Opened 9 years ago
Last modified 8 years ago
#9261 new Bugs
ssl alert are not being sent during handshake failure
| Reported by: | Owned by: | chris_kohlhoff | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | asio |
| Version: | Boost 1.54.0 | Severity: | Problem |
| Keywords: | alert, ssl | Cc: |
Description
According to the SSL protocol alert messages should (and must) be sent under certain circumstances if SSL-handshake fails. When inspecting the network traffic with wireshark during SSL-handshake failure it seems like these messages are being sent.
When debugging asio and OpenSSL one can see that OpenSSL do indeed write alert messages (as expected) to the buffers asio has set up, but asio do not write them to the socket.
If SSL-handshake fails, OpenSSL writes alert message to asio buffers AND sets error code to SSL_ERROR_SSL. The function perform in the source code file asio/ssl/detail/impl/engine.ipp returns want_nothing if error is SSL_ERROR_SSL, which causes asio not to write data to the socket.
This is tested on CentOS 6.4 x86_64.
code to set up ssl client/server handshake failure