Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS connections don't close on errors #8

Open
Rastloser opened this issue May 1, 2021 · 2 comments
Open

TLS connections don't close on errors #8

Rastloser opened this issue May 1, 2021 · 2 comments

Comments

@Rastloser
Copy link

If using TLS connections, errors in the underlying FNET write or read functions won't cause the TLS connections to close as expected.
This error can be traced down to the callback functions "_fnet_tls_mbedtls_send" and "_fnet_tls_mbedtls_recv". If the underlying FNET connection returns FNET_ERR, these functions return 0, but according to the mbedtls documentation https://tls.mbed.org/api/ssl_8h.html#a38e2b400d361f42f85833cdc30b3916e, the callback must return the number of bytes sent if any, or a non-zero error code.

To fix that, just return -1 or simply remove the else-if-clause.
@butok
Copy link
Owner

butok commented May 3, 2021
edited

Guess, you are right:

New version of the send function:

/************************************************************************
* Write callback
************************************************************************/
static int _fnet_tls_mbedtls_send(void *ctx, unsigned char const *buf, size_t len)
{
    int result;

    fnet_service_mutex_lock();

    /* The callback must return the number of bytes sent if any, or a non-zero error code. */
    result = fnet_socket_send((fnet_socket_t)ctx, buf, len, 0);

    FNET_DEBUG_TLS("TLS: TX(%d) %d", len, result);

    fnet_service_mutex_unlock();

    return result;
}

What about the receive function? Guess, it is valid for it too.

static int _fnet_tls_mbedtls_recv(void *ctx, unsigned char *buf, size_t len)
{
    fnet_ssize_t result;

    fnet_service_mutex_lock();

    result = fnet_socket_recv((fnet_socket_t)ctx, buf, len, 0);

    /* The callback must return the number of bytes received, or a non-zero error code. If performing non-blocking I/O, 
      MBEDTLS_ERR_SSL_WANT_READ must be returned when the operation would block.*/
    if(result == 0)
    {
        result = MBEDTLS_ERR_SSL_WANT_READ;
    }
    else if(result == FNET_ERR)
    {
#if 0 /* result should contain a non-zero error code */
        result = 0; /* Close connection.*/
#endif
    }
    else
    {
        FNET_DEBUG_TLS("TLS: RX(%d) %d", len, result);
    }

    fnet_service_mutex_unlock();

    return result;
}

Are you OK with this version of functions?

@Rastloser
Copy link
Author

Sorry, I missed the notification, but that will do - at least it's working for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@butok @Rastloser