The race goes this way:
1. ssl_recv() succeeds (ie no signal received yet)
2. processing the message leads to aborting handshake with ret != 0
3. reset ret if we were signaled
4. print error if ret is still non-zero
5. go back to net_accept() which can be interrupted by a signal
We print the error message only if the signal is received between steps 3 and
5, not when it arrives between steps 1 and 3.
This can cause failures in ssl-opt.sh where we check for the presence of "Last
error was..." in the server's output: if we perform step 2, the client will be
notified and exit, then ssl-opt.sh will send SIGTERM to the server, but if it
didn't get a chance to run and pass step 3 in the meantime, we're in trouble.
The purpose of step 3 was to avoid spurious "Last error" messages in the
output so that ssl-opt.sh can check for a successful run by the absence of
that message. However, it is enough to suppress that message when the last
error we get is the one we expect from being interrupted by a signal - doing
more could hide real errors.
Also, improve the messages printed when interrupted to make it easier to
distinguish the two cases - this could be used in a testing script wanted to
check that the server doesn't see the client as disconnecting unexpectedly.
The warning was caused because of conversions from size_t to int, which
can cause data loss. The files affected are:
* ssl_client2.c
* ssl_server2.c
* ssl_mail_client.c
This commit adds four tests to tests/ssl-opt.sh:
(1) & (2): Check behaviour of optional/required verification when the
trusted CA chain is empty.
(3) & (4): Check behaviour of optional/required verification when the
client receives a server certificate with an unsupported curve.
* rich/platform:
modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
modify programs/*.c to use polarssl_snprintf
* rich/platform:
Remove dependency on sscanf in lib x509
Fix extra guard in memory_buffer_alloc
rebase from development
implemented macro overriding for polarssl_* library functions
fix bug introduced by the addition of snprintf and assert macro which caused tests to fail without polarssl_platform_c defined
add initial symbols to config and checks to check_config to allow use of macros to define standard functions
reformat and arrange additions to config alphabetically
add missing checks to check_config
add macro definition of assert using polarssl_exit
modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
add POLARSSL_PLATFORM_EXIT_ALT
modify scripts/* and tests/* to use polarssl_snprintf
modify programs/*.c to use polarssl_snprintf
modify library/debug.c to use polarssl_snprintf
modify library/x509*.c to use polarssl_snprintf
modify library/net.c to use polarssl_snprintf
modify oid.c to use polarssl_snprintf
add platform_set_snprintf
Conflicts:
library/memory_buffer_alloc.c
programs/pkey/pk_sign.c
programs/pkey/pk_verify.c
programs/pkey/rsa_sign_pss.c
programs/pkey/rsa_verify_pss.c
programs/ssl/ssl_client2.c
programs/ssl/ssl_pthread_server.c
programs/test/benchmark.c
programs/test/ssl_cert_test.c
Depending on timing we might get different errors (conn_reset, write failed)
and ignoring them all ends up being almost the same as just not checking
errors.
