net/socket/ssl_client_socket_openssl.cc - Issue 994373004: Properly handle alerts from the peer in SSL_read.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket_openssl.cc

Issue 994373004: Properly handle alerts from the peer in SSL_read. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: net/socket/ssl_client_socket_openssl.cc

diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc

index d8713f28f9e37e3fc48e0d94d38dba708b895380..d81b24b5177cf4618fd98c7938ae245527b5d87c 100644

--- a/net/socket/ssl_client_socket_openssl.cc

+++ b/net/socket/ssl_client_socket_openssl.cc

@@ -1563,11 +1563,22 @@ int SSLClientSocketOpenSSL::DoPayloadRead() {

if (client_auth_cert_needed_) {

*next_result = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;

- } else if (*next_result < 0) {

+ } else if (*next_result <= 0) {

+ // A zero return from SSL_read may mean any of:

+ // - The underlying BIO_read returned 0.

+ // - The peer sent a close_notify.

+ // - Any arbitrary error. https://crbug.com/466303

+ //

+ // TransportReadComplete converts the first to an ERR_CONNECTION_CLOSED

+ // error, so it does not occur. The second and third are distinguished by

+ // SSL_ERROR_ZERO_RETURN.

Ryan Sleevi 2015/03/17 01:01:28 Thanks, I conformed that ssl3_get_record does inde

pending_read_ssl_error_ = SSL_get_error(ssl_, *next_result);

- *next_result = MapOpenSSLErrorWithDetails(pending_read_ssl_error_,

- err_tracer,

- &pending_read_error_info_);

+ if (pending_read_ssl_error_ == SSL_ERROR_ZERO_RETURN) {

+ *next_result = 0;

+ } else {

+ *next_result = MapOpenSSLErrorWithDetails(

+ pending_read_ssl_error_, err_tracer, &pending_read_error_info_);

davidben 2015/03/11 21:47:18 This logic is totally incomprehensible and insane.

+ }

// Many servers do not reliably send a close_notify alert when shutting

// down a connection, and instead terminate the TCP connection. This is

« no previous file with comments | « no previous file | net/socket/ssl_client_socket_unittest.cc » ('j') | net/ssl/openssl_ssl_util.h » ('J')