proxmox-mirrors/pve-http-server
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-http-server synced 2025-05-01 02:17:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
259 Commits 5 Branches 0 Tags 1.3 MiB
Perl 98.2%
Makefile 1.8%
07e56cc9dd
Go to file
Rob Rozestraten via pve-devel 07e56cc9dd fix unexpected EOF for client when closing TLS session 
When pve-http-server initiates the closure of a TLS session, it does not
send a TLS close notify, resulting in an unexpected EOF error on systems
with recent crypto policies. This can break functionality with other
applications, such as Foreman[0].

This behavior can be observed in the following cases:

 * client uses HTTP/1.0 (no keepalive; server closes connection)
 * client sends no data for 5 sec (timeout; server closes connection)
 * server responds with 400 (no keepalive; server closes connection)

This patch sends the TLS close notify prior to socket teardown,
resulting in clean closure of TLS connections and no client error.

It also moves shutdown() to after the clearing of handlers. The reason
for this is stoptls() must come before shutdown(), but it also triggers
on_drain(), which calls client_do_disconnect() again. The extra call to
client_do_disconnect() is avoided inside accept_connections() by commit
f737984, but perhaps clearing the handlers prior to shutdown() will
avoid it in all cases.

[0]: https://github.com/theforeman/foreman_fog_proxmox/issues/325

Signed-off-by: Rob Rozestraten <admin@truthsolo.net>
Link: https://lore.proxmox.com/mailman.798.1741211145.293.pve-devel@lists.proxmox.com
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2025-04-08 14:49:50 +02:00
debian bump version to 5.2.0 2025-01-28 16:15:59 +01:00
src fix unexpected EOF for client when closing TLS session 2025-04-08 14:49:50 +02:00
.gitignore fixup no newline at end of .gitignore 2018-05-25 16:42:05 +02:00
Makefile fixup! buildsys: add sbuild target for convenience 2023-05-17 07:31:38 +02:00