Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: centralize alert sending #59773

Open
rolandshoemaker opened this issue Apr 22, 2023 · 1 comment
Open

crypto/tls: centralize alert sending #59773

rolandshoemaker opened this issue Apr 22, 2023 · 1 comment
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog

Comments

@rolandshoemaker
Copy link
Member

Currently we send TLS alerts all over the place, decoupling the process for other error handling, this results in inconsistencies about when and where we send alerts that can be quite confusing (including sometimes just not sending expected alerts at all).

Ideally we should centralize alert transmission in one (or two) places: Conn.Read and Conn.Write. Alerts can then be derived from errors (or a field we set on the connection?) allowing us to consistently handle them.

cc @FiloSottile
@dmitshur dmitshur added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Apr 24, 2023
@dmitshur dmitshur added this to the Backlog milestone Apr 24, 2023
@rolandshoemaker
Copy link
Member Author

More concretely, one possible path forward here is to introduce a specific internal tls error type internalTLSError, containing an alert code, and either a plain or typed error, which everything should return.

Conn.Read and Conn.Write should then defer error checking, sending an alert and unwrapping the internal error to return to the caller.

cc @thatnealpatel perhaps something to work on in the future.

type internalTLSError {
	alert alert
	err   error
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
2 participants
@dmitshur @rolandshoemaker