Skip to content

Ignore uncleanShutdown error when state is .head or .body #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Aug 15, 2019
Merged

Ignore uncleanShutdown error when state is .head or .body #77

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
38e1dc0
Ignore uncleanShutdown error when state is head or body
vkill Aug 8, 2019
9bb04b9
Add ignoreNIOSSLUncleanShutdownError to Configuration
vkill Aug 8, 2019
657ca22
Revert old HTTPClient.init founctions
vkill Aug 9, 2019
e8e0cf0
Run generate_linux_tests.rb
vkill Aug 9, 2019
5ebe406
Rename ignoreNIOSSLUncleanShutdownError to ignoreUncleanSSLShutdown
vkill Aug 14, 2019
df2981c
Merge branch 'master' into ignore-uncleanShutdown
artemredkin Aug 14, 2019
ddc6385
Make tests compatible with swift 5.0
vkill Aug 15, 2019
8dd90c9
Merge branch 'ignore-uncleanShutdown' of github.com:vkill/async-http-…
vkill Aug 15, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion Sources/AsyncHTTPClient/HTTPClient.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@ public class HTTPClient {
return channel.eventLoop.makeSucceededFuture(())
}
}.flatMap {
let taskHandler = TaskHandler(task: task, delegate: delegate, redirectHandler: redirectHandler)
let taskHandler = TaskHandler(task: task, delegate: delegate, redirectHandler: redirectHandler, ignoreNIOSSLUncleanShutdownError: self.configuration.ignoreNIOSSLUncleanShutdownError)
return channel.pipeline.addHandler(taskHandler)
}
}
Expand Down Expand Up @@ -276,19 +276,31 @@ public class HTTPClient {
public var timeout: Timeout
/// Upstream proxy, defaults to no proxy.
public var proxy: Proxy?
/// Ignore TLS unclean shutdown error, defaults to `false`.
public var ignoreNIOSSLUncleanShutdownError: Bool
Copy link
Contributor

@tomerd tomerd Aug 9, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

=> ignoreNIOSSLUncleanShutdownError is a mouthful imo, maybe ignoreUncleanSSLShutdown? or something even shorter if someone can come up with a suggestion?

=> what are the arguments for the default to be false vs. true?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’m in favour of a shorter name.

False is a good default because we already ignore it in the cases where it’s 100% safe to do so: setting this switch to true would ignore it in the cases where it potentially opens your application up to some theoretical risks.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe ignoreSSLUncleanShutdown?

Copy link
Contributor

@tomerd tomerd Aug 12, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ignoreUncleanSSLShutdown seems more natural? subjective obviously, so up to @artemredkin

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 for ignoreUncleanSSLShutdown

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tomerd It was renamed.


public init(tlsConfiguration: TLSConfiguration? = nil, followRedirects: Bool = false, timeout: Timeout = Timeout(), proxy: Proxy? = nil) {
self.init(tlsConfiguration: tlsConfiguration, followRedirects: followRedirects, timeout: timeout, proxy: proxy, ignoreNIOSSLUncleanShutdownError: false)
}

public init(tlsConfiguration: TLSConfiguration? = nil, followRedirects: Bool = false, timeout: Timeout = Timeout(), proxy: Proxy? = nil, ignoreNIOSSLUncleanShutdownError: Bool = false) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change needs to be done differently, I'm afraid. This is a breaking API change, as you are allowed to refer to functions in Swift by their complete set of labels, and this changes the set of labels here. You need to do this:

public init(tlsConfiguration: TLSConfiguration? = nil, followRedirects: Bool = false, timeout: Timeout = Timeout(), proxy: Proxy? = nil) {
    self.init(tlsConfiguration: tlsConfiguration, followRedirects: followRedirects, timeout: timeout, proxy: proxy, ignoreNIOSSLUncleanShutdownError: true)
}

public init(tlsConfiguration: TLSConfiguration? = nil, followRedirects: Bool = false, timeout: Timeout = Timeout(), proxy: Proxy? = nil, ignoreNIOSSLUncleanShutdownError: Bool) {
    self.tlsConfiguration = tlsConfiguration
    self.followRedirects = followRedirects
    self.timeout = timeout
    self.proxy = proxy
    self.ignoreNIOSSLUncleanShutdownError = ignoreNIOSSLUncleanShutdownError
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was reverted.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Lukasa we are not tagged 1.0.0 yet, do you think we can update the signature? It's unlikely imho that someone will be referencing those particular functions, wdyt?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, if we're not maintaining a stable API we can do that.

self.tlsConfiguration = tlsConfiguration
self.followRedirects = followRedirects
self.timeout = timeout
self.proxy = proxy
self.ignoreNIOSSLUncleanShutdownError = ignoreNIOSSLUncleanShutdownError
}

public init(certificateVerification: CertificateVerification, followRedirects: Bool = false, timeout: Timeout = Timeout(), proxy: Proxy? = nil) {
self.init(certificateVerification: certificateVerification, followRedirects: followRedirects, timeout: timeout, proxy: proxy, ignoreNIOSSLUncleanShutdownError: false)
}

public init(certificateVerification: CertificateVerification, followRedirects: Bool = false, timeout: Timeout = Timeout(), proxy: Proxy? = nil, ignoreNIOSSLUncleanShutdownError: Bool = false) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This requires a similar change as the one above: we need two functions, not one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was reverted too.

self.tlsConfiguration = TLSConfiguration.forClient(certificateVerification: certificateVerification)
self.followRedirects = followRedirects
self.timeout = timeout
self.proxy = proxy
self.ignoreNIOSSLUncleanShutdownError = ignoreNIOSSLUncleanShutdownError
}
}

Expand Down
8 changes: 7 additions & 1 deletion Sources/AsyncHTTPClient/HTTPHandler.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -426,15 +426,17 @@ internal class TaskHandler<T: HTTPClientResponseDelegate>: ChannelInboundHandler
let task: HTTPClient.Task<T.Response>
let delegate: T
let redirectHandler: RedirectHandler<T.Response>?
let ignoreNIOSSLUncleanShutdownError: Bool

var state: State = .idle
var pendingRead = false
var mayRead = true

init(task: HTTPClient.Task<T.Response>, delegate: T, redirectHandler: RedirectHandler<T.Response>?) {
init(task: HTTPClient.Task<T.Response>, delegate: T, redirectHandler: RedirectHandler<T.Response>?, ignoreNIOSSLUncleanShutdownError: Bool) {
self.task = task
self.delegate = delegate
self.redirectHandler = redirectHandler
self.ignoreNIOSSLUncleanShutdownError = ignoreNIOSSLUncleanShutdownError
}

func write(context: ChannelHandlerContext, data: NIOAny, promise: EventLoopPromise<Void>?) {
Expand Down Expand Up @@ -604,6 +606,10 @@ internal class TaskHandler<T: HTTPClientResponseDelegate>: ChannelInboundHandler
/// Some HTTP Servers can 'forget' to respond with CloseNotify when client is closing connection,
/// this could lead to incomplete SSL shutdown. But since request is already processed, we can ignore this error.
break
case .head where self.ignoreNIOSSLUncleanShutdownError,
.body where self.ignoreNIOSSLUncleanShutdownError:
/// We can also ignore this error like `.end`.
break
default:
self.state = .end
self.delegate.didReceiveError(task: self.task, error)
Expand Down
4 changes: 2 additions & 2 deletions Tests/AsyncHTTPClientTests/HTTPClientInternalTests.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ class HTTPClientInternalTests: XCTestCase {
let task = Task<Void>(eventLoop: channel.eventLoop)

try channel.pipeline.addHandler(recorder).wait()
try channel.pipeline.addHandler(TaskHandler(task: task, delegate: TestHTTPDelegate(), redirectHandler: nil)).wait()
try channel.pipeline.addHandler(TaskHandler(task: task, delegate: TestHTTPDelegate(), redirectHandler: nil, ignoreNIOSSLUncleanShutdownError: false)).wait()

var request = try Request(url: "http://localhost/get")
request.headers.add(name: "X-Test-Header", value: "X-Test-Value")
Expand All @@ -53,7 +53,7 @@ class HTTPClientInternalTests: XCTestCase {
let channel = EmbeddedChannel()
let delegate = TestHTTPDelegate()
let task = Task<Void>(eventLoop: channel.eventLoop)
let handler = TaskHandler(task: task, delegate: delegate, redirectHandler: nil)
let handler = TaskHandler(task: task, delegate: delegate, redirectHandler: nil, ignoreNIOSSLUncleanShutdownError: false)

try channel.pipeline.addHandler(handler).wait()

Expand Down
99 changes: 99 additions & 0 deletions Tests/AsyncHTTPClientTests/HTTPClientTestUtils.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,105 @@ internal final class HttpBinHandler: ChannelInboundHandler {
}
}

internal class HttpBinForSSLUncleanShutdown {
let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
let serverChannel: Channel

var port: Int {
return Int(self.serverChannel.localAddress!.port!)
}

init(channelPromise: EventLoopPromise<Channel>? = nil) {
self.serverChannel = try! ServerBootstrap(group: self.group)
.serverChannelOption(ChannelOptions.socket(SocketOptionLevel(SOL_SOCKET), SO_REUSEADDR), value: 1)
.childChannelOption(ChannelOptions.socket(IPPROTO_TCP, TCP_NODELAY), value: 1)
.childChannelInitializer { channel in
let requestDecoder = HTTPRequestDecoder()
return channel.pipeline.addHandler(ByteToMessageHandler(requestDecoder)).flatMap {
let configuration = TLSConfiguration.forServer(certificateChain: [.certificate(try! NIOSSLCertificate(buffer: cert.utf8.map(Int8.init), format: .pem))],
privateKey: .privateKey(try! NIOSSLPrivateKey(buffer: key.utf8.map(Int8.init), format: .pem)))
let context = try! NIOSSLContext(configuration: configuration)
return channel.pipeline.addHandler(try! NIOSSLServerHandler(context: context), name: "NIOSSLServerHandler", position: .first).flatMap {
channel.pipeline.addHandler(HttpBinForSSLUncleanShutdownHandler(channelPromise: channelPromise))
}
}
}.bind(host: "127.0.0.1", port: 0).wait()
}

func shutdown() {
try! self.group.syncShutdownGracefully()
}
}

internal final class HttpBinForSSLUncleanShutdownHandler: ChannelInboundHandler {
typealias InboundIn = HTTPServerRequestPart
typealias OutboundOut = ByteBuffer

let channelPromise: EventLoopPromise<Channel>?

init(channelPromise: EventLoopPromise<Channel>? = nil) {
self.channelPromise = channelPromise
}

func channelRead(context: ChannelHandlerContext, data: NIOAny) {
switch self.unwrapInboundIn(data) {
case .head(let req):
if let promise = self.channelPromise {
promise.succeed(context.channel)
}

let response: String?
switch req.uri {
case "/nocontentlength":
response = """
HTTP/1.1 200 OK\r\n\
Connection: close\r\n\
\r\n\
foo
"""
case "/nocontent":
response = """
HTTP/1.1 204 OK\r\n\
Connection: close\r\n\
\r\n
"""
case "/noresponse":
response = nil
case "/wrongcontentlength":
response = """
HTTP/1.1 200 OK\r\n\
Connection: close\r\n\
Content-Length: 6\r\n\
\r\n\
foo
"""
default:
response = """
HTTP/1.1 404 OK\r\n\
Connection: close\r\n\
Content-Length: 9\r\n\
\r\n\
Not Found
"""
}

if let response = response {
var buffer = context.channel.allocator.buffer(capacity: response.count)
buffer.writeString(response)
context.writeAndFlush(self.wrapOutboundOut(buffer), promise: nil)
}

_ = context.channel.pipeline.removeHandler(name: "NIOSSLServerHandler").map { _ in
context.close(promise: nil)
}
case .body:
()
case .end:
()
}
}
}

extension ByteBuffer {
public static func of(string: String) -> ByteBuffer {
var buffer = ByteBufferAllocator().buffer(capacity: string.count)
Expand Down
8 changes: 8 additions & 0 deletions Tests/AsyncHTTPClientTests/HTTPClientTests+XCTest.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,14 @@ extension HTTPClientTests {
("testProxyPlaintext", testProxyPlaintext),
("testProxyTLS", testProxyTLS),
("testUploadStreaming", testUploadStreaming),
("testNoContentLengthForSSLUncleanShutdown", testNoContentLengthForSSLUncleanShutdown),
("testNoContentLengthWithIgnoreErrorForSSLUncleanShutdown", testNoContentLengthWithIgnoreErrorForSSLUncleanShutdown),
("testCorrectContentLengthForSSLUncleanShutdown", testCorrectContentLengthForSSLUncleanShutdown),
("testNoContentForSSLUncleanShutdown", testNoContentForSSLUncleanShutdown),
("testNoResponseForSSLUncleanShutdown", testNoResponseForSSLUncleanShutdown),
("testNoResponseWithIgnoreErrorForSSLUncleanShutdown", testNoResponseWithIgnoreErrorForSSLUncleanShutdown),
("testWrongContentLengthForSSLUncleanShutdown", testWrongContentLengthForSSLUncleanShutdown),
("testWrongContentLengthWithIgnoreErrorForSSLUncleanShutdown", testWrongContentLengthWithIgnoreErrorForSSLUncleanShutdown),
]
}
}
138 changes: 138 additions & 0 deletions Tests/AsyncHTTPClientTests/HTTPClientTests.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import AsyncHTTPClient
import NIO
import NIOFoundationCompat
import NIOHTTP1
import NIOSSL
import XCTest

class HTTPClientTests: XCTestCase {
Expand Down Expand Up @@ -346,4 +347,141 @@ class HTTPClientTests: XCTestCase {
XCTAssertEqual(.ok, response.status)
XCTAssertEqual("12344321", data.data)
}

func testNoContentLengthForSSLUncleanShutdown() throws {
let httpBin = HttpBinForSSLUncleanShutdown()
let httpClient = HTTPClient(eventLoopGroupProvider: .createNew,
configuration: HTTPClient.Configuration(certificateVerification: .none))

defer {
try! httpClient.syncShutdown()
httpBin.shutdown()
}

XCTAssertThrowsError(try httpClient.get(url: "https://localhost:\(httpBin.port)/nocontentlength").wait(), "Should fail") { error in
guard case let error = error as? NIOSSLError, case .uncleanShutdown = error else {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use == instead of guard case.

return XCTFail("Should fail with NIOSSLError.uncleanShutdown")
}
}
}

func testNoContentLengthWithIgnoreErrorForSSLUncleanShutdown() throws {
let httpBin = HttpBinForSSLUncleanShutdown()
let httpClient = HTTPClient(eventLoopGroupProvider: .createNew,
configuration: HTTPClient.Configuration(certificateVerification: .none, ignoreNIOSSLUncleanShutdownError: true))

defer {
try! httpClient.syncShutdown()
httpBin.shutdown()
}

let response = try httpClient.get(url: "https://localhost:\(httpBin.port)/nocontentlength").wait()
let bytes = response.body.flatMap { $0.getData(at: 0, length: $0.readableBytes) }
let string = String(decoding: bytes!, as: UTF8.self)

XCTAssertEqual(.ok, response.status)
XCTAssertEqual("foo", string)
}

func testCorrectContentLengthForSSLUncleanShutdown() throws {
let httpBin = HttpBinForSSLUncleanShutdown()
let httpClient = HTTPClient(eventLoopGroupProvider: .createNew,
configuration: HTTPClient.Configuration(certificateVerification: .none))

defer {
try! httpClient.syncShutdown()
httpBin.shutdown()
}

let response = try httpClient.get(url: "https://localhost:\(httpBin.port)/").wait()
let bytes = response.body.flatMap { $0.getData(at: 0, length: $0.readableBytes) }
let string = String(decoding: bytes!, as: UTF8.self)

XCTAssertEqual(.notFound, response.status)
XCTAssertEqual("Not Found", string)
}

func testNoContentForSSLUncleanShutdown() throws {
let httpBin = HttpBinForSSLUncleanShutdown()
let httpClient = HTTPClient(eventLoopGroupProvider: .createNew,
configuration: HTTPClient.Configuration(certificateVerification: .none))

defer {
try! httpClient.syncShutdown()
httpBin.shutdown()
}

let response = try httpClient.get(url: "https://localhost:\(httpBin.port)/nocontent").wait()

XCTAssertEqual(.noContent, response.status)
XCTAssertEqual(response.body, nil)
}

func testNoResponseForSSLUncleanShutdown() throws {
let httpBin = HttpBinForSSLUncleanShutdown()
let httpClient = HTTPClient(eventLoopGroupProvider: .createNew,
configuration: HTTPClient.Configuration(certificateVerification: .none))

defer {
try! httpClient.syncShutdown()
httpBin.shutdown()
}

XCTAssertThrowsError(try httpClient.get(url: "https://localhost:\(httpBin.port)/noresponse").wait(), "Should fail") { error in
guard case let error = error as? NIOSSLError, case .uncleanShutdown = error else {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use == instead of guard case.

return XCTFail("Should fail with NIOSSLError.uncleanShutdown")
}
}
}

func testNoResponseWithIgnoreErrorForSSLUncleanShutdown() throws {
let httpBin = HttpBinForSSLUncleanShutdown()
let httpClient = HTTPClient(eventLoopGroupProvider: .createNew,
configuration: HTTPClient.Configuration(certificateVerification: .none, ignoreNIOSSLUncleanShutdownError: true))

defer {
try! httpClient.syncShutdown()
httpBin.shutdown()
}

XCTAssertThrowsError(try httpClient.get(url: "https://localhost:\(httpBin.port)/noresponse").wait(), "Should fail") { error in
guard case let error = error as? NIOSSLError, case .uncleanShutdown = error else {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use == instead of guard case.

return XCTFail("Should fail with NIOSSLError.uncleanShutdown")
}
}
}

func testWrongContentLengthForSSLUncleanShutdown() throws {
let httpBin = HttpBinForSSLUncleanShutdown()
let httpClient = HTTPClient(eventLoopGroupProvider: .createNew,
configuration: HTTPClient.Configuration(certificateVerification: .none))

defer {
try! httpClient.syncShutdown()
httpBin.shutdown()
}

XCTAssertThrowsError(try httpClient.get(url: "https://localhost:\(httpBin.port)/wrongcontentlength").wait(), "Should fail") { error in
guard case let error = error as? NIOSSLError, case .uncleanShutdown = error else {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use == instead of guard case.

return XCTFail("Should fail with NIOSSLError.uncleanShutdown")
}
}
}

func testWrongContentLengthWithIgnoreErrorForSSLUncleanShutdown() throws {
let httpBin = HttpBinForSSLUncleanShutdown()
let httpClient = HTTPClient(eventLoopGroupProvider: .createNew,
configuration: HTTPClient.Configuration(certificateVerification: .none, ignoreNIOSSLUncleanShutdownError: true))

defer {
try! httpClient.syncShutdown()
httpBin.shutdown()
}

XCTAssertThrowsError(try httpClient.get(url: "https://localhost:\(httpBin.port)/wrongcontentlength").wait(), "Should fail") { error in
guard case let error = error as? HTTPParserError, case .invalidEOFState = error else {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use == instead of guard case.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, it's my mistakes. it was updated, and I have run tests in swift 5.0 .

return XCTFail("Should fail with HTTPParserError.invalidEOFState")
}
}
}
}