Document the revert of the proper reporting of an unexpected EOF

Reviewed-by: N Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11400)

Document the revert of the proper reporting of an unexpected EOF
Reviewed-by: N Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11400)
0cd2ee64 · Tomas Mraz · 30d190ca · 0cd2ee64 · 0cd2ee64 · 0cd2ee64
隐藏空白更改
内联并排

Showing with 22 addition and 1 deletion

CHANGES CHANGES +7 -0

NEWS NEWS +3 -1

doc/man3/SSL_get_error.pod doc/man3/SSL_get_error.pod +12 -0

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,13 @@

 Changes between 1.1.1e and 1.1.1f [xx XXX xxxx]

+  *) Revert the change of EOF detection while reading in libssl to avoid
+     regressions in applications depending on the current way of reporting
+     the EOF. As the existing method is not fully accurate the change to
+     reporting the EOF via SSL_ERROR_SSL is kept on the current development
+     branch and will be present in the 3.0 release.
+     [Tomas Mraz]
+
  *) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1
     when primes for RSA keys are computed.
     Since we previously always generated primes == 2 (mod 3) for RSA keys,

--- a/NEWS
+++ b/NEWS
@@ -7,12 +7,14 @@

  Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development]

-      o
+      o Revert the unexpected EOF reporting via SSL_ERROR_SSL

  Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]

      o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
        used in exponentiation with 512-bit moduli (CVE-2019-1551)
+      o Properly detect unexpected EOF while reading in libssl and report
+        it via SSL_ERROR_SSL

  Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]


--- a/doc/man3/SSL_get_error.pod
+++ b/doc/man3/SSL_get_error.pod
@@ -155,6 +155,18 @@ connection and SSL_shutdown() must not be called.

 =back

+=head1 BUGS
+
+The B<SSL_ERROR_SYSCALL> with B<errno> value of 0 indicates unexpected EOF from
+the peer. This will be properly reported as B<SSL_ERROR_SSL> with reason
+code B<SSL_R_UNEXPECTED_EOF_WHILE_READING> in the OpenSSL 3.0 release because
+it is truly a TLS protocol error to terminate the connection without
+a SSL_shutdown().
+
+The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications
+which choose to ignore this protocol error depend on the existing way of
+reporting the error.
+
 =head1 SEE ALSO

 L<ssl(7)>