diff -Naur libmicrohttpd/src/daemon/connection_https.c libmicrohttpd-modified/src/daemon/connection_https.c --- libmicrohttpd/src/daemon/connection_https.c 2011-08-09 07:58:52.000000000 +0200 +++ libmicrohttpd-modified/src/daemon/connection_https.c 2011-08-09 07:59:16.000000000 +0200 @@ -55,23 +55,35 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) { int ret; + int attempt_number = 0; connection->last_activity = time (NULL); if (connection->state == MHD_TLS_CONNECTION_INIT) { ret = gnutls_handshake (connection->tls_session); if (ret == GNUTLS_E_SUCCESS) - { - /* set connection state to enable HTTP processing */ - connection->state = MHD_CONNECTION_INIT; - return MHD_YES; - } - if ( (ret == GNUTLS_E_AGAIN) || - (ret == GNUTLS_E_INTERRUPTED) ) - { - /* handshake not done */ - return MHD_YES; - } + { + /* set connection state to enable HTTP processing */ + connection->state = MHD_CONNECTION_INIT; + return MHD_YES; + } + attempt_number = 0; + while ((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) + { + ret = gnutls_handshake(connection->tls_session); + attempt_number++; + if (attempt_number > MHD_MAX_TLS_HANDSHAKE_ATTEMPTS) + { + break; + } + } + if (ret != GNUTLS_E_SUCCESS) + { + gnutls_alert_send(connection->tls_session, GNUTLS_AL_FATAL, + gnutls_error_to_alert(GNUTLS_E_INTERNAL_ERROR, NULL)); + MHD_connection_close(connection, MHD_REQUEST_TERMINATED_WITH_ERROR); + return MHD_NO; + } /* handshake failed */ #if HAVE_MESSAGES MHD_DLOG (connection->daemon, diff -Naur libmicrohttpd/src/daemon/internal.h libmicrohttpd-modified/src/daemon/internal.h --- libmicrohttpd/src/daemon/internal.h 2011-08-09 07:58:52.000000000 +0200 +++ libmicrohttpd-modified/src/daemon/internal.h 2011-08-09 07:59:16.000000000 +0200 @@ -1039,5 +1039,6 @@ (element)->next = NULL; \ (element)->prev = NULL; } while (0) +#define MHD_MAX_TLS_HANDSHAKE_ATTEMPTS 128 #endif