PATCH: gnutls GNUTLS_E_INTERRUPTED same behavior as GNUTLS_E_AGAIN

Thorsten Bonhagen Thorsten.Bonhagen at tbon.de
Wed Apr 27 04:11:53 PDT 2016 

Hi,

I think i fix some gnutls connection errors which can be handled but are 
terminating the whole session.
For some gnutls methods it is valid to retry last operation if 
GNUTLS_E_INTERRUPTED is set.
So i moved or add GNUTLS_E_INTERRUPTED to the non-fatal retry scenarios.
Maybe i do not find all possible cases to add GNUTLS_E_INTERRUPTED.
Please have a look to all cases of GNUTLS_E_AGAIN usages. It might be 
possible to add more GNUTLS_E_INTERRUPTED.

For me this works fine with a cisco asa.
Regards




Signed-off-by: Thorsten Bonhagen <Thorsten.Bonhagen at tbon.de>

Index: openconnect-7.06/gnutls.c
===================================================================
--- openconnect-7.06.orig/gnutls.c      2016-04-27 08:15:20.000000000 
+0200
+++ openconnect-7.06/gnutls.c   2016-04-27 12:06:56.687356837 +0200
@@ -121,7 +121,7 @@
         int done;

         while ((done = gnutls_record_recv(vpninfo->https_sess, buf, 
len)) < 0) {
-               if (done == GNUTLS_E_AGAIN) {
+               if (done == GNUTLS_E_AGAIN || done == 
GNUTLS_E_INTERRUPTED ) {
                         /* Wait for something to happen on the socket, 
or on cmd_fd */
                         fd_set wr_set, rd_set;
                         int maxfd = vpninfo->ssl_fd;
@@ -183,7 +183,7 @@
                                 buf[i] = 0;
                                 return i;
                         }
-               } else if (ret == GNUTLS_E_AGAIN) {
+               } else if (ret == GNUTLS_E_AGAIN || ret == 
GNUTLS_E_INTERRUPTED ) {
                         /* Wait for something to happen on the socket, 
or on cmd_fd */
                         fd_set rd_set, wr_set;
                         int maxfd = vpninfo->ssl_fd;
@@ -2251,7 +2251,7 @@
         ssl_sock = 
(intptr_t)gnutls_transport_get_ptr(vpninfo->https_sess);

         while ((err = gnutls_handshake(vpninfo->https_sess))) {
-               if (err == GNUTLS_E_AGAIN) {
+               if (err == GNUTLS_E_AGAIN || err == 
GNUTLS_E_INTERRUPTED) {
                         fd_set rd_set, wr_set;
                         int maxfd = ssl_sock;

@@ -2272,7 +2272,7 @@
                                 closesocket(ssl_sock);
                                 return -EINTR;
                         }
-               } else if (err == GNUTLS_E_INTERRUPTED || 
gnutls_error_is_fatal(err)) {
+               } else if (gnutls_error_is_fatal(err)) {
                         vpn_progress(vpninfo, PRG_ERR, _("SSL connection 
failure: %s\n"),
                                                          
gnutls_strerror(err));
                         gnutls_deinit(vpninfo->https_sess);

More information about the openconnect-devel mailing list