From: Steinar H. Gunderson <sgunderson@bigfoot.com>
Date: Mon, 9 Apr 2018 18:28:31 +0000 (+0200)
Subject: Send close_notify when closing a kTLS connection; fixes some warnings from GnuTLS.
X-Git-Tag: 1.4.0~19
X-Git-Url: https://git.sesse.net/?p=cubemap;a=commitdiff_plain;h=c687f8878c86e5895d0c4fd955695be0df2576a3;hp=81253bd40254831a82a3d87c3ed7f2a3524f2f57

Send close_notify when closing a kTLS connection; fixes some warnings from GnuTLS.
---

diff --git a/server.cpp b/server.cpp
index ceb7f3d..2f55589 100644
--- a/server.cpp
+++ b/server.cpp
@@ -19,6 +19,7 @@
 #include <utility>
 #include <vector>
 
+#include "ktls.h"
 #include "tlse.h"
 
 #include "acceptor.h"
@@ -1195,12 +1196,49 @@ void Server::construct_204(Client *client)
 	change_epoll_events(client, EPOLLOUT | EPOLLET | EPOLLRDHUP);
 }
 
+namespace {
+
 template<class T>
 void delete_from(vector<T> *v, T elem)
 {
 	typename vector<T>::iterator new_end = remove(v->begin(), v->end(), elem);
 	v->erase(new_end, v->end());
 }
+
+void send_ktls_close(int sock)
+{
+	uint8_t record_type = 21;  // Alert.
+	uint8_t body[] = {
+		1,   // Warning level (but still fatal!).
+		0,   // close_notify.
+	};
+
+	int cmsg_len = sizeof(record_type);
+	char buf[CMSG_SPACE(cmsg_len)];
+
+	msghdr msg = {0};
+	msg.msg_control = buf;
+	msg.msg_controllen = sizeof(buf);
+	cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
+	cmsg->cmsg_level = SOL_TLS;
+	cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
+	cmsg->cmsg_len = CMSG_LEN(cmsg_len);
+	*CMSG_DATA(cmsg) = record_type;
+	msg.msg_controllen = cmsg->cmsg_len;
+
+	iovec msg_iov;
+	msg_iov.iov_base = body;
+	msg_iov.iov_len = sizeof(body);
+	msg.msg_iov = &msg_iov;
+	msg.msg_iovlen = 1;
+
+	int err;
+	do {
+		err = sendmsg(sock, &msg, 0);
+	} while (err == -1 && errno == EINTR);  // Ignore all other errors.
+}
+
+}  // namespace
 	
 void Server::close_client(Client *client)
 {
@@ -1216,6 +1254,10 @@ void Server::close_client(Client *client)
 	}
 
 	if (client->tls_context) {
+		if (client->in_ktls_mode) {
+			// Keep GnuTLS happy.
+			send_ktls_close(client->sock);
+		}
 		tls_destroy_context(client->tls_context);
 	}