Switch to Unidirectional TLS shutdown (!21) · Merge requests · Toralf Wittner / cql-io

Kamek requested to merge kamek-pf/cql-io:tls-exception-fix into develop Aug 29, 2022

This is a fix for #26.

TLDR: Socket.close is called to cleanup resources, but it currently throws, at least in some cases.

The bidirectional shutdown leads to a first call to SSL_shutdown(3) in HsOpenSSL. At this point, the spec requires a second call, however this time we land here with a return code of -1.

According to the spec, this can happen because of an error at the protocol level, or when the connection fails. This is apparently what is happening in #26 when the remote closes a connection. Unidirectional shutdowns still tries do signal the remote that the connection should end, and it cannot throw. This is probably safer, as I don't think it is ever expected that the release end of a bracket can throw.

Edited Aug 29, 2022 by Kamek

Switch to Unidirectional TLS shutdown

Merge request reports