summaryrefslogtreecommitdiff
path: root/Libraries/LibTLS/Record.cpp
diff options
context:
space:
mode:
authorLuke <luke.wilde@live.co.uk>2020-10-25 21:09:10 +0000
committerAndreas Kling <kling@serenityos.org>2020-10-26 08:59:57 +0100
commit63a94deb43f93f014de76913fd46d4a35ecdfe4d (patch)
tree2191225b046dc5380012f0e25ec512bede885574 /Libraries/LibTLS/Record.cpp
parent328e481ee97897ea3cc0c915e0a8d5e1b94171bc (diff)
downloadserenity-63a94deb43f93f014de76913fd46d4a35ecdfe4d.zip
LibTLS: Treat a close_notify before agreeing on a cipher suite as a handshake failure
Some TLS implementations (namely, AWS CloudFront) do this instead of sending handshake_failure for some reason.
Diffstat (limited to 'Libraries/LibTLS/Record.cpp')
-rw-r--r--Libraries/LibTLS/Record.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/Libraries/LibTLS/Record.cpp b/Libraries/LibTLS/Record.cpp
index f061c5500a..7350ae09d5 100644
--- a/Libraries/LibTLS/Record.cpp
+++ b/Libraries/LibTLS/Record.cpp
@@ -315,6 +315,12 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
res += 2;
alert(AlertLevel::Critical, AlertDescription::CloseNotify);
m_context.connection_finished = true;
+ if (!m_context.cipher_spec_set) {
+ // AWS CloudFront hits this.
+ dbg() << "Server sent a close notify and we haven't agreed on a cipher suite. Treating it as a handshake failure.";
+ m_context.critical_error = (u8)AlertDescription::HandshakeFailure;
+ try_disambiguate_error();
+ }
}
m_context.error_code = (Error)code;
}