Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl: disallow reading/writing to unstarted SSL socket #469

Merged
merged 1 commit into from
Nov 1, 2021
Merged

ssl: disallow reading/writing to unstarted SSL socket #469

merged 1 commit into from
Nov 1, 2021

Conversation

rhenium
Copy link
Member

@rhenium rhenium commented Oct 24, 2021

OpenSSL::SSL::SSLSocket allowed #read and #write to be called before an
SSL/TLS handshake is completed. They passed unencrypted data to the
underlying socket.

This behavior is very odd to have in this library. A verbose mode
warning "SSL session is not started yet" was emitted whenever this
happened. It also didn't behave well with OpenSSL::Buffering. Let's
just get rid of it.

Fixes: #9

@rhenium
ssl: disallow reading/writing to unstarted SSL socket
bf78074 
OpenSSL::SSL::SSLSocket allowed #read and #write to be called before an
SSL/TLS handshake is completed. They passed unencrypted data to the
underlying socket.

This behavior is very odd to have in this library. A verbose mode
warning "SSL session is not started yet" was emitted whenever this
happened. It also didn't behave well with OpenSSL::Buffering. Let's
just get rid of it.

Fixes: ruby#9
@rhenium rhenium merged commit c74362c into ruby:master Nov 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OpenSSL::SSL::SSLSocket writes plaintext to the wire unless #connect is called
1 participant
@rhenium