git.ipfire.org Git - thirdparty/curl.git/commit

author	Michael Kaufmann <mail@michael-kaufmann.ch>
	Tue, 18 May 2021 09:34:02 +0000 (11:34 +0200)
committer	Michael Kaufmann <mail@michael-kaufmann.ch>
	Tue, 1 Jun 2021 07:40:40 +0000 (09:40 +0200)
commit	b249592d29ae0a2b3e8e07fdbc01f33b5a5b8420
tree	082fed52affee4d1ee63cb2d649187422743cc1d	tree \| snapshot
parent	8cc1fee5b96244f3468d300eaa02edaca55d9942	commit \| diff

ssl: read pending close notify alert before closing the connection

This avoids a TCP reset (RST) if the server initiates a connection
shutdown by sending an SSL close notify alert and then closes the TCP
connection.

For SSL connections, usually the server announces that it will close the
connection with an SSL close notify alert. curl should read this alert.
If curl does not read this alert and just closes the connection, some
operating systems close the TCP connection with an RST flag.

See RFC 1122, section 4.2.2.13

If curl reads the close notify alert, the TCP connection is closed
normally with a FIN flag.

The new code is similar to existing code in the "SSL shutdown" function:
try to read an alert (non-blocking), and ignore any read errors.

Closes #7095

lib/vtls/gtls.c		diff \| blob \| blame \| history
lib/vtls/mbedtls.c		diff \| blob \| blame \| history
lib/vtls/nss.c		diff \| blob \| blame \| history
lib/vtls/openssl.c		diff \| blob \| blame \| history
lib/vtls/wolfssl.c		diff \| blob \| blame \| history