Send close_notify when closing a kTLS connection; fixes some warnings from GnuTLS.
authorSteinar H. Gunderson <sgunderson@bigfoot.com>
Mon, 9 Apr 2018 18:28:31 +0000 (20:28 +0200)
committerSteinar H. Gunderson <sgunderson@bigfoot.com>
Mon, 9 Apr 2018 18:28:31 +0000 (20:28 +0200)
server.cpp

index ceb7f3d..2f55589 100644 (file)
@@ -19,6 +19,7 @@
 #include <utility>
 #include <vector>
 
+#include "ktls.h"
 #include "tlse.h"
 
 #include "acceptor.h"
@@ -1195,12 +1196,49 @@ void Server::construct_204(Client *client)
        change_epoll_events(client, EPOLLOUT | EPOLLET | EPOLLRDHUP);
 }
 
+namespace {
+
 template<class T>
 void delete_from(vector<T> *v, T elem)
 {
        typename vector<T>::iterator new_end = remove(v->begin(), v->end(), elem);
        v->erase(new_end, v->end());
 }
+
+void send_ktls_close(int sock)
+{
+       uint8_t record_type = 21;  // Alert.
+       uint8_t body[] = {
+               1,   // Warning level (but still fatal!).
+               0,   // close_notify.
+       };
+
+       int cmsg_len = sizeof(record_type);
+       char buf[CMSG_SPACE(cmsg_len)];
+
+       msghdr msg = {0};
+       msg.msg_control = buf;
+       msg.msg_controllen = sizeof(buf);
+       cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
+       cmsg->cmsg_level = SOL_TLS;
+       cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
+       cmsg->cmsg_len = CMSG_LEN(cmsg_len);
+       *CMSG_DATA(cmsg) = record_type;
+       msg.msg_controllen = cmsg->cmsg_len;
+
+       iovec msg_iov;
+       msg_iov.iov_base = body;
+       msg_iov.iov_len = sizeof(body);
+       msg.msg_iov = &msg_iov;
+       msg.msg_iovlen = 1;
+
+       int err;
+       do {
+               err = sendmsg(sock, &msg, 0);
+       } while (err == -1 && errno == EINTR);  // Ignore all other errors.
+}
+
+}  // namespace
        
 void Server::close_client(Client *client)
 {
@@ -1216,6 +1254,10 @@ void Server::close_client(Client *client)
        }
 
        if (client->tls_context) {
+               if (client->in_ktls_mode) {
+                       // Keep GnuTLS happy.
+                       send_ktls_close(client->sock);
+               }
                tls_destroy_context(client->tls_context);
        }