static void do_handle_error(liGnuTLSFilter *f, const char *gnutlsfunc, int r, gboolean writing) {
switch (r) {
case GNUTLS_E_AGAIN:
if (writing) f->write_wants_read = TRUE;
break;
case GNUTLS_E_REHANDSHAKE:
#ifdef HAVE_SAVE_RENEGOTIATION
if (f->initial_handshaked_finished && !gnutls_safe_renegotiation_status(f->session)) {
_ERROR(f->srv, f->wrk, f->log_context, "%s: client initiated unsafe renegotitation, closing connection", gnutlsfunc);
f_close_with_alert(f, r);
} else {
_DEBUG(f->srv, f->wrk, f->log_context, "%s: client initiated renegotitation", gnutlsfunc);
}
#else
if (f->initial_handshaked_finished) {
_ERROR(f->srv, f->wrk, f->log_context, "%s: client initiated renegotitation, closing connection", gnutlsfunc);
f_close_with_alert(f, r);
}
#endif
break;
case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
f_close_with_alert(f, r);
break;
case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
_DEBUG(f->srv, f->wrk, f->log_context, "%s (%s): %s", gnutlsfunc,
gnutls_strerror_name(r), gnutls_strerror(r));
f_close_with_alert(f, r);
break;
default:
if (gnutls_error_is_fatal(r)) {
_ERROR(f->srv, f->wrk, f->log_context, "%s (%s): %s", gnutlsfunc,
gnutls_strerror_name(r), gnutls_strerror(r));
if (f->initial_handshaked_finished) {
f_close_with_alert(f, r);
} else {
f_abort_gnutls(f);
}
} else {
_ERROR(f->srv, f->wrk, f->log_context, "%s non fatal (%s): %s", gnutlsfunc,
gnutls_strerror_name(r), gnutls_strerror(r));
}
}
}
static void do_handle_error(liGnuTLSFilter *f, const char *gnutlsfunc, int r, gboolean writing) {
switch (r) {
case GNUTLS_E_AGAIN:
if (writing) f->write_wants_read = TRUE;
return;
case GNUTLS_E_REHANDSHAKE:
#ifdef HAVE_SAVE_RENEGOTIATION
if (f->initial_handshaked_finished && !gnutls_safe_renegotiation_status(f->session)) {
_ERROR(f->srv, f->wrk, f->log_context, "%s: client initiated unsafe renegotitation, closing connection", gnutlsfunc);
f_close_with_alert(f, r);
} else {
_DEBUG(f->srv, f->wrk, f->log_context, "%s: client initiated renegotitation", gnutlsfunc);
}
#else
if (f->initial_handshaked_finished) {
_ERROR(f->srv, f->wrk, f->log_context, "%s: client initiated renegotitation, closing connection", gnutlsfunc);
f_close_with_alert(f, r);
}
#endif
return;
case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
f_close_with_alert(f, r);
return;
case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
_DEBUG(f->srv, f->wrk, f->log_context, "%s (%s): %s", gnutlsfunc,
gnutls_strerror_name(r), gnutls_strerror(r));
f_close_with_alert(f, r);
return;
case GNUTLS_E_FATAL_ALERT_RECEIVED:
case GNUTLS_E_WARNING_ALERT_RECEIVED:
{
gnutls_alert_description_t alert_desc = gnutls_alert_get(f->session);
const char* alert_desc_name = gnutls_alert_get_name(alert_desc);
_INFO(f->srv, f->wrk, f->log_context, "%s (%s): %s %s (%u)", gnutlsfunc,
gnutls_strerror_name(r), gnutls_strerror(r),
(NULL != alert_desc_name) ? alert_desc_name : "unknown alert",
(unsigned int) alert_desc);
}
/* error not handled yet: break instead of return */
break;
default:
if (gnutls_error_is_fatal(r)) {
_ERROR(f->srv, f->wrk, f->log_context, "%s (%s): %s", gnutlsfunc,
gnutls_strerror_name(r), gnutls_strerror(r));
} else {
_WARNING(f->srv, f->wrk, f->log_context, "%s non fatal (%s): %s", gnutlsfunc,
gnutls_strerror_name(r), gnutls_strerror(r));
}
/* error not handled yet: break instead of return */
break;
}
/* generic error handling */
if (gnutls_error_is_fatal(r)) {
if (f->initial_handshaked_finished) {
f_close_with_alert(f, r);
} else {
f_abort_gnutls(f);
}
}
}
