search

orthecreedence / cl-async

Asynchronous IO library for Common Lisp.
MIT License
272 stars 40 forks source link

TLS connection terminated abnormally #203

Open naryl opened 1 day ago

naryl commented 1 day ago
  1. Create an SSL server using the example in https://orthecreedence.github.io/cl-async/tcp-ssl 
    (tcp-ssl-server "127.0.0.1" 443
            (lambda (socket data)
              (format t "data: ~a~%" data)
              (write-socket-data socket "THIS IS A SECURE LINE!"
                                 :write-cb (lambda (socket)
                                             (close-socket socket))))
            (lambda (ev)
              (format t "SSL ev: ~a~%" ev)))
  2. Connect to it like so: gnutls-cli localhost:443 --tofu --crlf and send a line of data.

Expected: The server replies with "THIS IS A SECURE LINE!", terminates the TLS connection, then closes the socket. Actual: The server replies with "THIS IS A SECURE LINE!" and closes the socket without terminating the TLS connection. This is the error returned by gnutls-cli:

*** Fatal error: The TLS connection was non-properly terminated.
*** Server has terminated the connection abnormally.

Using #'as-ssl::close-streamish instead of as::close-socket has exactly the same observable result.

naryl commented 1 day ago

Removing close-socket makes it work properly but the server now (as expected) waits for the client to close the connection.

naryl commented 9 hours ago

Relevant docs: https://docs.openssl.org/master/man3/SSL_shutdown/#shutdown-lifecycle https://docs.openssl.org/master/man3/SSL_shutdown/#fast-shutdown

But seems like cl-async just does fast shutdown which shouldn't be a problem for clients: https://github.com/orthecreedence/cl-async/blob/289aac99a701341e487cd548cd65b4c01271a739/src/ssl/tcp.lisp#L55