diff options
author | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2018-09-14 14:13:11 +0200 |
---|---|---|
committer | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2018-09-21 14:34:57 +0200 |
commit | 92de6df113ddce8b85758541f2a23c38a45dc365 (patch) | |
tree | 5cbf84032a7f55657ac1f9543f814fe171ffcbfa /modules/mbedtls | |
parent | 561a7772c628d0cf36bd925d68a98a767758345b (diff) |
Add checks for clean disconnect in HTTP/TCP/SSL.
Half-open TCP connection can, of course, only be detected by
writing the socket, or waiting for TCP timeout.
Diffstat (limited to 'modules/mbedtls')
-rwxr-xr-x | modules/mbedtls/stream_peer_mbed_tls.cpp | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/modules/mbedtls/stream_peer_mbed_tls.cpp b/modules/mbedtls/stream_peer_mbed_tls.cpp index 3c04254fd4..e0cd67a810 100755 --- a/modules/mbedtls/stream_peer_mbed_tls.cpp +++ b/modules/mbedtls/stream_peer_mbed_tls.cpp @@ -29,6 +29,7 @@ /*************************************************************************/ #include "stream_peer_mbed_tls.h" +#include "core/io/stream_peer_tcp.h" #include "core/os/file_access.h" #include "mbedtls/platform_util.h" @@ -98,12 +99,16 @@ Error StreamPeerMbedTLS::_do_handshake() { int ret = 0; while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + // An error occurred. ERR_PRINTS("TLS handshake error: " + itos(ret)); _print_error(ret); disconnect_from_stream(); status = STATUS_ERROR; return FAILED; - } else if (!blocking_handshake) { + } + + // Handshake is still in progress. + if (!blocking_handshake) { // Will retry via poll later return OK; } @@ -192,7 +197,12 @@ Error StreamPeerMbedTLS::put_partial_data(const uint8_t *p_data, int p_bytes, in int ret = mbedtls_ssl_write(&ssl, p_data, p_bytes); if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - ret = 0; // non blocking io + // Non blocking IO + ret = 0; + } else if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { + // Clean close + disconnect_from_stream(); + return ERR_FILE_EOF; } else if (ret <= 0) { _print_error(ret); disconnect_from_stream(); @@ -234,6 +244,10 @@ Error StreamPeerMbedTLS::get_partial_data(uint8_t *p_buffer, int p_bytes, int &r int ret = mbedtls_ssl_read(&ssl, p_buffer, p_bytes); if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { ret = 0; // non blocking io + } else if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { + // Clean close + disconnect_from_stream(); + return ERR_FILE_EOF; } else if (ret <= 0) { _print_error(ret); disconnect_from_stream(); @@ -256,9 +270,22 @@ void StreamPeerMbedTLS::poll() { int ret = mbedtls_ssl_read(&ssl, NULL, 0); - if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { + // Nothing to read/write (non blocking IO) + } else if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { + // Clean close (disconnect) + disconnect_from_stream(); + return; + } else if (ret < 0) { _print_error(ret); disconnect_from_stream(); + return; + } + + Ref<StreamPeerTCP> tcp = base; + if (tcp.is_valid() && tcp->get_status() != STATUS_CONNECTED) { + disconnect_from_stream(); + return; } } @@ -282,6 +309,12 @@ void StreamPeerMbedTLS::disconnect_from_stream() { if (status != STATUS_CONNECTED && status != STATUS_HANDSHAKING) return; + Ref<StreamPeerTCP> tcp = base; + if (tcp.is_valid() && tcp->get_status() == STATUS_CONNECTED) { + // We are still connected on the socket, try to send close notity. + mbedtls_ssl_close_notify(&ssl); + } + _cleanup(); } |