[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Lynx-dev] lynx 2.8.8-dev15 and SSL fatal-level alerts
|
From: |
mancha |
|
Subject: |
[Lynx-dev] lynx 2.8.8-dev15 and SSL fatal-level alerts |
|
Date: |
Tue, 14 May 2013 20:15:42 +0000 |
Hello Thomas et al.
While stress-testing SSL/TLS server/client configurations, I
triggered buggy(?) lynx behavior (all tests done on lynx
2.8.8-dev15).
My server, which sends a fatal-level unrecognized_name alert
and continues with server hello, hangs lynx.
The culprit is lynx's SSLv23 fall-back code that only closes the
TCP/IP socket and frees the SSL structure before re-trying with
SSL2/3 when we're tunneled (HTTP.c).
Is there a reason for this?
734 if (try_tls) {
735 _HTProgress(gettext("Retrying connection without
TLS."));
736 try_tls = FALSE;
737 if (did_connect)
738 HTTP_NETCLOSE(s, handle);
739 goto try_again;
By the time we reach the code above, SSL_connect has returned
SSL_ERROR_SSL with "tlsv1 unrecognized name" in the queue.
My server is intentionally out-of-spec as it should terminate
the connection upon sending a fatal error yet lynx should do the
same upon reception. These conditions, therefore, qualify as a
true corner case.
The following small change prevents the hang.
@@ -734,8 +734,7 @@ static int HTLoadHTTP(const char *arg,
if (try_tls) {
_HTProgress(gettext("Retrying connection without
TLS."));
try_tls = FALSE;
- if (did_connect)
- HTTP_NETCLOSE(s, handle);
+ HTTP_NETCLOSE(s,handle);
goto try_again;
} else {
CTRACE((tfp,
Sorry I broke the internets.
--mancha
==========
stack at "hang":
0 __read_nocancel () from /lib/libc.so.6
1 ?? () from /lib/libcrypto.so.1
2 BIO_read () from /lib/libcrypto.so.1
3 ssl23_read_bytes () from /lib/libssl.so.1
4 ssl23_connect () from /lib/libssl.so.1
5 SSL_connect () from /lib/libssl.so.1
6 HTLoadHTTP ()
7 HTLoad ()
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Lynx-dev] lynx 2.8.8-dev15 and SSL fatal-level alerts,
mancha <=