Changeset 543:40141acabee7 in freeDiameter
- Timestamp:
- Sep 14, 2010, 1:31:27 PM (14 years ago)
- Branch:
- default
- Phase:
- public
- Location:
- freeDiameter
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
freeDiameter/cnxctx.c
r542 r543 995 995 int fd_tls_verify_credentials(gnutls_session_t session, struct cnxctx * conn, int verbose) 996 996 { 997 int i ;997 int i, ret = 0; 998 998 unsigned int gtret; 999 999 const gnutls_datum_t *cert_list; … … 1176 1176 CHECK_GNUTLS_DO( gnutls_x509_crt_import (cert, &cert_list[i], GNUTLS_X509_FMT_DER), return EINVAL); 1177 1177 1178 /* When gnutls 2.10.1 is around, we should use gnutls_certificate_set_verify_function */1179 1180 1178 GNUTLS_TRACE( deadline = gnutls_x509_crt_get_expiration_time(cert) ); 1181 1179 if ((deadline != (time_t)-1) && (deadline < now)) { … … 1184 1182 fd_log_debug(" - The certificate %d in the chain is expired\n", i); 1185 1183 } 1186 ret urnEINVAL;1184 ret = EINVAL; 1187 1185 } 1188 1186 … … 1193 1191 fd_log_debug(" - The certificate %d in the chain is not yet activated\n", i); 1194 1192 } 1195 ret urnEINVAL;1193 ret = EINVAL; 1196 1194 } 1197 1195 … … 1202 1200 fd_log_debug(" - The certificate hostname does not match '%s'\n", conn->cc_tls_para.cn); 1203 1201 } 1204 ret urnEINVAL;1202 ret = EINVAL; 1205 1203 } 1206 1204 } … … 1209 1207 } 1210 1208 1211 return 0;1209 return ret; 1212 1210 } 1213 1211 … … 1256 1254 int ret; 1257 1255 1258 /* When gnutls 2.10.1 is around, we should use gnutls_certificate_set_verify_function */1256 /* When gnutls 2.10.1 is around, we should use gnutls_certificate_set_verify_function and fd_tls_verify_credentials, so that handshake fails directly. */ 1259 1257 1260 1258 CHECK_GNUTLS_DO( ret = gnutls_handshake(conn->cc_tls_para.session), … … 1279 1277 if (conn->cc_sctp_para.pairs > 1) { 1280 1278 #ifndef DISABLE_SCTP 1279 /* Start reading the messages from the master session. That way, if the remote peer closed, we are not stuck inside handshake */ 1280 CHECK_FCT(fd_sctps_startthreads(conn, 0)); 1281 1281 1282 /* Resume all additional sessions from the master one. */ 1282 1283 CHECK_FCT(fd_sctps_handshake_others(conn, priority, alt_creds)); 1283 1284 1284 1285 /* Start decrypting the messages from all threads and queuing them in target queue */ 1285 CHECK_FCT(fd_sctps_startthreads(conn ));1286 CHECK_FCT(fd_sctps_startthreads(conn, 1)); 1286 1287 #endif /* DISABLE_SCTP */ 1287 1288 } else { -
freeDiameter/cnxctx.h
r403 r543 128 128 int fd_sctps_init(struct cnxctx * conn); 129 129 int fd_sctps_handshake_others(struct cnxctx * conn, char * priority, void * alt_creds); 130 int fd_sctps_startthreads(struct cnxctx * conn );130 int fd_sctps_startthreads(struct cnxctx * conn, int others); 131 131 void fd_sctps_bye(struct cnxctx * conn); 132 132 void fd_sctps_waitthreadsterm(struct cnxctx * conn); -
freeDiameter/sctps.c
r455 r543 598 598 } 599 599 600 /* Receive messages from all stream pairs*/601 int fd_sctps_startthreads(struct cnxctx * conn )600 /* Receive messages from others ? all other stream pairs : the master pair */ 601 int fd_sctps_startthreads(struct cnxctx * conn, int others) 602 602 { 603 603 uint16_t i; … … 606 606 CHECK_PARAMS( conn && conn->cc_sctps_data.array ); 607 607 608 for (i = 0; i < conn->cc_sctp_para.pairs; i++) { 609 610 /* Start the decipher thread */ 611 CHECK_POSIX( pthread_create( &conn->cc_sctps_data.array[i].thr, NULL, decipher, &conn->cc_sctps_data.array[i] ) ); 608 if (others) { 609 for (i = 1; i < conn->cc_sctp_para.pairs; i++) { 610 611 /* Start the decipher thread */ 612 CHECK_POSIX( pthread_create( &conn->cc_sctps_data.array[i].thr, NULL, decipher, &conn->cc_sctps_data.array[i] ) ); 613 } 614 } else { 615 CHECK_POSIX( pthread_create( &conn->cc_sctps_data.array[0].thr, NULL, decipher, &conn->cc_sctps_data.array[0] ) ); 612 616 } 613 617 return 0;
Note: See TracChangeset
for help on using the changeset viewer.