openssl patch

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

openssl patch

Harley Swick
Hi there,

I've attached a small patch for the openssl egg that adds another error status.

This status is 'ssl-eof when the error is SSL_ERR_SYSCALL but the return code is zero.

According to the OpenSSL docs[1] under the BUGS section:

> The SSL_ERROR_SYSCALL eith errno value of 0 indicates unexpected EOF from the peer.
> This will be properly reported as SSL_ERROR_SSL with reason code
> SSL_R_UNEXPECTED_EOF_WHILE_READING in the OpenSSL 3.0 release because it is truly a
> TLS protocol error to terminate the connection without a SSL_shutdown().
>
> The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications which
> choose to ignore this protocol error depend on the existing way of reporting the error.

Basically this gives the user the option to treat it is as an !#eof instead of a fatal error.

I've been running into this issue while building a Gemini[2] client where there are a
plethora of servers written by hobbyists. Also, the protocol does not have a Content-Length header,
which means I can't avoid this issue by simply not reading past the end.

- Harley

[1] https://www.openssl.org/docs/man1.1.1/man3/SSL_get_error.html
[2] https://gemini.circumlunar.space/docs/specification.html

add_ssl_eof.diff (63K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: openssl patch

Vasilij Schneidermann-2
Hello Harley,

> I've attached a small patch for the openssl egg that adds another error status.

This isn't small due to what seems to be loads of whitespace changes.
Could you please fix those and resend the patch?

Vasilij

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: openssl patch

Harley Swick
Hi Vasilij,

> This isn't small due to what seems to be loads of whitespace changes.
> Could you please fix those and resend the patch?

My bad, looks like my emacs setup got a bit aggressive.

Now the patch is actually small.

Harley

add_ssl_eof.diff (730 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: openssl patch

Vasilij Schneidermann-2
Hello Harley,

> Now the patch is actually small.

Thank you very much, I've tested the patch and made a 2.0.7 release. It
should appear in your nearest egg mirror soon.

Vasilij

signature.asc (499 bytes) Download Attachment