TODO: Schannel: 'Add option to allow abrupt server closure'

We should offer an option to allow abrupt server closures (server closes
SSL transfer without sending a known termination point such as length of
transfer or close_notify alert). Abrupt server closures are usually
because of misconfigured or very old servers.

Closes https://github.com/curl/curl/issues/4427

diff --git a/docs/TODO b/docs/TODO
index bdf6a87b5d89b15fd660e80a71eb08d81f11704b..d1a3a75ecdf25a114fa0610be7db7c5c8ecf80c1 100644 (file)
--- a/docs/TODO
+++ b/docs/TODO
@@ -123,6 +123,7 @@
  15.1 Extend support for client certificate authentication
  15.2 Extend support for the --ciphers option
  15.3 Add option to disable client certificate auto-send
+ 15.4 Add option to allow abrupt server closure
 
  16. SASL
  16.1 Other authentication mechanisms
@@ -842,6 +843,15 @@ that doesn't exist on the server, just like --ftp-create-dirs.
 
  https://github.com/curl/curl/issues/2262
 
+15.4 Add option to allow abrupt server closure
+
+ libcurl w/schannel will error without a known termination point from the
+ server (such as length of transfer, or SSL "close notify" alert) to prevent
+ against a truncation attack. Really old servers may neglect to send any
+ termination point. An option could be added to ignore such abrupt closures.
+
+ https://github.com/curl/curl/issues/4427
+
 16. SASL
 
 16.1 Other authentication mechanisms