D 2023-11-10T18:31:52.245
J foundin 1.7.22
J icomment OpenSSL\s3.0\sintroduced\sa\snew\sssl\soption\s`SSL_OP_IGNORE_UNEXPECTED_EOF`.\s\sIf\sthis\sis\snot\sset,\sand\sOpenSSL\sreceives\san\sunexpected\sEOF,\sit\sis\streated\sas\sa\sfatal\serror.\s\sTclTLS\sdoes\snot\sset\sthis,\swhich\scan\slead\sdo\sunexpected\serrors.\s\sFor\sexample:\r\n\r\n\t$\scat\s/space/azazel/tmp/test/tlstest.tcl\r\n\t#!/bin/sh\r\n\t#\\\r\n\texec\stclsh8.6\s"$0"\s${1+"$@"}\r\n\r\n\tpackage\srequire\stls\r\n\r\n\tproc\smain\shost\s{\r\n\r\n\t\s\s\s\sglobal\sdone\r\n\r\n\t\s\s\s\sset\sreq\s[subst\s{\r\n\tGET\s/\sHTTP/1.1\r\n\tHost:\s$host\r\n\tConnection:\sclose\s\s\s\s\r\n\r\n\t}]\r\n\r\n\t\s\s\s\sset\ss\s[socket\s$host\s443]\r\n\r\n\t\s\s\s\stls::import\s$s\s-require\s0\s-ssl2\s0\s-ssl3\s0\s-tls1\s1\s-servername\s$host\r\n\r\n\t\s\s\s\stls::handshake\s$s\r\n\r\n\t\s\s\s\sfconfigure\s$s\s-translation\scrlf\s-blocking\s0\s-buffering\snone\r\n\r\n\t\s\s\s\sputs\s-nonewline\s$s\s$req\r\n\r\n\t\s\s\s\sset\sdone\s0\r\n\r\n\t\s\s\s\sfileevent\s$s\sreadable\s[list\sread_response\s$s]\r\n\r\n\t\s\s\s\svwait\sdone\r\n\r\n\t\s\s\s\sclose\s$s\r\n\r\n\t}\r\n\r\n\tproc\sread_response\ss\s{\r\n\r\n\t\s\s\s\sglobal\sdone\r\n\r\n\t\s\s\s\swhile\s1\s{\r\n\r\n\t\s\s\s\s\s\s\s\sif\s{\s[eof\s$s]\s}\s{\r\n\t\s\s\s\s\s\s\s\s\s\s\s\sputs\sstderr\s"read_response:\sgot\sEOF"\r\n\t\s\s\s\s\s\s\s\s\s\s\s\sset\sdone\s1\r\n\t\s\s\s\s\s\s\s\s\s\s\s\sbreak\r\n\t\s\s\s\s\s\s\s\s}\r\n\r\n\t\s\s\s\s\s\s\s\sif\s{\s[catch\s{\sset\sresp\s[read\s$s]\s}\serror]\s}\s{\r\n\t\s\s\s\s\s\s\s\s\s\s\s\sputs\sstderr\s"read_response:\serror\s=\s$error"\r\n\t\s\s\s\s\s\s\s\s\s\s\s\sset\sdone\s1\r\n\t\s\s\s\s\s\s\s\s\s\s\s\sbreak\r\n\t\s\s\s\s\s\s\s\s}\r\n\r\n\t\s\s\s\s\s\s\s\sputs\sstderr\s"read_response:\s$resp"\r\n\r\n\t\s\s\s\s\s\s\s\sif\s{\s[fblocked\s$s]\s}\s{\r\n\t\s\s\s\s\s\s\s\s\s\s\s\sbreak\r\n\t\s\s\s\s\s\s\s\s}\r\n\r\n\t\s\s\s\s}\r\n\r\n\t\s\s\s\sif\s{\s$done\s}\s{\r\n\t\s\s\s\s\s\s\s\sfileevent\s$s\sreadable\s[list]\r\n\t\s\s\s\s}\r\n\r\n\t}\r\n\r\n\tmain\s[lindex\s$argv\s0]\r\n\t$\s/space/azazel/tmp/test/tlstest.tcl\sgoogle.com\r\n\tread_response:\sHTTP/1.1\s301\sMoved\sPermanently\r\n\tLocation:\shttps://www.google.com/\r\n\tContent-Type:\stext/html;\scharset=UTF-8\r\n\tContent-Security-Policy-Report-Only:\sobject-src\s'none';base-uri\s'self';script-src\s'nonce-RriZ0vurw26vE_UywsmQQg'\s'strict-dynamic'\s'report-sample'\s'unsafe-eval'\s'unsafe-inline'\shttps:\shttp:;report-uri\shttps://csp.withgoogle.com/csp/gws/other-hp\r\n\tDate:\sFri,\s10\sNov\s2023\s18:16:14\sGMT\r\n\tExpires:\sFri,\s10\sNov\s2023\s18:16:14\sGMT\r\n\tCache-Control:\sprivate,\smax-age=2592000\r\n\tServer:\sgws\r\n\tContent-Length:\s220\r\n\tX-XSS-Protection:\s0\r\n\tX-Frame-Options:\sSAMEORIGIN\r\n\tSet-Cookie:\sCONSENT=PENDING+895;\sexpires=Sun,\s09-Nov-2025\s18:16:14\sGMT;\spath=/;\sdomain=.google.com;\sSecure\r\n\tP3P:\sCP="This\sis\snot\sa\sP3P\spolicy!\sSee\sg.co/p3phelp\sfor\smore\sinfo."\r\n\tAlt-Svc:\sh3=":443";\sma=2592000,h3-29=":443";\sma=2592000\r\n\tConnection:\sclose\r\n\r\n\t<HTML><HEAD><meta\shttp-equiv="content-type"\scontent="text/html;charset=utf-8">\r\n\t<TITLE>301\sMoved</TITLE></HEAD><BODY>\r\n\t<H1>301\sMoved</H1>\r\n\tThe\sdocument\shas\smoved\r\n\t<A\sHREF="https://www.google.com/">here</A>.\r\n\t</BODY></HTML>\r\n\r\n\tread_response:\serror\s=\serror\sreading\s"sock560f01ccd5c0":\ssoftware\scaused\sconnection\sabort\r\n\r\nSetting\sthe\soption:\r\n\r\n\t$\sfossil\sdiff\r\n\tIndex:\stls.c\r\n\t==================================================================\r\n\t---\stls.c\r\n\t+++\stls.c\r\n\t@@\s-1212,10\s+1212,13\s@@\r\n\t\s#endif\r\n\t\s\s\s\s\s\r\n\t\s\s\s\s\sSSL_CTX_set_app_data(\sctx,\s(VOID*)interp);\s/*\sremember\sthe\sinterpreter\s*/\r\n\t\s\s\s\s\sSSL_CTX_set_options(\sctx,\sSSL_OP_ALL);\s\s\s\s\s/*\sall\sSSL\sbug\sworkarounds\s*/\r\n\t\s\s\s\s\sSSL_CTX_set_options(\sctx,\soff);\s\s\s\s/*\sall\sSSL\sbug\sworkarounds\s*/\r\n\t+#ifdef\sSSL_OP_IGNORE_UNEXPECTED_EOF\r\n\t+\s\s\s\sSSL_CTX_set_options(\sctx,\sSSL_OP_IGNORE_UNEXPECTED_EOF);\r\n\t+#endif\r\n\t\s\s\s\s\sSSL_CTX_sess_set_cache_size(\sctx,\s128);\r\n\t\s\r\n\t\s\s\s\s\sif\s(ciphers\s!=\sNULL)\r\n\t\s\s\s\s\s\s\s\sSSL_CTX_set_cipher_list(ctx,\sciphers);\r\n\t\s\r\n\r\ncauses\sthe\sEOF\sto\sbe\shandled\sas\sexpected:\r\n\r\n\t$\s/space/azazel/tmp/test/tlstest.tcl\sgoogle.com\r\n\tread_response:\sHTTP/1.1\s301\sMoved\sPermanently\r\n\tLocation:\shttps://www.google.com/\r\n\tContent-Type:\stext/html;\scharset=UTF-8\r\n\tContent-Security-Policy-Report-Only:\sobject-src\s'none';base-uri\s'self';script-src\s'nonce-GtEz85sCnLQF8adC4dzohw'\s'strict-dynamic'\s'report-sample'\s'unsafe-eval'\s'unsafe-inline'\shttps:\shttp:;report-uri\shttps://csp.withgoogle.com/csp/gws/other-hp\r\n\tDate:\sFri,\s10\sNov\s2023\s18:24:57\sGMT\r\n\tExpires:\sFri,\s10\sNov\s2023\s18:24:57\sGMT\r\n\tCache-Control:\sprivate,\smax-age=2592000\r\n\tServer:\sgws\r\n\tContent-Length:\s220\r\n\tX-XSS-Protection:\s0\r\n\tX-Frame-Options:\sSAMEORIGIN\r\n\tSet-Cookie:\sCONSENT=PENDING+011;\sexpires=Sun,\s09-Nov-2025\s18:24:57\sGMT;\spath=/;\sdomain=.google.com;\sSecure\r\n\tP3P:\sCP="This\sis\snot\sa\sP3P\spolicy!\sSee\sg.co/p3phelp\sfor\smore\sinfo."\r\n\tAlt-Svc:\sh3=":443";\sma=2592000,h3-29=":443";\sma=2592000\r\n\tConnection:\sclose\r\n\r\n\t<HTML><HEAD><meta\shttp-equiv="content-type"\scontent="text/html;charset=utf-8">\r\n\t<TITLE>301\sMoved</TITLE></HEAD><BODY>\r\n\t<H1>301\sMoved</H1>\r\n\tThe\sdocument\shas\smoved\r\n\t<A\sHREF="https://www.google.com/">here</A>.\r\n\t</BODY></HTML>\r\n\r\n\tread_response:\s\r\n\tread_response:\sgot\sEOF
J login azazel
J mimetype text/x-markdown
J private_contact 9d965027c1a2010214d27bd515f0b83d3d8fa951
J severity Important
J status Open
J title Unexpected\sEOF's\streated\sas\serrors\sby\sopenssl\s3.0
J type Code\sDefect
K c5811f0d433d34ca16ccecdec10fb61e2f3ba657
U azazel
Z 9df6029d561d59850027cc0560c8ac02