pike.git
/
lib
/
modules
/
SSL.pmod
/
Connection.pike
version
»
Context lines:
10
20
40
80
file
none
3
pike.git/lib/modules/SSL.pmod/Connection.pike:767:
} } #ifdef SSL3_DEBUG else werror("SSL.Connection: Received warning alert %O\n", ALERT_descriptions[description]); #endif return 0; }
-
int handle_change_cipher(int c)
+
int
(-1..0)
handle_change_cipher(int c)
{ COND_FATAL(!expect_change_cipher || (c != 1), ALERT_unexpected_message, "Unexpected change cipher!\n"); if (sizeof(pending_read_state)) { SSL3_DEBUG_MSG("%O: Changing read state.\n", this); current_read_state = pending_read_state[0]; pending_read_state = pending_read_state[1..]; } else { error("No new read state pending!\n");
pike.git/lib/modules/SSL.pmod/Connection.pike:915:
//! The peer has sent an @[Alert] packet, and @[handle_alert()] //! for it has returned -1. //! @item //! The peer has sent an unsupported/illegal sequence of //! packets, in which case a suitable @[Alert] will have been //! generated and queued for sending to the peer. //! @endul //! @endmixed //! //! This function is intended to be called from an i/o read callback.
-
string(8bit)|int got_data(string(8bit) data)
+
string(8bit)|int
(-1..1)
got_data(string(8bit) data)
{ if (state & CONNECTION_peer_closed) { // The peer has closed the connection. return 1; } // If closing we continue to try to read a remote close message. // That enables the caller to check for a clean close, and // to get the leftovers after the SSL connection. session->last_activity = time(1);
pike.git/lib/modules/SSL.pmod/Connection.pike:968:
packet->content_type); switch (packet->content_type) { case PACKET_alert: { SSL3_DEBUG_MSG("SSL.Connection: ALERT\n"); COND_FATAL(!sizeof(packet->fragment), ALERT_unexpected_message, "Zero length Alert fragments not allowed.\n");
-
int err = 0;
+
int
(-1..1)
err = 0;
alert_buffer->add( packet->fragment ); while(!err && sizeof(alert_buffer)>1) err = handle_alert(alert_buffer->read(2)); if (err)
-
+
{
if (err > 0 && sizeof (res))
-
// If we get a close then we return the data we got so far.
+
{
+
// If we get a close then we return the data we got so
+
//
far.
state has CONNECTION_peer_closed at this point.
return res;
-
else
+
}
return err;
-
+
}
break; } case PACKET_change_cipher_spec: { SSL3_DEBUG_MSG("SSL.Connection: CHANGE_CIPHER_SPEC\n"); COND_FATAL(!sizeof(packet->fragment), ALERT_unexpected_message, "Zero length ChangeCipherSpec fragments not allowed.\n"); COND_FATAL(version >= PROTOCOL_TLS_1_3, ALERT_unexpected_message, "ChangeCipherSpec not allowed in TLS 1.3 and later.\n"); foreach(packet->fragment;; int c) {
-
int err = handle_change_cipher(c);
+
int
(-1..0)
err = handle_change_cipher(c);
SSL3_DEBUG_MSG("tried change_cipher: %d\n", err); if (err) return err; } break; } case PACKET_handshake: { SSL3_DEBUG_MSG("SSL.Connection: HANDSHAKE\n");
pike.git/lib/modules/SSL.pmod/Connection.pike:1028:
// effect is that renegotiation doesn't work all the time. // // A side effect is that we are partly invulnerable to the // renegotiation vulnerability mentioned above. It is however // not safe to assume that, since there might be routes past // this, maybe through the use of a version 2 hello message // below. COND_FATAL(expect_change_cipher && (version < PROTOCOL_TLS_1_3), ALERT_unexpected_message, "Expected change cipher.\n");
-
int err;
+
int
(-1..1)
err;
handshake_buffer->add( packet->fragment ); while (sizeof(handshake_buffer) >= 4) { Stdio.Buffer.RewindKey key = handshake_buffer->rewind_key(); int type = handshake_buffer->read_int8(); Buffer input = Buffer(handshake_buffer->read_hbuffer(3)); if(!input) { // Not enough data.