Skip to content

Commit 3e29c8e

Browse files
committed
AsioTlsStream: add GracefulDisconnect() and ForceDisconnect()
Calling `AsioTlsStream::async_shutdown()` performs a TLS shutdown which exchanges messages (that's why it takes a `yield_context`) and thus has the potential to block the coroutine. Therefore, it should be protected with a timeout. As `async_shutdown()` doesn't simply take a timeout, this has to be implemented using a timer. So far, these timers are scattered throughout the codebase with some places missing them entirely. This commit adds helper functions to properly shutdown a TLS connection with a single function call.
1 parent a85c188 commit 3e29c8e

File tree

2 files changed

+46
-0
lines changed

2 files changed

+46
-0
lines changed

lib/base/tlsstream.cpp

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
#include "base/logger.hpp"
88
#include "base/configuration.hpp"
99
#include "base/convert.hpp"
10+
#include "base/io-engine.hpp"
1011
#include <boost/asio/ssl/context.hpp>
1112
#include <boost/asio/ssl/verify_context.hpp>
1213
#include <boost/asio/ssl/verify_mode.hpp>
@@ -103,3 +104,45 @@ void UnbufferedAsioTlsStream::BeforeHandshake(handshake_type type)
103104
}
104105
#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
105106
}
107+
108+
/**
109+
* Forcefully close the connection, typically (details are up to the operating system) using a TCP RST.
110+
*/
111+
void AsioTlsStream::ForceDisconnect()
112+
{
113+
boost::system::error_code ec;
114+
115+
// Close the socket. In case the connection wasn't shut down cleanly by GracefulDisconnect(), the operating system
116+
// will typically terminate the connection with a TCP RST. Otherwise, this just releases the file descriptor.
117+
lowest_layer().close(ec);
118+
}
119+
120+
/**
121+
* Try to cleanly shut down the connection. This involves sending a TLS close_notify shutdown alert and terminating the
122+
* underlying TCP connection. Sending these additional messages can block, hence the method takes a yield context and
123+
* internally implements a timeout of 10 seconds for the operation after which the connection is forcefully terminated
124+
* using ForceDisconnect().
125+
*
126+
* @param strand Asio strand used for other operations on this connection.
127+
* @param yc Yield context for Asio coroutines
128+
*/
129+
void AsioTlsStream::GracefulDisconnect(boost::asio::io_context::strand strand, boost::asio::yield_context yc)
130+
{
131+
boost::system::error_code ec;
132+
133+
Timeout::Ptr shutdownTimeout(new Timeout(strand.context(), strand, boost::posix_time::seconds(10),
134+
[this, keepAlive = AsioTlsStream::Ptr(this)](boost::asio::yield_context yc) {
135+
// Forcefully terminate the connection if async_shutdown() blocked more than 10 seconds.
136+
ForceDisconnect();
137+
}
138+
));
139+
// Close the TLS connection, effectively uses SSL_shutdown() to send a close_notify shutdown alert to the peer.
140+
next_layer().async_shutdown(yc[ec]);
141+
shutdownTimeout->Cancel();
142+
143+
// Shut down the TCP connection.
144+
lowest_layer().shutdown(lowest_layer_type::shutdown_both, ec);
145+
146+
// Clean up the connection (closes the file descriptor).
147+
ForceDisconnect();
148+
}

lib/base/tlsstream.hpp

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,6 +118,9 @@ class AsioTlsStream : public SharedObject, public boost::asio::buffered_stream<U
118118
return new AsioTlsStream(ioContext, sslContext, hostname);
119119
}
120120

121+
void ForceDisconnect();
122+
void GracefulDisconnect(boost::asio::io_context::strand strand, boost::asio::yield_context yc);
123+
121124
private:
122125
inline
123126
AsioTlsStream(UnbufferedAsioTlsStreamParams init)

0 commit comments

Comments
 (0)