You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "bneradt (via GitHub)" <gi...@apache.org> on 2023/06/19 17:47:18 UTC

[GitHub] [trafficserver] bneradt opened a new issue, #9880: forward_route: use close_notify on shutdown

bneradt opened a new issue, #9880:
URL: https://github.com/apache/trafficserver/issues/9880

   I notice when running autests on fedora:38, which has a recent version of openssl, that the [tls_forward_nonhttp.test.py](https://github.com/apache/trafficserver/blob/f430f50d02bf90d9d102a36e16330bcc6d9225a6/tests/gold_tests/tls/tls_forward_nonhttp.test.py) test fails because openssl s_client complains about a connection being shutdown without close_notify. This issue is explained some in the openssl 3.x docs here:
   
   https://www.openssl.org/docs/man3.0/man1/openssl-s_client.html
   
   > -ignore_unexpected_eof
   Some TLS implementations do not send the mandatory close_notify alert on shutdown. If the application tries to wait for the close_notify alert but the peer closes the connection without sending it, an error is generated. When this option is enabled the peer does not need to send the close_notify alert and a closed connection will be treated as if the close_notify alert was received. For more information on shutting down a connection, see [SSL_shutdown(3)](https://www.openssl.org/docs/man3.0/man3/SSL_shutdown.html).
   
   In case it's helpful, here's s_client's output concerning this:
   
   ```
   <other output from test>
   read R BLOCK                                                                   
   This is a reply                                                      
   20447898FFFF0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:303:
   ```
   
   I'm currently patching the test to add `-ignore_unexpected_eof` so the test will run on these newer systems, but I'm filing this ticket because we should investigate this issue and see whether ATS needs to be updated to properly notify the closing of connections.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org