-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle EOF like rustls::Stream #128
Conversation
This seems reasonable, would you be able to add a regression test? |
There existed an EOF test already so I just updated that |
It is not reasonable to break this test, we can only return see https://docs.rs/rustls/latest/rustls/struct.Reader.html#method.read |
I have re-read the notes on rustls stream and I suspect that current behavior is not expected. maybe rustls contributors can give some suggestion. |
@vilgotf how does the example code error, and why do you believe it is not reasonable for it to do so? I'm honestly not sure the @quininer which current behavior is not expected? |
rustls Stream cannot distinguish between a normal close notify and an unexpected tcp eof, which allows truncation attack, which I suspect is not expected. |
That's fair, do you want to file an issue about this against the rustls repo? We're in the process of preparing a 0.21 release so now would be a good time to adjust the API accordingly. |
Only the second example panics, which I thought was an error in tokio-rustls as rustls and OpenSSL (tokio-tls-native & tls-native) does not error with As for the examples not working, I have no idea why that would be. I'm running both example with the Also, thank you both for your time with helping me out :) |
@djc I opened an issue on rustls repo rustls/rustls#1188 |
This should be fixed in the |
This aims to fix twilight-rs/twilight#1428, which is two layers of abstraction removed from tokio-rustls (this fix might therefore not be optimal). That bug occurs on closing a TLS encrypted websocket connetion with Discord's gateway. The following blocking RusTLS + tungstenite MRE shows no error:
Whereas the same exact code with tokio-tungstenite does error:
In the first example, tungstenite uses the
rustls::Stream
abstraction to read from the websocket, and in the second example tokio-tungstenite usestokio_rustls::client::TlsStream
(which exposes aRead
compatible interface to tungstenite). This leads me to believe the bug is intokio_rustls
.rustls::Stream
'sRead
implemention is very similar totokio_rustls::client::TlsStream
'sAsyncRead
(the logic I'm interested in fortokio_tungstenite
is in the privatetokio_rustls::common::Stream
type), both callingread_tls
whilewants_read
returnstrue
and then callingReader::read
afterwards, but differs in two ways:rustls::ConnectionCommon::complete_io()
, potentially writing data in addition to reading dataReader::read
) ifread_tls
returnsOk(0)
andprocess_new_packets
returnsOk
withIoState
'splaintext_bytes_to_read
returning0
.This PR then adds the logic from 2. to
tokio_rustls::common::Stream
which fixes the issue I'm running into.