OpenSSL returns 0 when the peer has closed the connection. GnuTLS
doesn't return that though, but returns
GNUTLS_E_UNEXPECTED_PACKET_LENGTH if the connection simply is closed
without a clean close notify packet.
Tested-by: Antti Seppälä <a.seppala@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
This definition is in two files, since the definitions will move
to the private header at the next bump.
Signed-off-by: Martin Storsjö <martin@martin.st>
TLSv1 is compatible with SSLv3, so this doesn't change much
in terms of compatibility. By explicitly using TLSv1, OpenSSL
sends the server name indication (SNI) header, which we
already set using SSL_set_tlsext_host_name (earlier, this
didn't have any effect).
SNI allows servers to serve SSL content for different host
names with separate certificates on one single port (vhosts).
Signed-off-by: Martin Storsjö <martin@martin.st>
The return value ret isn't an error code that can be passed
to ERR_error_string().
This makes the error messages printed actually contain useful
information.
Signed-off-by: Martin Storsjö <martin@martin.st>
Note, this protocol doesn't yet check verify the server
certificate against a local database of trusted CA root
certificates.
Signed-off-by: Martin Storsjö <martin@martin.st>
Martin Storsjö
Diego Biurrun
Anton Khirnov