X-Git-Url: https://pd.if.org/git/?a=blobdiff_plain;f=crypto%2Ftlse.c;h=233fe26d9c410e04a9771f888b2b2443c41b9cc0;hb=a639d5e86bfa941153e214dc0c44d780072769ea;hp=5f5f04790d083477c6a34b6ee2522d59549a778b;hpb=66bc25938679f1d6a1d1200f329093d82a5e99b4;p=zpackage

diff --git a/crypto/tlse.c b/crypto/tlse.c
index 5f5f047..233fe26 100644
--- a/crypto/tlse.c
+++ b/crypto/tlse.c
@@ -61,6 +61,8 @@
 
 #define CHECK_HANDSHAKE_STATE(context, n, limit)  { if (context->hs_messages[n] >= limit) { DEBUG_PRINT("* UNEXPECTED MESSAGE (%i)\n", (int)n); payload_res = TLS_UNEXPECTED_MESSAGE; break; } context->hs_messages[n]++; }
 
+//#define MARK fprintf(stderr, "%s %s:%d\n", __FILE__, __func__, __LINE__)
+#define MARK
 typedef enum {
 	KEA_dhe_dss,
 	KEA_dhe_rsa,
@@ -2441,16 +2443,7 @@ int tls_random(unsigned char *key, int len) {
 }
 
 int tls_established(struct TLSContext *context) {
-	if (context) {
-		if (context->critical_error) {
-			return -1;
-		}
-
-		if (context->connection_status == TLS_CONNECTED) {
-			return 1;
-		}
-	}
-	return 0;
+	return context && context->connection_status == TLS_CONNECTED;
 }
 
 void tls_read_clear(struct TLSContext *context) {
@@ -5162,6 +5155,12 @@ int _private_asn1_parse(struct TLSContext *context,
 		pos += length;
 	}
 
+	if (cert_len && cert_data) {
+		int h = find_hash("sha256");
+		size_t len = sizeof cert->fp;
+		hash_memory(h, cert_data,cert_len, cert->fp, &len);
+	}
+
 	if (level == 2 && cert->sign_key && cert->sign_len
 	    && cert_len && cert_data) {
 		free(cert->fingerprint);
@@ -5561,21 +5560,35 @@ int tls_connect(struct TLSContext *context) {
 	int res;
 	ssize_t read_size;
 
-	if (!context || context->fd <= 0 || context->critical_error) {
+	MARK;
+	if (!context || context->fd < 0 || context->critical_error) {
+		if (!context) {
+			MARK;
+		} else if (context->fd < 0) {
+			MARK;
+		} else {
+			MARK;
+		}
+			
 		return TLS_GENERIC_ERROR;
 	}
 
+	MARK;
 	if (context->is_server) {
 		return TLS_UNEXPECTED_MESSAGE;
 	}
+	MARK;
 
 	res = tls_queue_packet(tls_build_client_hello(context));
 
+	MARK;
 	if (res < 0) {
 		return res;
 	}
 
+	MARK;
 	res = tls_fsync(context);
+	MARK;
 	if (res < 0) {
 		return res;
 	}
@@ -5587,13 +5600,18 @@ int tls_connect(struct TLSContext *context) {
 				return res;
 			}
 		}
+	MARK;
 		if (tls_established(context)) {
 			return 1;
 		}
+	MARK;
 		if (context->critical_error) {
+			fprintf(stderr, "critical error: %d\n",
+					context->critical_error);
 			return TLS_GENERIC_ERROR;
 		}
 	}
+	MARK;
 	return read_size;
 }
 
@@ -5671,7 +5689,7 @@ ssize_t tls_read(struct TLSContext *context, void *buf, size_t count) {
 		return TLS_GENERIC_ERROR;
 	}
 
-	if (tls_established(context) != 1) {
+	if (!tls_established(context)) {
 		return TLS_GENERIC_ERROR;
 	}