[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lynx-dev] lynx 2.8.8-dev15 and SSL fatal-level alerts

From: mancha
Subject: [Lynx-dev] lynx 2.8.8-dev15 and SSL fatal-level alerts
Date: Tue, 14 May 2013 20:15:42 +0000

Hello Thomas et al.

While stress-testing SSL/TLS server/client configurations, I
triggered buggy(?) lynx behavior (all tests done on lynx

My server, which sends a fatal-level unrecognized_name alert
and continues with server hello, hangs lynx.

The culprit is lynx's SSLv23 fall-back code that only closes the
TCP/IP socket and frees the SSL structure before re-trying with
SSL2/3 when we're tunneled (HTTP.c).

Is there a reason for this?

734         if (try_tls) {
735             _HTProgress(gettext("Retrying connection without 
736             try_tls = FALSE;
737             if (did_connect)
738                 HTTP_NETCLOSE(s, handle);
739             goto try_again;

By the time we reach the code above, SSL_connect has returned
SSL_ERROR_SSL with "tlsv1 unrecognized name" in the queue.

My server is intentionally out-of-spec as it should terminate
the connection upon sending a fatal error yet lynx should do the
same upon reception. These conditions, therefore, qualify as a
true corner case.

The following small change prevents the hang.

@@ -734,8 +734,7 @@ static int HTLoadHTTP(const char *arg,
            if (try_tls) {
                _HTProgress(gettext("Retrying connection without 
                try_tls = FALSE;
-               if (did_connect)         
-                   HTTP_NETCLOSE(s, handle);
+               HTTP_NETCLOSE(s,handle);
                goto try_again;
            } else {

Sorry I broke the internets.



stack at "hang":

0 __read_nocancel () from /lib/
1 ?? () from /lib/
2 BIO_read () from /lib/
3 ssl23_read_bytes () from /lib/
4 ssl23_connect () from /lib/
5 SSL_connect () from /lib/
6 HTLoadHTTP ()
7 HTLoad ()

reply via email to

[Prev in Thread] Current Thread [Next in Thread]