-
Notifications
You must be signed in to change notification settings - Fork 595
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Example simpleclient
is broken
#1327
Comments
Have you tried this with different hosts? The change you identified was an intentional strictening of the code that produces an |
(Edit: oops, comment clash with Djc!) Hi there, Good catch 👍 We should think about adding something to the
That makes sense - that commit was meant to surface this error condition, it just interacts badly with the demo's liberal use of It might be worth trying to change the demo request to see if we can get the peer server to properly send a TLS close notify alert before the TCP EOF (maybe also worth a quick If getting a clean TLS close isn't feasible, the |
I did some quick search and I think that the root cause (not that it is a problem) lies with the higher level application protocol (HTTP in this case). The short of it is that modern versions of HTTP is a self-terminating protocol, and common implementation will not send So in other words, having a connection that is dropped without I am honestly not sure where to go from here. I don't think that the simple client should be responsible for being aware of higher level protocol behaviors, but I also have no idea where to find publicly available HTTP server that properly sends |
@djc Changing the host to |
If the HTTP client knows when to terminate, it can terminate the read before it reaches eof, and For example, if the server returns |
In this example code, we're not even parsing the HTTP response, so using the value from the Does make me wonder why we haven't had more complaints about this... as far as I'm aware tokio-rustls and hyper-rustls will still propagate this error. (Some people have clearly run into it in denoland/deno#13058, but it seems to be fairly rare.) |
SGTM. Maybe with a comment-in-file that has text similar to your response earlier in this thread? Something that alludes to the truncation attack and that some servers don't cleanly close and applications need to decide how to handle that. |
Note that
(after that fix, |
(Google folks: we've seen similar issues in curl/curl#10457 (comment), where the GMail IMAP TLS termination doesn't seem to send |
The example simple client is broken. When running
cargo run --bin simpleclient
the program output is as follows:git bisect
identifiedab685b5e89f15725436effadd31ae4411b95738d
to be the first bad commit.Further investigation is needed on what changes are needed to restore simple client back to a working state. I am willing to submit PR if appropriate and needed.
The text was updated successfully, but these errors were encountered: