From 7488ef296015f3a1b90f9743903221e154d339cf Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Wed, 17 Mar 2021 21:27:12 -0700 Subject: [PATCH] rustls: Handle close_notify. If we get a close_notify, treat that as EOF. If we get an EOF from the TCP stream, treat that as an error (because we should have ended the connection earlier, when we got a close_notify). Closes #6763 --- lib/vtls/rustls.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c index 3b7bc3afb..e4f589de5 100644 --- a/lib/vtls/rustls.c +++ b/lib/vtls/rustls.c @@ -112,7 +112,7 @@ cr_recv(struct Curl_easy *data, int sockindex, tls_bytes_read = sread(sockfd, backend->tlsbuf, TLSBUF_SIZE); if(tls_bytes_read == 0) { - failf(data, "EOF in sread"); + failf(data, "connection closed without TLS close_notify alert"); *err = CURLE_READ_ERROR; return -1; } @@ -163,7 +163,11 @@ cr_recv(struct Curl_easy *data, int sockindex, (uint8_t *)plainbuf + plain_bytes_copied, plainlen - plain_bytes_copied, &n); - if(rresult != RUSTLS_RESULT_OK) { + if(rresult == RUSTLS_RESULT_ALERT_CLOSE_NOTIFY) { + *err = CURLE_OK; + return 0; + } + else if(rresult != RUSTLS_RESULT_OK) { failf(data, "error in rustls_client_session_read"); *err = CURLE_READ_ERROR; return -1;