ircd/listener: return a fatal TLS alert for early rejected TLS clients #412
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jillest
reviewed
Jun 16, 2023
aaronmdjones
force-pushed
the
amdj/rejectcache-tls-alert
branch
2 times, most recently
from
764eef4
to
beecb81
Compare
TwinUsers
approved these changes
Jul 17, 2023
aaronmdjones
force-pushed
the
amdj/rejectcache-tls-alert
branch
from
c3e0714
to
4fdbce4
Compare
dwfreed
requested changes
Nov 7, 2023
aaronmdjones
force-pushed
the
amdj/rejectcache-tls-alert
branch
from
4fdbce4
to
797a84b
Compare
This is in furtherance of commit 3fdf26a which added functionality to reply with a TLS record layer alert for D-Lined TLS clients. It turns out that there are other plaintext error messages in this same function that should receive the same treatment. Also move another error string to a variable and use a compile-time optimised-out strlen for it too, to use the same approach as an existing error string. Finally, use a different alert (internal_error) for the case where IRCd is simply unable to accept more connections.
aaronmdjones
force-pushed
the
amdj/rejectcache-tls-alert
branch
from
797a84b
to
2087ec6
Compare
dwfreed
approved these changes
Nov 7, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is in furtherance of commit 3fdf26a which added functionality to reply with a TLS record layer alert for D-Lined TLS clients. It turns out that there are other plaintext error messages in this same function that should receive the same treatment.
Also move another error string to a variable and use a compile-time optimised-out strlen for it too, to use the same approach as an existing error string.