From: Jacob Hoffman-Andrews <github@hoffman-andrews.com>
Date: Thu, 18 Mar 2021 04:27:12 +0000 (-0700)
Subject: rustls: Handle close_notify.
X-Git-Tag: curl-7_76_0~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7488ef296015f3a1b90f9743903221e154d339cf;p=thirdparty%2Fcurl.git

rustls: Handle close_notify.

If we get a close_notify, treat that as EOF. If we get an EOF from the
TCP stream, treat that as an error (because we should have ended the
connection earlier, when we got a close_notify).

Closes #6763
---

diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index 3b7bc3afb7..e4f589de57 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -112,7 +112,7 @@ cr_recv(struct Curl_easy *data, int sockindex,
 
   tls_bytes_read = sread(sockfd, backend->tlsbuf, TLSBUF_SIZE);
   if(tls_bytes_read == 0) {
-    failf(data, "EOF in sread");
+    failf(data, "connection closed without TLS close_notify alert");
     *err = CURLE_READ_ERROR;
     return -1;
   }
@@ -163,7 +163,11 @@ cr_recv(struct Curl_easy *data, int sockindex,
       (uint8_t *)plainbuf + plain_bytes_copied,
       plainlen - plain_bytes_copied,
       &n);
-    if(rresult != RUSTLS_RESULT_OK) {
+    if(rresult == RUSTLS_RESULT_ALERT_CLOSE_NOTIFY) {
+      *err = CURLE_OK;
+      return 0;
+    }
+    else if(rresult != RUSTLS_RESULT_OK) {
       failf(data, "error in rustls_client_session_read");
       *err = CURLE_READ_ERROR;
       return -1;