pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:920:    // to get the leftovers after the SSL connection.       read_buffer->add(data);    Stdio.Buffer.RewindKey read_buffer_key = read_buffer->rewind_key();       string(8bit) res = "";    Packet packet;    while (packet = recv_packet())    {    if (packet->is_alert) -  { /* Reply alert */ +  { +  // recv_packet returns packets with is_alert set if it is +  // generated on our side, as opposed to an alert that is +  // received. These are always fatal (wrong packet type, packet +  // version, packet size).    SSL3_DEBUG_MSG("SSL.Connection: Bad received packet\n");    if (alert_callback)    {    Stdio.Buffer.RewindKey here = read_buffer->rewind_key();    read_buffer_key->rewind();    alert_callback(packet, current_read_state->seq_num,    (string)read_buffer);    here->rewind();    } -  +  +  // We or the packet may have been destructed by the +  // alert_callback.    if (this && packet)    send_packet(packet); -  if ((!packet) || (!this) || (packet->level == ALERT_fatal)) +     return -1; -  if (alert_callback) -  break; +     } -  else -  { +     SSL3_DEBUG_MSG("SSL.Connection: received packet of type %d\n",    packet->content_type);    switch (packet->content_type)    {    case PACKET_alert:    {    SSL3_DEBUG_MSG("SSL.Connection: ALERT\n");       COND_FATAL(!sizeof(packet->fragment), ALERT_unexpected_message,    "Zero length Alert fragments not allowed.\n");
pike.git/lib/modules/SSL.pmod/Connection.pike:1081:    // RFC 6520.    SSL3_DEBUG_MSG("SSL.Connection: Heartbeat.\n");    if (state != CONNECTION_ready) {    // RFC 6520 3:    // The receiving peer SHOULD discard the message silently,    // if it arrives during the handshake.    break;    }    if (!session->heartbeat_mode) {    // RFC 6520 2: -  // If an endpoint that has indicated peer_not_allowed_to_send -  // receives a HeartbeatRequest message, the endpoint SHOULD -  // drop the message silently and MAY send an unexpected_message -  // Alert message. +  // If an endpoint that has indicated +  // peer_not_allowed_to_send receives a HeartbeatRequest +  // message, the endpoint SHOULD drop the message silently +  // and MAY send an unexpected_message Alert message.    send_packet(alert(ALERT_warning, ALERT_unexpected_message,    "Heart beat mode not enabled.\n"));    break;    }       mixed exception = catch {    handle_heartbeat(packet->fragment);    };    if( exception )    {
pike.git/lib/modules/SSL.pmod/Connection.pike:1118:    "Unexpected message during handshake!\n");       // RFC 4346 6:    // If a TLS implementation receives a record type it does not    // understand, it SHOULD just ignore it.    SSL3_DEBUG_MSG("SSL.Connection: Ignoring packet of type %s\n",    fmt_constant(packet->content_type, "PACKET"));    break;    }    } -  } +        if (sizeof(res)) return res;    if (state & CONNECTION_peer_closed) return 1;    return "";   }