mirror of
https://github.com/curl/curl.git
synced 2025-01-12 13:55:11 +08:00
mbedtls: send close-notify on close
- send the TLS close notify message when cloding down the mbedtls connection filter - this is a "least" effort version and, as other TLS filters, is lacking a graceful send/receive/timeout for a really clean shutdown. Closes #13745
This commit is contained in:
parent
0c4b4c1e93
commit
1c4813c769
@ -110,6 +110,7 @@ struct mbed_ssl_backend_data {
|
|||||||
const char *protocols[3];
|
const char *protocols[3];
|
||||||
#endif
|
#endif
|
||||||
int *ciphersuites;
|
int *ciphersuites;
|
||||||
|
BIT(initialized); /* mbedtls_ssl_context is initialized */
|
||||||
};
|
};
|
||||||
|
|
||||||
/* apply threading? */
|
/* apply threading? */
|
||||||
@ -504,6 +505,7 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
|
|||||||
char errorbuf[128];
|
char errorbuf[128];
|
||||||
|
|
||||||
DEBUGASSERT(backend);
|
DEBUGASSERT(backend);
|
||||||
|
DEBUGASSERT(!backend->initialized);
|
||||||
|
|
||||||
if((conn_config->version == CURL_SSLVERSION_SSLv2) ||
|
if((conn_config->version == CURL_SSLVERSION_SSLv2) ||
|
||||||
(conn_config->version == CURL_SSLVERSION_SSLv3)) {
|
(conn_config->version == CURL_SSLVERSION_SSLv3)) {
|
||||||
@ -739,6 +741,7 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
|
|||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_ssl_init(&backend->ssl);
|
mbedtls_ssl_init(&backend->ssl);
|
||||||
|
backend->initialized = TRUE;
|
||||||
|
|
||||||
/* new profile with RSA min key len = 1024 ... */
|
/* new profile with RSA min key len = 1024 ... */
|
||||||
mbedtls_ssl_conf_cert_profile(&backend->config,
|
mbedtls_ssl_conf_cert_profile(&backend->config,
|
||||||
@ -1164,14 +1167,18 @@ static void mbedtls_close(struct Curl_cfilter *cf, struct Curl_easy *data)
|
|||||||
struct ssl_connect_data *connssl = cf->ctx;
|
struct ssl_connect_data *connssl = cf->ctx;
|
||||||
struct mbed_ssl_backend_data *backend =
|
struct mbed_ssl_backend_data *backend =
|
||||||
(struct mbed_ssl_backend_data *)connssl->backend;
|
(struct mbed_ssl_backend_data *)connssl->backend;
|
||||||
char buf[32];
|
|
||||||
|
|
||||||
(void)data;
|
(void)data;
|
||||||
DEBUGASSERT(backend);
|
DEBUGASSERT(backend);
|
||||||
|
if(backend->initialized) {
|
||||||
|
char buf[32];
|
||||||
|
int ret;
|
||||||
|
|
||||||
/* Maybe the server has already sent a close notify alert.
|
/* Maybe the server has already sent a close notify alert.
|
||||||
Read it to avoid an RST on the TCP connection. */
|
Read it to avoid an RST on the TCP connection. */
|
||||||
(void)mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf, sizeof(buf));
|
(void)mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf, sizeof(buf));
|
||||||
|
ret = mbedtls_ssl_close_notify(&backend->ssl);
|
||||||
|
CURL_TRC_CF(data, cf, "close_notify() -> %x", ret);
|
||||||
|
|
||||||
mbedtls_pk_free(&backend->pk);
|
mbedtls_pk_free(&backend->pk);
|
||||||
mbedtls_x509_crt_free(&backend->clicert);
|
mbedtls_x509_crt_free(&backend->clicert);
|
||||||
@ -1186,6 +1193,8 @@ static void mbedtls_close(struct Curl_cfilter *cf, struct Curl_easy *data)
|
|||||||
#ifndef THREADING_SUPPORT
|
#ifndef THREADING_SUPPORT
|
||||||
mbedtls_entropy_free(&backend->entropy);
|
mbedtls_entropy_free(&backend->entropy);
|
||||||
#endif /* THREADING_SUPPORT */
|
#endif /* THREADING_SUPPORT */
|
||||||
|
backend->initialized = FALSE;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static ssize_t mbed_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
|
static ssize_t mbed_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
|
||||||
|
Loading…
Reference in New Issue
Block a user