diff options
author | Dmitry Belyavskiy <beldmit@gmail.com> | 2020-05-05 16:20:42 +0300 |
---|---|---|
committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2020-05-19 19:04:11 +0300 |
commit | 09b90e0ed7915809fcd4ee1e250d881b77d06d45 (patch) | |
tree | 897a351d8f49b6f575bf54bba4dd486b00ad31f7 /apps/s_server.c | |
parent | fb420afc878fa38a5d8cf22e25cf7d438d39987a (diff) |
Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF
Partially fixes #11209.
Before OpenSSL 3.0 in case when peer does not send close_notify,
the behaviour was to set SSL_ERROR_SYSCALL error with errno 0.
This behaviour has changed. The SSL_OP_IGNORE_UNEXPECTED_EOF restores
the old behaviour for compatibility's sake.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11735)
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 09bcc0cfb8..9995953526 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -761,7 +761,7 @@ typedef enum OPTION_choice { OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, - OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, + OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_IGNORE_UNEXPECTED_EOF, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -850,6 +850,8 @@ const OPTIONS s_server_options[] = { "Disable caching and tickets if ephemeral (EC)DH is used"}, {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"}, {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"}, + {"ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-', + "Do not treat lack of close_notify from a peer as an error"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received"}, {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"}, @@ -1094,6 +1096,7 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_SCTP int sctp_label_bug = 0; #endif + int ignore_unexpected_eof = 0; /* Init of few remaining global variables */ local_argc = argc; @@ -1667,6 +1670,9 @@ int s_server_main(int argc, char *argv[]) use_sendfile = 1; #endif break; + case OPT_IGNORE_UNEXPECTED_EOF: + ignore_unexpected_eof = 1; + break; } } argc = opt_num_rest(); @@ -1867,7 +1873,6 @@ int s_server_main(int argc, char *argv[]) goto end; } } - #ifndef OPENSSL_NO_SCTP if (protocol == IPPROTO_SCTP && sctp_label_bug == 1) SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); @@ -1911,6 +1916,9 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_options(ctx, SSL_OP_DISABLE_TLSEXT_CA_NAMES); } + if (ignore_unexpected_eof) + SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); + if (max_send_fragment > 0 && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n", |