-
-
Notifications
You must be signed in to change notification settings - Fork 332
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ranch:handshake(Ref) silently drops invalid TLS connections in ranch_ssl via exit(normal) #336
Comments
We could probably |
And how about not using "And Joe said: thou shalt not use catch/exit/try/throw for program flow control". |
The important point being in the "for program flow control" part, IMO ;) In my understanding, to |
Well, in my daily job, a failed TLS connection is nothing wrong from programmers's point of view. In particular, it is nothing exceptional enough to pull the I patched I reversed my code back to If you'd want some assistance with the issue, I'd gladly help in my free time, but I'd need some insight on |
I think if you need fine grained info then All things to be considered when the time comes to do a Ranch 3.0 in any case. |
I'm open to cooperation. I suppose this issue might be closed for now. Best regards! |
This issue has come up in RabbitMQ when debugging embedded device issues (they're too slow for default TLS handshake timeouts). It will need to be addressed in Ranch 3.0. |
Fixes #11171 An MQTT user encountered TLS handshake timeouts with their IoT device, and the actual error from `ssl:handshake` / `ranch:handshake` was not caught and logged. At this time, `ranch` uses `exit(normal)` in the case of timeouts, but that should change in the future (ninenines/ranch#336)
Ok, how do you think should we address it? A rather easy solution (that could IMO be implemented even now in Ranch 2) would be to return an error tuple instead of exiting, as @p-kraszewski suggested. Like, here: Lines 320 to 328 in a8f31f3
The error tuple could be enriched with info obtained via Transport:peername , to be called before we (that is, ranch) close the socket. For SSL connections, it might be nice to also have the peercert , but that is currently not a ranch_transport callback. The error tuple could look something like this {error, Reason, PeerInfo} .
There would be a change in semantics, but it would be IMO small:
The important point is that, if it didn't work in the current implementation, it also won't work after the change; I wouldn't consider it a breaking change. This is why I say it could already be implemented in Ranch 2.
|
I don't think most code cares about connections that don't manage to pass the handshake. Outside controlled environments these failures happen a lot. It could be a TCP client sending garbage, or a client connecting and not sending anything / going through a tunnel, or many other scenarios. I also don't think there's much value to handling the error tuple beyond logging something for debugging purposes so I wouldn't expect users to handle it. In that case it makes more sense to just |
Ok, makes sense. However, @p-kraszewski also complained about not getting any info about the peer, which would still be missing from the exit reason, and not be otherwise obtainable since the socket is gone? |
If I'm reading the code correctly it should be possible to call |
I mean not obtainable for the user. We can obtain that info in |
... like this: #345? |
Yes I mean we can call the function before closing. No not like this it has to be a 2-tuple I think, to be considered a "normal" exit reason by supervisors, so you'll need to wrap the info in another tuple. Otherwise yes. Also, tests! |
Well, the supervisor in question would be
I'll have to come back to that later, they're more work than the actual change, and I'm |
|
I am building a system with mutual certificate verification.
I'm using OTP-ized mode with ranch 2.0.0
It works beautifully for valid connections. It fails miserably for invalid connections. In the case of invalid connection (for example a failed TLS handshake),
ranch:handshake(Ref)
does not return error, but doesexit(normal)
instead, which bypasses the rest of the function.In particular, the function doesn't know that the connection failed, not to mention why.
I partially circumvented the problem with ugly use of
catch
:I know that connection failed, but still have no idea why (invalid cert, invalid protocol, other reason).
Is there a way to dig-out the exact cause of the error (and the IP of the failing party), or should I just switch to
ranch_tcp
and perform ssl/tls negotiation manually, in handler?The text was updated successfully, but these errors were encountered: