From 488cb662604437b31db0667dd9e17772395f16c2 Mon Sep 17 00:00:00 2001 From: Peter Hartmann Date: Thu, 4 Apr 2013 11:30:43 +0200 Subject: SSL internals: do not write after shutting down the socket ... but rather throw an error, so the HTTP layer can recover from a SSL shutdown gracefully. In case the other side sent us a shutdown, we tried to send one as well, which results in an error. (backport of commit e145b67fbd54f147dab0f8e460280a9c8533aa7b) Change-Id: I57291a5363cb0f6585dbd6aaa521c748766a1fdf Reviewed-by: Richard J. Moore --- src/network/ssl/qsslsocket.cpp | 2 ++ src/network/ssl/qsslsocket_openssl.cpp | 14 ++++++++++---- src/network/ssl/qsslsocket_p.h | 1 + tests/auto/qsslsocket/tst_qsslsocket.cpp | 3 ++- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 6ec8f6e..454a52a 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1851,6 +1851,7 @@ QSslSocketPrivate::QSslSocketPrivate() , mode(QSslSocket::UnencryptedMode) , autoStartHandshake(false) , connectionEncrypted(false) + , shutdown(false) , ignoreAllSslErrors(false) , readyReadEmittedPointer(0) , allowRootCertOnDemandLoading(true) @@ -1875,6 +1876,7 @@ void QSslSocketPrivate::init() autoStartHandshake = false; connectionEncrypted = false; ignoreAllSslErrors = false; + shutdown = false; // we don't want to clear the ignoreErrorsList, so // that it is possible setting it before connecting diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 37dea2b..4b0a9ec 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1163,8 +1163,11 @@ void QSslSocketBackendPrivate::transmit() #ifdef QSSLSOCKET_DEBUG qDebug() << "QSslSocketBackendPrivate::transmit: remote disconnect"; #endif - plainSocket->disconnectFromHost(); - break; + shutdown = true; // the other side shut down, make sure we do not send shutdown ourselves + q->setErrorString(QSslSocket::tr("The TLS/SSL connection has been closed")); + q->setSocketError(QAbstractSocket::RemoteHostClosedError); + emit q->error(QAbstractSocket::RemoteHostClosedError); + return; case SSL_ERROR_SYSCALL: // some IO error case SSL_ERROR_SSL: // error in the SSL library // we do not know exactly what the error is, nor whether we can recover from it, @@ -1447,8 +1450,11 @@ bool QSslSocketBackendPrivate::startHandshake() void QSslSocketBackendPrivate::disconnectFromHost() { if (ssl) { - q_SSL_shutdown(ssl); - transmit(); + if (!shutdown) { + q_SSL_shutdown(ssl); + shutdown = true; + transmit(); + } } plainSocket->disconnectFromHost(); } diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h index 5044c72..f8967d0 100644 --- a/src/network/ssl/qsslsocket_p.h +++ b/src/network/ssl/qsslsocket_p.h @@ -108,6 +108,7 @@ public: QSslSocket::SslMode mode; bool autoStartHandshake; bool connectionEncrypted; + bool shutdown; bool ignoreAllSslErrors; QList ignoreErrorsList; bool* readyReadEmittedPointer; diff --git a/tests/auto/qsslsocket/tst_qsslsocket.cpp b/tests/auto/qsslsocket/tst_qsslsocket.cpp index 880c4c2..75f74a5 100644 --- a/tests/auto/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/qsslsocket/tst_qsslsocket.cpp @@ -1996,7 +1996,8 @@ void tst_QSslSocket::writeBigChunk() QFAIL("Error while writing! Check if the OpenSSL BIO size is limited?!"); } // also check the error string. If another error (than UnknownError) occurred, it should be different than before - QVERIFY(errorBefore == errorAfter); + QVERIFY2(errorBefore == errorAfter || socket->error() == QAbstractSocket::RemoteHostClosedError, + QByteArray("unexpected error: ").append(qPrintable(errorAfter))); // check that everything has been written to OpenSSL QVERIFY(socket->bytesToWrite() == 0); -- cgit v0.12