|
 |
6309f8 |
From 1d19a7d01960fd8dc00bb3929a1ffaee186470fd Mon Sep 17 00:00:00 2001
|
|
|
6309f8 |
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
|
6309f8 |
Date: Tue, 21 Aug 2018 16:02:19 +0200
|
|
|
6309f8 |
Subject: [PATCH] Do two-way shutdown in t/sni.t
|
|
|
6309f8 |
MIME-Version: 1.0
|
|
|
6309f8 |
Content-Type: text/plain; charset=UTF-8
|
|
|
6309f8 |
Content-Transfer-Encoding: 8bit
|
|
|
6309f8 |
|
|
|
6309f8 |
TLSv1.3 performs more reading and writing in SSL_accept(). If a client
|
|
|
6309f8 |
disconnects after the handshake but before the server finishes
|
|
|
6309f8 |
SSL_accept(), the t/sni.t test would fail because accept() could fail with
|
|
|
6309f8 |
ECONNRESET. This happened randomly.
|
|
|
6309f8 |
|
|
|
6309f8 |
Failed accept() lead to undef->get_servername() call that triggered
|
|
|
6309f8 |
a run-time exception and that caused a client being stucked and the
|
|
|
6309f8 |
test script never exited.
|
|
|
6309f8 |
|
|
|
6309f8 |
This fixes both these issues.
|
|
|
6309f8 |
|
|
|
6309f8 |
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
|
6309f8 |
---
|
|
|
6309f8 |
t/sni.t | 20 ++++++++++++++++++--
|
|
|
6309f8 |
1 file changed, 18 insertions(+), 2 deletions(-)
|
|
|
6309f8 |
|
|
|
6309f8 |
diff --git a/t/sni.t b/t/sni.t
|
|
|
6309f8 |
index de0f06e..91206de 100644
|
|
|
6309f8 |
--- a/t/sni.t
|
|
|
6309f8 |
+++ b/t/sni.t
|
|
|
6309f8 |
@@ -68,15 +68,31 @@ if ( $pid == 0 ) {
|
|
|
6309f8 |
|
|
|
6309f8 |
$client->verify_hostname($host,'http') or print "not ";
|
|
|
6309f8 |
print "ok # client verify hostname in cert $host\n";
|
|
|
6309f8 |
+ # Shutdown TLS properly. Otherwise TLSv1.3 $server->accept() fails with
|
|
|
6309f8 |
+ # ECONNRESET when a client disconnects too early.
|
|
|
6309f8 |
+ $client->close('SSL_fast_shutdown' => 0);
|
|
|
6309f8 |
}
|
|
|
6309f8 |
exit;
|
|
|
6309f8 |
}
|
|
|
6309f8 |
|
|
|
6309f8 |
+# If the server dies, a client can get stuck in read(2) while Perl interpreter
|
|
|
6309f8 |
+# is collecting children status in the die handler using wait4(2).
|
|
|
6309f8 |
+$SIG{__DIE__} = sub {
|
|
|
6309f8 |
+ STDERR->print("Server died. Killing client with $pid PID.\n");
|
|
|
6309f8 |
+ kill(9, $pid);
|
|
|
6309f8 |
+};
|
|
|
6309f8 |
for my $host (@tests) {
|
|
|
6309f8 |
- my $csock = $server->accept or print "not ";
|
|
|
6309f8 |
- print "ok # server accept\n";
|
|
|
6309f8 |
+ my $csock = $server->accept;
|
|
|
6309f8 |
+ if (!$csock) {
|
|
|
6309f8 |
+ print "not ok # server accept SSL_ERROR='$SSL_ERROR', errno='$!'";
|
|
|
6309f8 |
+ } else {
|
|
|
6309f8 |
+ print "ok # server accept\n";
|
|
|
6309f8 |
+ }
|
|
|
6309f8 |
my $name = $csock->get_servername;
|
|
|
6309f8 |
print "not " if ! $name or $name ne $host;
|
|
|
6309f8 |
print "ok # server got SNI name $host\n";
|
|
|
6309f8 |
+ # Shutdown TLS properly. Otherwise TLSv1.3 $server->accept() fails with
|
|
|
6309f8 |
+ # ECONNRESET when a client disconnects too early.
|
|
|
6309f8 |
+ $csock->close('SSL_fast_shutdown' => 0);
|
|
|
6309f8 |
}
|
|
|
6309f8 |
wait;
|
|
|
6309f8 |
--
|
|
|
6309f8 |
2.14.4
|
|
|
6309f8 |
|