mirror of
https://github.com/curl/curl.git
synced 2024-12-27 06:59:43 +08:00
mbedtls: send close-notify on close
- send the TLS close notify message when cloding down the mbedtls connection filter - this is a "least" effort version and, as other TLS filters, is lacking a graceful send/receive/timeout for a really clean shutdown. Closes #13745
This commit is contained in:
Stefan Eissing
Daniel Stenberg
parent
0c4b4c1e93
commit
1c4813c769
@ -110,6 +110,7 @@ struct mbed_ssl_backend_data {
|
||||
const char *protocols[3];
|
||||
#endif
|
||||
int *ciphersuites;
|
||||
BIT(initialized); /* mbedtls_ssl_context is initialized */
|
||||
};
|
||||
|
||||
/* apply threading? */
|
||||
@ -504,6 +505,7 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
|
||||
char errorbuf[128];
|
||||
|
||||
DEBUGASSERT(backend);
|
||||
DEBUGASSERT(!backend->initialized);
|
||||
|
||||
if((conn_config->version == CURL_SSLVERSION_SSLv2) ||
|
||||
(conn_config->version == CURL_SSLVERSION_SSLv3)) {
|
||||
@ -739,6 +741,7 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
|
||||
}
|
||||
|
||||
mbedtls_ssl_init(&backend->ssl);
|
||||
backend->initialized = TRUE;
|
||||
|
||||
/* new profile with RSA min key len = 1024 ... */
|
||||
mbedtls_ssl_conf_cert_profile(&backend->config,
|
||||
@ -1164,28 +1167,34 @@ static void mbedtls_close(struct Curl_cfilter *cf, struct Curl_easy *data)
|
||||
struct ssl_connect_data *connssl = cf->ctx;
|
||||
struct mbed_ssl_backend_data *backend =
|
||||
(struct mbed_ssl_backend_data *)connssl->backend;
|
||||
char buf[32];
|
||||
|
||||
(void)data;
|
||||
DEBUGASSERT(backend);
|
||||
if(backend->initialized) {
|
||||
char buf[32];
|
||||
int ret;
|
||||
|
||||
/* Maybe the server has already sent a close notify alert.
|
||||
Read it to avoid an RST on the TCP connection. */
|
||||
(void)mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf, sizeof(buf));
|
||||
/* Maybe the server has already sent a close notify alert.
|
||||
Read it to avoid an RST on the TCP connection. */
|
||||
(void)mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf, sizeof(buf));
|
||||
ret = mbedtls_ssl_close_notify(&backend->ssl);
|
||||
CURL_TRC_CF(data, cf, "close_notify() -> %x", ret);
|
||||
|
||||
mbedtls_pk_free(&backend->pk);
|
||||
mbedtls_x509_crt_free(&backend->clicert);
|
||||
mbedtls_x509_crt_free(&backend->cacert);
|
||||
mbedtls_pk_free(&backend->pk);
|
||||
mbedtls_x509_crt_free(&backend->clicert);
|
||||
mbedtls_x509_crt_free(&backend->cacert);
|
||||
#ifdef MBEDTLS_X509_CRL_PARSE_C
|
||||
mbedtls_x509_crl_free(&backend->crl);
|
||||
mbedtls_x509_crl_free(&backend->crl);
|
||||
#endif
|
||||
Curl_safefree(backend->ciphersuites);
|
||||
mbedtls_ssl_config_free(&backend->config);
|
||||
mbedtls_ssl_free(&backend->ssl);
|
||||
mbedtls_ctr_drbg_free(&backend->ctr_drbg);
|
||||
Curl_safefree(backend->ciphersuites);
|
||||
mbedtls_ssl_config_free(&backend->config);
|
||||
mbedtls_ssl_free(&backend->ssl);
|
||||
mbedtls_ctr_drbg_free(&backend->ctr_drbg);
|
||||
#ifndef THREADING_SUPPORT
|
||||
mbedtls_entropy_free(&backend->entropy);
|
||||
mbedtls_entropy_free(&backend->entropy);
|
||||
#endif /* THREADING_SUPPORT */
|
||||
backend->initialized = FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
static ssize_t mbed_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user