Unexpected EOF handling
kurt at roeckx.be
Fri May 8 10:42:59 UTC 2020
On Fri, May 08, 2020 at 01:27:00PM +0300, Dmitry Belyavsky wrote:
> On Fri, May 8, 2020 at 1:10 PM Kurt Roeckx <kurt at roeckx.be> wrote:
> > So I think the suggestion is to have this:
> > - By default, SSL_ERROR_SSL is returned with
> > SSL_R_UNEXPECTED_EOF_WHILE_READING, the session will be
> > marked invalid.
> > - With an option, SSL_ERROR_ZERO_RETURN is returned, the session
> > will stay valid.
> If I remember correctly, session resumption is a way to significantly
> reduce a server's workload.
> So I think that by default (and maybe the only option) we should prefer the
> old behaviour.
If it's a fatal error, the session should be marked as bad. So if
you want that by default we don't mark is as bad, the default
should be that it's a non-fatal error, and we don't want to return
SSL_ERROR_ZERO_RETURN by default.
SSL_ERROR_SYSCALL with errno 0 does not look like a good long term
API to indicate a non-fatal error. And a different error is
also not what people want.
More information about the openssl-project