diff options
author | Martin Thomson <martin.thomson@gmail.com> | 2018-04-06 09:11:29 +1000 |
---|---|---|
committer | Martin Thomson <martin.thomson@gmail.com> | 2018-04-06 09:11:29 +1000 |
commit | 48e80c2488cfc0155a602580b8b78c1abe886cfd (patch) | |
tree | 5d2442ca6b8adefd0e57ca6a7bde8bd4f2b3ee29 /lib | |
parent | 5915d6a6003db2873f036fe48c373bff2eca5440 (diff) | |
download | nss-hg-48e80c2488cfc0155a602580b8b78c1abe886cfd.tar.gz |
Bug 1423043 - Enable half-close, r?ttaubert
Summary:
TLS 1.3 explicitly changed to allow close_notify on one half of the
connection. Since SSL, an endpoint was required to send close_notify if it
received close_notify. The general agreement was that this was a silly
requirement and that we would remove it and allow one side of the connection to
be closed. This is critical for some protocols that are being moved to use
TLS.
NSS was almost perfect here. The only problem was that it suppressed the
second close_notify. I've added a test for that.
Reviewers: ttaubert
Bug #: 1423043
Differential Revision: https://phabricator.services.mozilla.com/D797
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/sslsecur.c | 23 |
1 files changed, 2 insertions, 21 deletions
diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c index d3424a7ad..b98969b95 100644 --- a/lib/ssl/sslsecur.c +++ b/lib/ssl/sslsecur.c @@ -685,23 +685,6 @@ ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa) } /* - * The TLS 1.2 RFC 5246, Section 7.2.1 says: - * - * Unless some other fatal alert has been transmitted, each party is - * required to send a close_notify alert before closing the write side - * of the connection. The other party MUST respond with a close_notify - * alert of its own and close down the connection immediately, - * discarding any pending writes. It is not required for the initiator - * of the close to wait for the responding close_notify alert before - * closing the read side of the connection. - * - * The second sentence requires that we send a close_notify alert when we - * have received a close_notify alert. In practice, all SSL implementations - * close the socket immediately after sending a close_notify alert (which is - * allowed by the third sentence), so responding with a close_notify alert - * would result in a write failure with the ECONNRESET error. This is why - * we don't respond with a close_notify alert. - * * Also, in the unlikely event that the TCP pipe is full and the peer stops * reading, the SSL3_SendAlert call in ssl_SecureClose and ssl_SecureShutdown * may block indefinitely in blocking mode, and may fail (without retrying) @@ -714,8 +697,7 @@ ssl_SecureClose(sslSocket *ss) int rv; if (!(ss->shutdownHow & ssl_SHUTDOWN_SEND) && - ss->firstHsDone && - !ss->recvdCloseNotify) { + ss->firstHsDone) { /* We don't want the final alert to be Nagle delayed. */ if (!ss->delayDisabled) { @@ -744,8 +726,7 @@ ssl_SecureShutdown(sslSocket *ss, int nsprHow) if ((sslHow & ssl_SHUTDOWN_SEND) != 0 && !(ss->shutdownHow & ssl_SHUTDOWN_SEND) && - ss->firstHsDone && - !ss->recvdCloseNotify) { + ss->firstHsDone) { (void)SSL3_SendAlert(ss, alert_warning, close_notify); } |