Skip to content

tls-gnutls.c: Handle rehandshake error in _httpTLSRead#1508

Open
zdohnal wants to merge 2 commits intoOpenPrinting:masterfrom
zdohnal:gnutls-rehandshake-handle
Open

tls-gnutls.c: Handle rehandshake error in _httpTLSRead#1508
zdohnal wants to merge 2 commits intoOpenPrinting:masterfrom
zdohnal:gnutls-rehandshake-handle

Conversation

@zdohnal
Copy link
Member

@zdohnal zdohnal commented Mar 5, 2026

(follows #1507 )

During the review of #1507 I was told there is gnutls error which would be great to handle it separately - GNUTLS_E_REHANDSHAKE - when receiving data.

There are several ways how to handle this based on which side the HTTP library is used on:

In case of a client, this message may be simply ignored, replied with an alert GNUTLS_A_NO_RENEGOTIATION , or replied with a new handshake, depending on the client’s will. A server receiving this error code can only initiate a new handshake or terminate the session.

The MR ignores the error on client side and terminates connection on server side.

@zdohnal
tls-gnutls.c: Do not check for errno after I/O operations
56d1242 
Based on gnutls_record_send/recv man pages, we should use the return
value of the functions as indicator what happened in the function and do
not look into errno at all.

Checking the errno value caused infinity loop in cupsd on busy servers
if there were enough connection errors when cupsd wrote the response.

The patch is provided by Paul Zirnik from SUSE - thank you for the
patch!

Fixes OpenPrinting#827
@zdohnal zdohnal requested a review from michaelrsweet March 5, 2026 13:29
@zdohnal
Copy link
Member Author

zdohnal commented Mar 5, 2026

i see there is error - Looking into it.

@zdohnal
tls-gnutls.c: Handle rehandshake error in _httpTLSRead
eebaba1 
Per GNUTLS manual, `gnutls_record_recv()` can get GNUTLS_E_REHANDSHAKE
and if it is HTTP client, we should not close the connection and ignore
the error. The server can terminate the connection as before.
@zdohnal zdohnal force-pushed the gnutls-rehandshake-handle branch from e256cb2 to eebaba1 Compare March 5, 2026 13:33
@zdohnal
Copy link
Member Author

zdohnal commented Mar 5, 2026

The openssl job failure is due #1450 .

@zdohnal
Copy link
Member Author

zdohnal commented Mar 5, 2026

If the MR is okay to include, I will rebase the MR to include #1507 once that MR is merged.

michaelrsweet
michaelrsweet requested changes Mar 5, 2026
View reviewed changes
Copy link
Member

@michaelrsweet michaelrsweet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's minimize the changes - I'd prefer to see just the additional re-handshake logic being applied in the read function, without the stylistic refactoring.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michaelrsweet michaelrsweet michaelrsweet requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zdohnal @michaelrsweet