should make tls more sane when the connection fails.
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@4411 fc73d0e0-1445-4013-8a0c-d673dee63da5
This commit is contained in:
parent
de000eb969
commit
b9292a9d42
1 changed files with 14 additions and 8 deletions
|
@ -79,6 +79,8 @@ typedef struct {
|
||||||
{
|
{
|
||||||
HS_ESTABLISHED,
|
HS_ESTABLISHED,
|
||||||
|
|
||||||
|
HS_ERROR,
|
||||||
|
|
||||||
HS_STARTCLIENT,
|
HS_STARTCLIENT,
|
||||||
HS_CLIENT,
|
HS_CLIENT,
|
||||||
|
|
||||||
|
@ -180,7 +182,7 @@ static void SSPI_Decode(sslfile_t *f)
|
||||||
{
|
{
|
||||||
if (ss == SEC_E_INCOMPLETE_MESSAGE)
|
if (ss == SEC_E_INCOMPLETE_MESSAGE)
|
||||||
return; //no error if its incomplete, we can just get more data later on.
|
return; //no error if its incomplete, we can just get more data later on.
|
||||||
SSPI_Error(f, "DecryptMessage failed");
|
SSPI_Error(f, "DecryptMessage failed\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -251,7 +253,7 @@ static void SSPI_Encode(sslfile_t *f)
|
||||||
|
|
||||||
if (ss < 0)
|
if (ss < 0)
|
||||||
{
|
{
|
||||||
SSPI_Error(f, "EncryptMessage failed");
|
SSPI_Error(f, "EncryptMessage failed\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -260,17 +262,17 @@ static void SSPI_Encode(sslfile_t *f)
|
||||||
//fixme: these should be made non-fatal.
|
//fixme: these should be made non-fatal.
|
||||||
if (SSPI_CopyIntoBuffer(&f->outcrypt, SecBuff[0].pvBuffer, SecBuff[0].cbBuffer) < SecBuff[0].cbBuffer)
|
if (SSPI_CopyIntoBuffer(&f->outcrypt, SecBuff[0].pvBuffer, SecBuff[0].cbBuffer) < SecBuff[0].cbBuffer)
|
||||||
{
|
{
|
||||||
SSPI_Error(f, "crypt buffer overflowed");
|
SSPI_Error(f, "crypt buffer overflowed\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (SSPI_CopyIntoBuffer(&f->outcrypt, SecBuff[1].pvBuffer, SecBuff[1].cbBuffer) < SecBuff[1].cbBuffer)
|
if (SSPI_CopyIntoBuffer(&f->outcrypt, SecBuff[1].pvBuffer, SecBuff[1].cbBuffer) < SecBuff[1].cbBuffer)
|
||||||
{
|
{
|
||||||
SSPI_Error(f, "crypt buffer overflowed");
|
SSPI_Error(f, "crypt buffer overflowed\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (SSPI_CopyIntoBuffer(&f->outcrypt, SecBuff[2].pvBuffer, SecBuff[2].cbBuffer) < SecBuff[2].cbBuffer)
|
if (SSPI_CopyIntoBuffer(&f->outcrypt, SecBuff[2].pvBuffer, SecBuff[2].cbBuffer) < SecBuff[2].cbBuffer)
|
||||||
{
|
{
|
||||||
SSPI_Error(f, "crypt buffer overflowed");
|
SSPI_Error(f, "crypt buffer overflowed\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -499,11 +501,15 @@ static void SSPI_Handshake (sslfile_t *f)
|
||||||
ss = secur.pQueryContextAttributesA(&f->sechnd, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &remotecert);
|
ss = secur.pQueryContextAttributesA(&f->sechnd, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &remotecert);
|
||||||
if (ss != SEC_E_OK)
|
if (ss != SEC_E_OK)
|
||||||
{
|
{
|
||||||
|
f->handshaking = HS_ERROR;
|
||||||
SSPI_Error(f, "unable to read server's certificate\n");
|
SSPI_Error(f, "unable to read server's certificate\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (VerifyServerCertificate(remotecert, f->wpeername, 0))
|
if (VerifyServerCertificate(remotecert, f->wpeername, 0))
|
||||||
SSPI_Error(f, "Error validating certificante");
|
{
|
||||||
|
f->handshaking = HS_ERROR;
|
||||||
|
SSPI_Error(f, "Error validating certificante\n");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
Sys_Printf("SSL/TLS Server name not specified, skipping verification\n");
|
Sys_Printf("SSL/TLS Server name not specified, skipping verification\n");
|
||||||
|
@ -562,12 +568,12 @@ static int QDECL SSPI_WriteBytes (struct vfsfile_s *file, const void *buffer, in
|
||||||
}
|
}
|
||||||
static qboolean QDECL SSPI_Seek (struct vfsfile_s *file, unsigned long pos)
|
static qboolean QDECL SSPI_Seek (struct vfsfile_s *file, unsigned long pos)
|
||||||
{
|
{
|
||||||
SSPI_Error((sslfile_t*)file, "unable to seek on streams");
|
SSPI_Error((sslfile_t*)file, "unable to seek on streams\n");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
static unsigned long QDECL SSPI_Tell (struct vfsfile_s *file)
|
static unsigned long QDECL SSPI_Tell (struct vfsfile_s *file)
|
||||||
{
|
{
|
||||||
SSPI_Error((sslfile_t*)file, "unable to seek on streams");
|
SSPI_Error((sslfile_t*)file, "unable to seek on streams\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
static unsigned long QDECL SSPI_GetLen (struct vfsfile_s *file)
|
static unsigned long QDECL SSPI_GetLen (struct vfsfile_s *file)
|
||||||
|
|
Loading…
Reference in a new issue