File 4161-ssl-Correct-own-alert-handling.patch of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 4161-ssl-Correct-own-alert-handling.patch of Package erlang

From 75666c4d517bbfdfdbd079a60e468de58e500114 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 4 Oct 2024 11:50:54 +0200
Subject: [PATCH] ssl: Correct own alert handling

When making ssl application environment setting alert_timeout,
to allow user to configure this value,
the own_alrt timeout handling became broken.
---
 lib/ssl/src/ssl_gen_statem.erl     |  6 +++---
 lib/ssl/src/tls_gen_connection.erl | 17 +++++++----------
 2 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/lib/ssl/src/ssl_gen_statem.erl b/lib/ssl/src/ssl_gen_statem.erl
index eed0025ad7..acc7e81f7c 100644
--- a/lib/ssl/src/ssl_gen_statem.erl
+++ b/lib/ssl/src/ssl_gen_statem.erl
@@ -1161,9 +1161,9 @@ terminate({shutdown, own_alert}, _StateName, #state{
     handle_trusted_certs_db(State),
     case application:get_env(ssl, alert_timeout) of
 	{ok, Timeout} when is_integer(Timeout) ->
-	    Connection:close({timeout, Timeout}, Socket, Transport, undefined);
+	    Connection:close({close, Timeout}, Socket, Transport, undefined);
 	_ ->
-	    Connection:close({timeout, ?DEFAULT_TIMEOUT}, Socket, Transport, undefined)
+	    Connection:close({close, ?DEFAULT_TIMEOUT}, Socket, Transport, undefined)
     end;
 terminate(Reason, connection, #state{static_env = #static_env{
                                                      protocol_cb = Connection,
@@ -1176,7 +1176,7 @@ terminate(Reason, connection, #state{static_env = #static_env{
     Alert = terminate_alert(Reason),
     %% Send the termination ALERT if possible
     catch Connection:send_alert_in_connection(Alert, State),
-    Connection:close({timeout, ?DEFAULT_TIMEOUT}, Socket, Transport, ConnectionStates);
+    Connection:close({close, ?DEFAULT_TIMEOUT}, Socket, Transport, ConnectionStates);
 terminate(Reason, _StateName, #state{static_env = #static_env{transport_cb = Transport,
                                                               protocol_cb = Connection,
                                                               socket = Socket}
diff --git a/lib/ssl/src/tls_gen_connection.erl b/lib/ssl/src/tls_gen_connection.erl
index 940666f104..fc5bb22ec0 100644
--- a/lib/ssl/src/tls_gen_connection.erl
+++ b/lib/ssl/src/tls_gen_connection.erl
@@ -535,15 +535,6 @@ send_sync_alert(
 
 %% User closes or recursive call!
 close({close, Timeout}, Socket, Transport = gen_tcp, _) ->
-    tls_socket:setopts(Transport, Socket, [{active, false}]),
-    Transport:shutdown(Socket, write),
-    _ = Transport:recv(Socket, 0, Timeout),
-    ok;
-%% Peer closed socket
-close({shutdown, transport_closed}, Socket, Transport = gen_tcp, ConnectionStates) ->
-    close({close, 0}, Socket, Transport, ConnectionStates);
-%% We generate fatal alert
-close({shutdown, own_alert}, Socket, Transport = gen_tcp, ConnectionStates) ->
     %% Standard trick to try to make sure all
     %% data sent to the tcp port is really delivered to the
     %% peer application before tcp port is closed so that the peer will
@@ -552,7 +543,13 @@ close({shutdown, own_alert}, Socket, Transport = gen_tcp, ConnectionStates) ->
     %% e.g. we do not want to hang if something goes wrong
     %% with the network but we want to maximise the odds that
     %% peer application gets all data sent on the tcp connection.
-    close({close, ?DEFAULT_TIMEOUT}, Socket, Transport, ConnectionStates);
+    tls_socket:setopts(Transport, Socket, [{active, false}]),
+    Transport:shutdown(Socket, write),
+    _ = Transport:recv(Socket, 0, Timeout),
+    ok;
+%% Peer closed socket
+close({shutdown, transport_closed}, Socket, Transport = gen_tcp, ConnectionStates) ->
+    close({close, 0}, Socket, Transport, ConnectionStates);
 %% Other
 close(_, Socket, Transport, _) ->
     tls_socket:close(Transport, Socket).
-- 
2.43.0

Places

File 4161-ssl-Correct-own-alert-handling.patch of Package erlang

Places