SSL: Authenticate continuation should complete only if the actual aut…

…henticate task completes. This prevents double disconnect coming when AuthenticateAsServerAsync fails. Fix local IP address check to take into account IPv6 loopback addresses.
Bobris · Nov 24, 2016 · a38e4cc · a38e4cc
1 parent a196289
commit a38e4cc
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 16 deletions.
diff --git a/Nowin/IpIsLocalChecker.cs b/Nowin/IpIsLocalChecker.cs
@@ -32,7 +32,20 @@ public IpIsLocalChecker()
 
         public bool IsLocal(IPAddress address)
         {
-            return _dict.ContainsKey(address);
+            if (_dict.ContainsKey(address))
+                return true;
+
+            if (IPAddress.IsLoopback(address))
+                return true;
+
+            if (address.IsIPv4MappedToIPv6)
+            {
+                var ip4 = address.MapToIPv4();
+                if (_dict.ContainsKey(ip4))
+                    return true;
+            }
+
+            return false;
         }
     }
 }
diff --git a/Nowin/SslTransportHandler.cs b/Nowin/SslTransportHandler.cs
@@ -194,11 +194,8 @@ public void FinishAccept(byte[] buffer, int offset, int length, IPEndPoint remot
                 _authenticateTask = _ssl.AuthenticateAsServerAsync(_serverParameters.Certificate, _serverParameters.ClientCertificateRequired, _serverParameters.Protocols, false).ContinueWith((t, selfObject) =>
                   {
                       var self = (SslTransportHandler)selfObject;
-                      if (t.IsFaulted || t.IsCanceled)
+                      self._next.SetRemoteCertificate(_ssl.RemoteCertificate);
-                          self.Callback.StartDisconnect();
+                  }, this, TaskContinuationOptions.OnlyOnRanToCompletion);
-                      else
-                          _next.SetRemoteCertificate(_ssl.RemoteCertificate);
-                  }, this);
                 _next.FinishAccept(_recvBuffer, _recvOffset, 0, remoteEndPoint, localEndPoint);
             }
             catch (Exception)
@@ -248,18 +245,32 @@ public void StartReceive(byte[] buffer, int offset, int length)
                         }
                         else
                         {
-                            _ssl.ReadAsync(self._recvBuffer, self._recvOffset, self._recvLength).ContinueWith((t2, selfObject2) =>
+                            try
                             {
-                                var self2 = (SslTransportHandler)selfObject2;
+                                self._ssl.ReadAsync(self._recvBuffer, self._recvOffset, self._recvLength).ContinueWith((t2, selfObject2) =>
-                                if (t2.IsFaulted || t2.IsCanceled || t2.Result == 0)
+                                {
-                                    self._next.FinishReceive(null, 0, -1);
+                                    var self2 = (SslTransportHandler)selfObject2;
-                                else
+                                    if (t2.IsFaulted || t2.IsCanceled || t2.Result == 0)
-                                    self._next.FinishReceive(self2._recvBuffer, self2._recvOffset, t2.Result);
+                                        self2._next.FinishReceive(null, 0, -1);
-                            }, self);
+                                    else
+                                        self2._next.FinishReceive(self2._recvBuffer, self2._recvOffset, t2.Result);
+                                }, self);
+                            }
+                            catch (Exception)
+                            {
+                                self._next.FinishReceive(null, 0, -1);
+                            }
                         }
                     }, this);
                     return;
                 }
+
+                if (_authenticateTask.IsCanceled || _authenticateTask.IsFaulted)
+                {
+                    _next.FinishReceive(null, 0, -1);
+                    return;
+                }
+
                 _ssl.ReadAsync(buffer, offset, length).ContinueWith((t, selfObject) =>
                 {
                     var self = (SslTransportHandler)selfObject;

diff --git a/NowinTests/NowinTestsBase.cs b/NowinTests/NowinTestsBase.cs
@@ -419,11 +419,9 @@ public void EnvironmentEmptyGetRequest()
                     Assert.True(env.TryGetValue("server.IsLocal", out ignored));
                     Assert.Equal(true, env["server.IsLocal"]);
 
+                    // Don't check for actual IP address as it might be IPv6 local address
                     Assert.True(env.TryGetValue("server.RemoteIpAddress", out ignored));
-                    Assert.Equal("127.0.0.1", env["server.RemoteIpAddress"]);
-
                     Assert.True(env.TryGetValue("server.LocalIpAddress", out ignored));
-                    Assert.Equal("127.0.0.1", env["server.LocalIpAddress"]);
 
                     Assert.True(env.TryGetValue("server.RemotePort", out ignored));
                     Assert.True(env.TryGetValue("server.LocalPort", out ignored));