Overview
Features
Download
Documentation
Community
Add-Ons & Services

Closing connection problem with Poco::HTTPSClientSession

Please post support and help requests here.

Closing connection problem with Poco::HTTPSClientSession

Postby florath » 12 Dec 2013, 11:44

Hello!

I run into a problem with Poco::HTTPSClientSession and don't know how
to handle it.

Problem description:
A HTTPS connection to a server is established with the use of the
Poco::HTTPSClientSession class. Connection establishment,
key-exchange, initial data exchange works well.

The client sends one request directly after the session
establishment. HTTP 1.1 feature persistent connections is used
(i.e. the connection remains open for some time to handle additional
requests). The server waits one minute, then sends a 'close_notify'
and closes the connection (with a TCP FIN).
About two minutes later the client wants to send the next request.
The client sends out a 'close_notify' and closes the connection with a
TCP RST.

The client behavior is IMHO not correct. As you can read in RFC 6101,
the other side should close the connection *immediately*:

It is required that the other
party respond with a close_notify alert of its own and close down the
connection immediately, discarding any pending writes.

I'm not sure how to handle this with Poco. For me it looks that there
is the need for some callback handling. The problem is, that because
the 'socket()' call is protected within the Poco::HTTPSClientSession
there is no way to install such a 'close_notify' handler - and even I
don't know if there is a appropriate callback for this.

Can you please hint me to the class / function to call to correctly
close the connection?

Kind regards - Andreas

======================================================================

From RFC 6101

5.4.1. Closure Alerts


The client and the server must share knowledge that the connection is
ending in order to avoid a truncation attack. Either party may
initiate the exchange of closing messages.

close_notify: This message notifies the recipient that the sender
will not send any more messages on this connection. The session
becomes unresumable if any connection is terminated without proper
close_notify messages with level equal to warning.

Either party may initiate a close by sending a close_notify alert.
Any data received after a closure alert is ignored.

Each party is required to send a close_notify alert before closing
the write side of the connection. It is required that the other
party respond with a close_notify alert of its own and close down the
connection immediately, discarding any pending writes. It is not
required for the initiator of the close to wait for the responding
close_notify alert before closing the read side of the connection.

NB: It is assumed that closing a connection reliably delivers pending
data before destroying the transport.
florath
 
Posts: 1
Joined: 12 Dec 2013, 11:42

Return to Support

Who is online

Users browsing this forum: No registered users and 2 guests