From f3d758b0f79743e17123560508cd59a63b8607c1 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Wed, 22 Mar 2017 22:47:04 +1030 Subject: Use new TlsNoCloseNotifyException instead of generic EndOfStreamException - New exception only used for this specific case, which should simplify the handling of possible truncations in application code. --- crypto/src/crypto/tls/TlsNoCloseNotifyException.cs | 19 +++++++++++++++++++ crypto/src/crypto/tls/TlsProtocol.cs | 4 +--- 2 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 crypto/src/crypto/tls/TlsNoCloseNotifyException.cs (limited to 'crypto/src') diff --git a/crypto/src/crypto/tls/TlsNoCloseNotifyException.cs b/crypto/src/crypto/tls/TlsNoCloseNotifyException.cs new file mode 100644 index 000000000..72159ba47 --- /dev/null +++ b/crypto/src/crypto/tls/TlsNoCloseNotifyException.cs @@ -0,0 +1,19 @@ +using System; +using System.IO; + +namespace Org.BouncyCastle.Crypto.Tls +{ + /// + /// This exception will be thrown(only) when the connection is closed by the peer without sending a + /// close_notify warning alert. + /// + /// + /// If this happens, the TLS protocol cannot rule out truncation of the connection data (potentially + /// malicious). It may be possible to check for truncation via some property of a higher level protocol + /// built upon TLS, e.g.the Content-Length header for HTTPS. + /// + public class TlsNoCloseNotifyException + : EndOfStreamException + { + } +} diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs index 6d5c93f40..98c6399d3 100644 --- a/crypto/src/crypto/tls/TlsProtocol.cs +++ b/crypto/src/crypto/tls/TlsProtocol.cs @@ -488,9 +488,7 @@ namespace Org.BouncyCastle.Crypto.Tls { if (!mRecordStream.ReadRecord()) { - // TODO It would be nicer to allow graceful connection close if between records - // this.FailWithError(AlertLevel.warning, AlertDescription.close_notify); - throw new EndOfStreamException(); + throw new TlsNoCloseNotifyException(); } } catch (TlsFatalAlert e) -- cgit 1.5.1