From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Sat, 30 Apr 2016 03:38:26 +0000 (-0600)
Subject: Stop parsing SSL records after a fatal SSL Alert.
X-Git-Tag: SQUID_4_0_11~29^2~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=793b1bfb48e5bd84205414497c7680c22ce0087b;p=thirdparty%2Fsquid.git

Stop parsing SSL records after a fatal SSL Alert.

The fatal alert sender should close the connection. Waiting for the next
record is pointless and will obscure the problem when we eventually read
the EOF on the socket.
---

diff --git a/src/security/Handshake.cc b/src/security/Handshake.cc
index 8f3dcd4b27..3ebd5cd6ed 100644
--- a/src/security/Handshake.cc
+++ b/src/security/Handshake.cc
@@ -207,7 +207,9 @@ Security::HandshakeParser::parseAlertMessage()
     debugs(83, (alert.fatal() ? 2:3),
            "level " << static_cast<int>(alert.level) <<
            " description " << static_cast<int>(alert.description));
-    // we are currently ignoring Alert Protocol messages
+    if (alert.fatal())
+        done = "fatal Alert";
+    // else ignore the warning (at least for now)
 }
 
 void