New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cleanups (mainly of mirage layer) #487
Conversation
aec2ef7
to
9df5c57
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems right even if I think that the deletion of Flow‧close
should be done into the shutdown
(for a better clarity in my opinion but that's fine).
@@ -20,6 +20,9 @@ module Make (F : Mirage_flow.S) : sig | |||
with type error := error | |||
and type write_error := write_error | |||
|
|||
(** [underlying t] returns the underlying flow. This is useful to extract | |||
information such as [src] and [dst] of that flow. *) | |||
val underlying : flow -> FLOW.flow |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎉 it fixes #425
and int_to_content_type = function | ||
| 20 -> Some CHANGE_CIPHER_SPEC | ||
| 21 -> Some ALERT | ||
| 22 -> Some HANDSHAKE | ||
| 23 -> Some APPLICATION_DATA | ||
| 24 -> Some HEARTBEAT | ||
| _ -> None |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now this is responsible for erroring out on HEARTBEAT
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, exactly. The int_to_content_type
is used by Reader.parse_record
, which errors out with UnknownContent _
- which leads (in Engine.separate_records
to Error (`Fatal (`UnknownContentType _))
.
There is still an open question about error semantics -- which cases are fatal, which are not. For the heartbeat, this requires a negotiation in the client/server hello (which we do not support) -- thus anyone sending us a heartbeat packet violates the protocol.
Previously, we decoded the content type and errored when handling such a record Now, we fail slightly earlier, upon receiving that content type
Ok, I removed that close commit from this PR. |
CHANGES: * tls: handle half-closed connection properly: a received CLOSE_NOTIFY does not lead to a CLOSE_NOTIFY to be sent (a `send_close_notify` sends it explicitly) (mirleft/ocaml-tls#488 @hannesm) * tls: modify return type of `handle_tls` - the Alert is now in the right hand side, and `` `Eof `` is explicit in the second part of the tuple (mirleft/ocaml-tls#488 @hannesm) * tls: remove `can_handle_appdata`, the function `handshake_in_progress` is available (mirleft/ocaml-tls#488 @hannesm) * tls-mirage: avoid exceptions in reneg and rekey (mirleft/ocaml-tls#487 @hannesm) * tls: remove HEARTBEAT decoding - HEARTBEAT was never supported in this library, the decoder was superfluous (mirleft/ocaml-tls#487 @hannesm) * tls-mirage: provide `underlying : flow -> FLOW.flow` (mirleft/ocaml-tls#487 @hannesm, fixes mirleft/ocaml-tls#425 @dinosaure) * tls-mirage: implement mirage-flow 4 API (`val shutdown`) (mirleft/ocaml-tls#488 @hannesm) * tls-eio: adapt to half-closed connections (mirleft/ocaml-tls#488 @talex5)
CHANGES: * tls: handle half-closed connection properly: a received CLOSE_NOTIFY does not lead to a CLOSE_NOTIFY to be sent (a `send_close_notify` sends it explicitly) (mirleft/ocaml-tls#488 @hannesm) * tls: modify return type of `handle_tls` - the Alert is now in the right hand side, and `` `Eof `` is explicit in the second part of the tuple (mirleft/ocaml-tls#488 @hannesm) * tls: remove `can_handle_appdata`, the function `handshake_in_progress` is available (mirleft/ocaml-tls#488 @hannesm) * tls-mirage: avoid exceptions in reneg and rekey (mirleft/ocaml-tls#487 @hannesm) * tls: remove HEARTBEAT decoding - HEARTBEAT was never supported in this library, the decoder was superfluous (mirleft/ocaml-tls#487 @hannesm) * tls-mirage: provide `underlying : flow -> FLOW.flow` (mirleft/ocaml-tls#487 @hannesm, fixes mirleft/ocaml-tls#425 @dinosaure) * tls-mirage: implement mirage-flow 4 API (`val shutdown`) (mirleft/ocaml-tls#488 @hannesm) * tls-eio: adapt to half-closed connections (mirleft/ocaml-tls#488 @talex5) * tls-eio: implement Eio.Resource.Close (mirleft/ocaml-tls#489 @paurkedal, reviewed by @talex5)
CHANGES: * tls: handle half-closed connection properly: a received CLOSE_NOTIFY does not lead to a CLOSE_NOTIFY to be sent (a `send_close_notify` sends it explicitly) (mirleft/ocaml-tls#488 @hannesm) * tls: modify return type of `handle_tls` - the Alert is now in the right hand side, and `` `Eof `` is explicit in the second part of the tuple (mirleft/ocaml-tls#488 @hannesm) * tls: remove `can_handle_appdata`, the function `handshake_in_progress` is available (mirleft/ocaml-tls#488 @hannesm) * tls-mirage: avoid exceptions in reneg and rekey (mirleft/ocaml-tls#487 @hannesm) * tls: remove HEARTBEAT decoding - HEARTBEAT was never supported in this library, the decoder was superfluous (mirleft/ocaml-tls#487 @hannesm) * tls-mirage: provide `underlying : flow -> FLOW.flow` (mirleft/ocaml-tls#487 @hannesm, fixes mirleft/ocaml-tls#425 @dinosaure) * tls-mirage: implement mirage-flow 4 API (`val shutdown`) (mirleft/ocaml-tls#488 @hannesm) * tls-eio: adapt to half-closed connections (mirleft/ocaml-tls#488 @talex5) * tls-eio: implement Eio.Resource.Close (mirleft/ocaml-tls#489 @paurkedal, reviewed by @talex5)
Best read commit-by-commit.
This is still work-in-progress, there'll be support forshutdown
(to conform to mirage-flow 4) in a later commit.