Hi,
I think i fix some gnutls connection errors which can be handled but are
terminating the whole session.
For some gnutls methods it is valid to retry last operation if
GNUTLS_E_INTERRUPTED is set.
So i moved or add GNUTLS_E_INTERRUPTED to the non-fatal retry scenarios.
Maybe i do not find all possible cases to add GNUTLS_E_INTERRUPTED.
Please have a look to all cases of GNUTLS_E_AGAIN usages. It might be
possible to add more GNUTLS_E_INTERRUPTED.
For me this works fine with a cisco asa.
Regards
Signed-off-by: Thorsten Bonhagen <Thorsten.Bonhagen at tbon.de>
Index: openconnect-7.06/gnutls.c
===================================================================
--- openconnect-7.06.orig/gnutls.c 2016-04-27 08:15:20.000000000
+0200
+++ openconnect-7.06/gnutls.c 2016-04-27 12:06:56.687356837 +0200
@@ -121,7 +121,7 @@
int done;
while ((done = gnutls_record_recv(vpninfo->https_sess, buf,
len)) < 0) {
- if (done == GNUTLS_E_AGAIN) {
+ if (done == GNUTLS_E_AGAIN || done ==
GNUTLS_E_INTERRUPTED ) {
/* Wait for something to happen on the socket,
or on cmd_fd */
fd_set wr_set, rd_set;
int maxfd = vpninfo->ssl_fd;
@@ -183,7 +183,7 @@
buf[i] = 0;
return i;
}
- } else if (ret == GNUTLS_E_AGAIN) {
+ } else if (ret == GNUTLS_E_AGAIN || ret ==
GNUTLS_E_INTERRUPTED ) {
/* Wait for something to happen on the socket,
or on cmd_fd */
fd_set rd_set, wr_set;
int maxfd = vpninfo->ssl_fd;
@@ -2251,7 +2251,7 @@
ssl_sock =
(intptr_t)gnutls_transport_get_ptr(vpninfo->https_sess);
while ((err = gnutls_handshake(vpninfo->https_sess))) {
- if (err == GNUTLS_E_AGAIN) {
+ if (err == GNUTLS_E_AGAIN || err ==
GNUTLS_E_INTERRUPTED) {
fd_set rd_set, wr_set;
int maxfd = ssl_sock;
@@ -2272,7 +2272,7 @@
closesocket(ssl_sock);
return -EINTR;
}
- } else if (err == GNUTLS_E_INTERRUPTED ||
gnutls_error_is_fatal(err)) {
+ } else if (gnutls_error_is_fatal(err)) {
vpn_progress(vpninfo, PRG_ERR, _("SSL connection
failure: %s\n"),
gnutls_strerror(err));
gnutls_deinit(vpninfo->https_sess);
