On Tuesday, 19 December 2017 20:44:33 CET Martin Thomson wrote:
> See SSL_AlertReceivedCallback().
though do note that TCP does not reliably deliver data after one side has
closed connection and behaviour of different implementations varies widely
(both on TCP and TLS level):
https://blog.netherlabs.nl/articles/2009/01/18/the-ultimate-so_linger-page-or-why-is-my-tcp-not-reliable
> On 20 Dec. 2017 6:22 am, "Johann 'Myrkraverk' Oskarsson"
>
> wrote:
> > Hi,
> >
> > Is it really impossible to verify if the server sent close_notify in a
> > normal NSS client application?
> >
> > In both cases, PR_Read() returns zero with no error messages or status
> > difference of any kind.
> >
> > I have tentatively verified that ssl3_HandleAlert() is called with
> > AlertDescription zero == close_notify, using dtrace, when my server
> > properly terminates the connection with PR_Close(). No such probe
> > (in the client) fires if I just kill the server (naturally).
> >
> > My problem is that in the client code *I cannot distinguish the two*
> > (with or without close_notify) in normal PR_Read() loop. There appears
> > to be no publicly available API to retrieve the status of the
> > recvCloseNotify flag.
> >
> > And the ssl3_HandleAlert code does not propagate the condition, instead
> > the internal error = SSL_ERROR_CLOSE_NOTIFY_ALERT variable is simply
> > ignored, and it returns with SECSuccess.
> >
> > This is situation is current as of changeset 14194:04fc9a90997b,
> > Mon Dec 18 11:05:28 2017 +0100.
> >
> > How is NSS client code supposed to detect proper termination by the
> > other party?
> >
> > I would call this a serious breach of security in the NSS public API.
> >
> >
> > --
> > Johann | email: invalid -> com | www.myrkraverk.com/blog/
> > I'm not from the Internet, I just work there. | twitter: @myrkraverk
> > --
> > dev-tech-crypto mailing list
> > dev-tech-crypto@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/dev-tech-crypto
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto