Re: Bug#797059: Info received (lynx cannot connect to https://contributors.debian.org)

[Simon Kainz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

tags 797059 + patch
severity 797059 important
thanks

Hello,

please see the attached patch, which adds support for rehandshaking.
This now allows access to http:/contributors.debian.org

Bye,

Simon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJV5WWRAAoJEBy08PeN7K/pxVwP/0J868l7afU3xV/ULrOBwyak
CLZZTAaDqVwGVzkVppZ86Y8/sVHtygJx6Fo7qXfnSUJMqTlZYK6T1bNgfiRffN+q
zfEb+FeERTDCI0EniVn57tyWi2VIprK5bnAy/a+cyCzqYvRDEjkKW7tcVYGzhomq
hnch4CIq/wDIpUrnBbCx0kSbZu0q/4KUBTFnTDCzkST09QJcxR/HzxiA5qT2Bp8g
sPOkt9DYM2BpMQQD6szjiEbHTCiHxjc3ikatOn1gxsNySFDNbn/k0H/HDkYDDtYU
XWZU5BL9jARlxRZ9L5jHvXXaMvYMtwVb6B4zmt3ZmCkQjxQ5AM3qo7DEObLQpq+E
8hrHmCKNI2kYmd8+qIHH3Cw66AnMNPzaSrgeQZ+NDK3HmgiFOHZbbEVsZ/dtFpol
ZG6XIMf0u2/oecx24aDLYB2tB3Mze8v02uwj8My+HkFrDCEaWQB7TZbsnJKuMPuf
IIxa8vS0U3SXLw4cDHBwELbdgUAZJcsZOjw6PSGpzZxJiqSjELJSIsgoU3aCSR2Y
SStNHrz6JIPcpE46jf8z4gwAkrqUxm04rN690KHeZgnihLPHk67Fy+5ciGNZWyvt
XBoggJV9G8nCXknTcttuY7HmQ/5Y5rFihA4jlHBkNkku5OZa6XnrD3fwFg38fsbJ
b2ILOxMQRZI+r/kUvRp+
=LHQ1
-----END PGP SIGNATURE-----

Description: Add support for GNUTLS rehandshake
Author: Simon Kainz <ska...@debian.org>
Bug-Debian: https://bugs.debian.org/797059

---
Origin: other
Bug-Debian: https://bugs.debian.org/797059
Forwarded: no

--- lynx-cur-2.8.9dev6.orig/WWW/Library/Implementation/tidy_tls.h
+++ lynx-cur-2.8.9dev6/WWW/Library/Implementation/tidy_tls.h
@@ -98,6 +98,9 @@ struct _SSL {
 
     gnutls_transport_ptr_t rfd;
     gnutls_transport_ptr_t wfd;
+    
+    void *sendbuffer;
+    int bytes_sent;
 };
 
 /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
--- lynx-cur-2.8.9dev6.orig/src/tidy_tls.c
+++ lynx-cur-2.8.9dev6/src/tidy_tls.c
@@ -530,7 +530,6 @@ SSL *SSL_new(SSL_CTX * ctx)
 {
     SSL *ssl;
     int rc;
-
     if ((ssl = typeCalloc(SSL)) != 0) {
 
 	rc = gnutls_certificate_allocate_credentials(&ssl->gnutls_cred);
@@ -564,6 +563,9 @@ SSL *SSL_new(SSL_CTX * ctx)
 	    ssl->wfd = (gnutls_transport_ptr_t) (-1);
 	}
     }
+    ssl->bytes_sent=0;
+    ssl->sendbuffer=0;
+
     return ssl;
 }
 
@@ -576,13 +578,22 @@ int SSL_read(SSL * ssl, void *buffer, in
     int rc;
 
     rc = gnutls_record_recv(ssl->gnutls_state, buffer, length);
-    ssl->last_error = rc;
 
+    if ( rc <0 && gnutls_error_is_fatal(rc) == 0) {
+      if (rc == GNUTLS_E_REHANDSHAKE ) {
+	rc=gnutls_handshake(ssl->gnutls_state);
+	gnutls_record_send(ssl->gnutls_state,ssl->sendbuffer,ssl->bytes_sent);
+	rc = gnutls_record_recv(ssl->gnutls_state, buffer, length);
+      }
+    }
+    
+    ssl->last_error = rc;
+    
     if (rc < 0) {
-	last_error = rc;
-	rc = 0;
+      last_error = rc;
+      rc = 0;
     }
-
+    
     return rc;
 }
 
@@ -611,6 +622,15 @@ int SSL_write(SSL * ssl, const void *buf
 	last_error = rc;
 	rc = 0;
     }
+    else {
+      if (ssl->sendbuffer)
+	{
+	  free(ssl->sendbuffer);
+	}
+         ssl->sendbuffer=malloc(rc);
+      ssl->bytes_sent=rc;
+    }
+    
 
     return rc;
 }