[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] How to set "allow_dirty_shutdown" for SSL?



On Mon, Jan 11, 2010 at 12:28 PM, Joachim Bauch <jojo@xxxxxxxxxxx> wrote:
> Hello,
>
> I have a SSL-aware server using libevent 2.0.3. For most clients
> that are disconnecting, "be_openssl_eventcb" is called with an event
> of "BEV_EVENT_EOF", triggering a "BEV_EVENT_ERROR" in my application
> callback due to "allow_dirty_shutdown" being empty.
>
> There seems to be no way to set this flag from anywhere (application
> or inside libevent), is this intentional or just a missing feature?

At this point, I don't recall whether I started adding that feature
and didn't finish, or started removing it and didn't finish.  :/

The SSL clean-shutdown protocol exists so that you can tell the
difference between the other side closing the connection correctly,
and an attacker forcing the connection to close.  For some protocols
(like ones that use a close to indicate the end of a data object) this
can matter, since otherwise you have no way to tell whether the other
side meant to stop sending you data, or whether it got cut off.  If
you've got one of those protocols, treating a broken connection the
same way as a closed connection is a big security hole.  You might as
well downgrade to SSL2. ;)

On the other hand, there should be _some_ way of detecting and
reporting a dirty shutdown more detectable.  Instead of having an
allow_dirty_shutdown flag, maybe there should be a got_dirty_shutdown
flag that the user can check when getting an SSL error.  (There
doesn't seem to be a particular OpenSSL error that gets set in this
case, so I don't expect that calling bufferevent_get_openssl_error
would do any good.)

hth,
-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.