- certificates.c	(revision 2160)
+++ certificates.c	(revision 2161)
@@ -559,6 +559,8 @@
  if(!initialised)
     return;
 
+ gnutls_certificate_free_keys(cred);
+
  gnutls_certificate_free_credentials(cred);
 }
 
@@ -918,12 +920,6 @@
  free(keyfilename);
  free(crtfilename);
 
- if(crt)
-    gnutls_x509_crt_deinit(crt);
-
- if(privkey)
-    gnutls_x509_privkey_deinit(privkey);
-
  return(cred);
 }
 
-------------------- certificates.c.diff --------------------

-- 
Andrew.
----------------------------------------------------------------------
Andrew M. Bishop                             amb at gedanken.demon.co.uk
                                      http://www.gedanken.demon.co.uk/

WWWOFFLE users page:
        http://www.gedanken.demon.co.uk/wwwoffle/version-2.9/user.html

More information about the Gnutls-devel mailing list