1
0
Fork 0
forked from fte/fteqw

should make tls more sane when the connection fails.

git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@4411 fc73d0e0-1445-4013-8a0c-d673dee63da5
This commit is contained in:
Spoike 2013-06-26 03:41:29 +00:00
parent de000eb969
commit b9292a9d42

View file

@ -79,6 +79,8 @@ typedef struct {
{ {
HS_ESTABLISHED, HS_ESTABLISHED,
HS_ERROR,
HS_STARTCLIENT, HS_STARTCLIENT,
HS_CLIENT, HS_CLIENT,
@ -180,7 +182,7 @@ static void SSPI_Decode(sslfile_t *f)
{ {
if (ss == SEC_E_INCOMPLETE_MESSAGE) if (ss == SEC_E_INCOMPLETE_MESSAGE)
return; //no error if its incomplete, we can just get more data later on. return; //no error if its incomplete, we can just get more data later on.
SSPI_Error(f, "DecryptMessage failed"); SSPI_Error(f, "DecryptMessage failed\n");
return; return;
} }
@ -251,7 +253,7 @@ static void SSPI_Encode(sslfile_t *f)
if (ss < 0) if (ss < 0)
{ {
SSPI_Error(f, "EncryptMessage failed"); SSPI_Error(f, "EncryptMessage failed\n");
return; return;
} }
@ -260,17 +262,17 @@ static void SSPI_Encode(sslfile_t *f)
//fixme: these should be made non-fatal. //fixme: these should be made non-fatal.
if (SSPI_CopyIntoBuffer(&f->outcrypt, SecBuff[0].pvBuffer, SecBuff[0].cbBuffer) < SecBuff[0].cbBuffer) if (SSPI_CopyIntoBuffer(&f->outcrypt, SecBuff[0].pvBuffer, SecBuff[0].cbBuffer) < SecBuff[0].cbBuffer)
{ {
SSPI_Error(f, "crypt buffer overflowed"); SSPI_Error(f, "crypt buffer overflowed\n");
return; return;
} }
if (SSPI_CopyIntoBuffer(&f->outcrypt, SecBuff[1].pvBuffer, SecBuff[1].cbBuffer) < SecBuff[1].cbBuffer) if (SSPI_CopyIntoBuffer(&f->outcrypt, SecBuff[1].pvBuffer, SecBuff[1].cbBuffer) < SecBuff[1].cbBuffer)
{ {
SSPI_Error(f, "crypt buffer overflowed"); SSPI_Error(f, "crypt buffer overflowed\n");
return; return;
} }
if (SSPI_CopyIntoBuffer(&f->outcrypt, SecBuff[2].pvBuffer, SecBuff[2].cbBuffer) < SecBuff[2].cbBuffer) if (SSPI_CopyIntoBuffer(&f->outcrypt, SecBuff[2].pvBuffer, SecBuff[2].cbBuffer) < SecBuff[2].cbBuffer)
{ {
SSPI_Error(f, "crypt buffer overflowed"); SSPI_Error(f, "crypt buffer overflowed\n");
return; return;
} }
@ -499,11 +501,15 @@ static void SSPI_Handshake (sslfile_t *f)
ss = secur.pQueryContextAttributesA(&f->sechnd, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &remotecert); ss = secur.pQueryContextAttributesA(&f->sechnd, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &remotecert);
if (ss != SEC_E_OK) if (ss != SEC_E_OK)
{ {
f->handshaking = HS_ERROR;
SSPI_Error(f, "unable to read server's certificate\n"); SSPI_Error(f, "unable to read server's certificate\n");
return; return;
} }
if (VerifyServerCertificate(remotecert, f->wpeername, 0)) if (VerifyServerCertificate(remotecert, f->wpeername, 0))
SSPI_Error(f, "Error validating certificante"); {
f->handshaking = HS_ERROR;
SSPI_Error(f, "Error validating certificante\n");
}
} }
else else
Sys_Printf("SSL/TLS Server name not specified, skipping verification\n"); Sys_Printf("SSL/TLS Server name not specified, skipping verification\n");
@ -562,12 +568,12 @@ static int QDECL SSPI_WriteBytes (struct vfsfile_s *file, const void *buffer, in
} }
static qboolean QDECL SSPI_Seek (struct vfsfile_s *file, unsigned long pos) static qboolean QDECL SSPI_Seek (struct vfsfile_s *file, unsigned long pos)
{ {
SSPI_Error((sslfile_t*)file, "unable to seek on streams"); SSPI_Error((sslfile_t*)file, "unable to seek on streams\n");
return false; return false;
} }
static unsigned long QDECL SSPI_Tell (struct vfsfile_s *file) static unsigned long QDECL SSPI_Tell (struct vfsfile_s *file)
{ {
SSPI_Error((sslfile_t*)file, "unable to seek on streams"); SSPI_Error((sslfile_t*)file, "unable to seek on streams\n");
return 0; return 0;
} }
static unsigned long QDECL SSPI_GetLen (struct vfsfile_s *file) static unsigned long QDECL SSPI_GetLen (struct vfsfile_s *file)