Thanks to visit codestin.com
Credit goes to github.com

Skip to content

send TLS alert before closing the socket, when OpenSSL is used and certificate verification fails #2910

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

send TLS alert before closing the socket, when OpenSSL is used and certificate verification fails #2910

wants to merge 3 commits into from

Conversation

@kazuho
Copy link
Member

@kazuho kazuho commented Dec 20, 2021

As stated in the old comment being removed in this PR, OpenSSL as of 1.1.0 emits TLS alert inside SSL_accept when handshake the handshake fails, and SSL_shutdown returns an error when being called afterwards.

Our fix (#1872) to this change of behavior has been to check if there's anything in the output buffer, when SSL_accept or SSL_connect returns an error. If there's something, we'd delay the invocation of on_handshake_complete until the output is written to the socket.

However, the fix did not cover the case when verify_result is not X509_V_OK. Hence the problem as stated in the title of this PR.

Whatever the fix is, it should use one approach for handling all handshake errors.

@kazuho kazuho mentioned this pull request Dec 20, 2021
Merged
@kazuho
Copy link
Member Author

kazuho commented Dec 20, 2021

There are two ways moving forward:

  • One is to always use the callback invocation pattern that's currently taken only when certificate verification fails. At the moment, that path fails, because when the user calls h2o_socket_close, invocation of SSL_shutdown returns an error and then the connection object is discarded without sending what's in the send buffer. Pros of this approach is that the code is concise, as we can get rid of the if that depends on the behavior of OpenSSL. The downside is that the state of st_h2o_socket_ssl_t would be different between OpenSSL versions (i.e., we'd be calling the handshake completion callback while there's something in the output buffer, if OpenSSL 1.1.0 or above is used). This PR adopts this approach.
  • The other is to always use the callback invocation path that's currently taken when TLS handshake fails due to reasons other than certificate verification error. The pros is that the internal state would be consistent. The downside is that the moment to extract X.509 error would be different between the OpenSSL versions, see send TLS alert before closing the socket, when OpenSSL is used and certificate verification fails (alternative to #2910) #2911.

@kazuho kazuho mentioned this pull request Dec 21, 2021
Merged
kazuho added a commit that referenced this pull request Jan 5, 2022
@kazuho
Merge pull request #2911 from h2o/kazuho/send-alert-on-client-cert-ve…
417923e 
…rify-error-take-2

send TLS alert before closing the socket, when OpenSSL is used and certificate verification fails (alternative to #2910)
@kazuho
Copy link
Member Author

kazuho commented Jan 5, 2022

Closing in favor of #2911.

@kazuho kazuho closed this Jan 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kazuho @robguima