Hello Thomas et al.
While stress-testing SSL/TLS server/client configurations, I
triggered buggy(?) lynx behavior (all tests done on lynx
2.8.8-dev15).
My server, which sends a fatal-level unrecognized_name alert
and continues with server hello, hangs lynx.
The culprit is lynx's SSLv23 fall-back code that only closes the
TCP/IP socket and frees the SSL structure before re-trying with
SSL2/3 when we're tunneled (HTTP.c).
Is there a reason for this?
734 if (try_tls) {
735 _HTProgress(gettext("Retrying connection without
TLS."));
736 try_tls = FALSE;
737 if (did_connect)
738 HTTP_NETCLOSE(s, handle);
739 goto try_again;
By the time we reach the code above, SSL_connect has returned
SSL_ERROR_SSL with "tlsv1 unrecognized name" in the queue.
My server is intentionally out-of-spec as it should terminate
the connection upon sending a fatal error yet lynx should do the
same upon reception. These conditions, therefore, qualify as a
true corner case.
The following small change prevents the hang.
@@ -734,8 +734,7 @@ static int HTLoadHTTP(const char *arg,
if (try_tls) {
_HTProgress(gettext("Retrying connection without
TLS."));
try_tls = FALSE;
- if (did_connect)
- HTTP_NETCLOSE(s, handle);
+ HTTP_NETCLOSE(s,handle);
goto try_again;
} else {
CTRACE((tfp,
Sorry I broke the internets.
--mancha
==========
stack at "hang":
0 __read_nocancel () from /lib/libc.so.6
1 ?? () from /lib/libcrypto.so.1
2 BIO_read () from /lib/libcrypto.so.1
3 ssl23_read_bytes () from /lib/libssl.so.1
4 ssl23_connect () from /lib/libssl.so.1
5 SSL_connect () from /lib/libssl.so.1
6 HTLoadHTTP ()
7 HTLoad ()
_______________________________________________
Lynx-dev mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/lynx-dev
