tls: improve handling of shutdown · nodejs/node@3b5b893 · GitHub
Skip to content

Commit 3b5b893

Browse files
vtjnashmmomtchev
authored and
danielleadams
committed
tls: improve handling of shutdown
RFC 5246 section-7.2.1 requires that the implementation must immediately stop reading from the stream, as it is no longer TLS-encrypted. The underlying stream is permitted to still pump events (and errors) to other users, but those are now unencrypted, so we should not process them here. But therefore, we do not want to stop the underlying stream, as there could be another user of it, but we do need to remove ourselves as a listener. Per TLS v1.2, we should have also destroy the TLS state entirely here (including the writing side), but this was revised in TLS v1.3 to permit the stream to continue to flush output. There appears to be some inconsistencies in the way nodejs handles ownership of the underlying stream, with `TLS.close()` on the write side also calling shutdown on the underlying stream (thus assuming other users of the underlying stream are not permitted), while receiving EOF on the read side leaves the underlying channel open. These inconsistencies are left for a later person to resolve, if the extra functionality is needed (as described in #35904). The current goal here is to the fix the occasional CI exceptions depending on the timing of these kernel messages through the TCP stack. PR-URL: #36111 Fixes: #35946 Refs: libuv/libuv#3036 Refs: #35904 Co-authored-by: Momtchil Momtchev <momtchil@momtchev.com> Reviewed-By: Robert Nagy <ronagy@icloud.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
1 parent 2c28f86 commit 3b5b893

3 files changed

Lines changed: 13 additions & 23 deletions

File tree

lib/_http_client.js

Lines changed: 0 additions & 5 deletions

lib/internal/stream_base_commons.js

Lines changed: 6 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -205,6 +205,12 @@ function onStreamRead(arrayBuffer) {
205205
return;
206206
}
207207

208+
// After seeing EOF, most streams will be closed permanently,
209+
// and will not deliver any more read events after this point.
210+
// (equivalently, it should have called readStop on itself already).
211+
// Some streams may be reset and explicitly started again with a call
212+
// to readStart, such as TTY.
213+
208214
if (nread !== UV_EOF) {
209215
// CallJSOnreadMethod expects the return value to be a buffer.
210216
// Ref: https://github.com/nodejs/node/pull/34375
@@ -220,20 +226,6 @@ function onStreamRead(arrayBuffer) {
220226
if (stream[kMaybeDestroy])
221227
stream.on('end', stream[kMaybeDestroy]);
222228

223-
// TODO(ronag): Without this `readStop`, `onStreamRead`
224-
// will be called once more (i.e. after Readable.ended)
225-
// on Windows causing a ECONNRESET, failing the
226-
// test-https-truncate test.
227-
if (handle.readStop) {
228-
const err = handle.readStop();
229-
if (err) {
230-
// CallJSOnreadMethod expects the return value to be a buffer.
231-
// Ref: https://github.com/nodejs/node/pull/34375
232-
stream.destroy(errnoException(err, 'read'));
233-
return;
234-
}
235-
}
236-
237229
// Push a null to signal the end of data.
238230
// Do it before `maybeDestroy` for correct order of events:
239231
// `end` -> `close`

src/crypto/crypto_tls.cc

Lines changed: 7 additions & 4 deletions

0 commit comments

Comments
 (0)