Handle NIOSSLError.uncleanShutdown correctly

Author: fabianfett

Diff for: Sources/AsyncHTTPClient/ConnectionPool/HTTP1.1/HTTP1ClientChannelHandler.swift

@@ -153,8 +153,7 @@ final class HTTP1ClientChannelHandler: ChannelDuplexHandler {
 
         let action = self.state.runNewRequest(
             head: req.requestHead,
-            metadata: req.requestFramingMetadata,
-            ignoreUncleanSSLShutdown: req.requestOptions.ignoreUncleanSSLShutdown
+            metadata: req.requestFramingMetadata
         )
         self.run(action, context: context)
     }

Diff for: Sources/AsyncHTTPClient/ConnectionPool/HTTP1.1/HTTP1ConnectionStateMachine.swift

@@ -156,17 +156,13 @@ struct HTTP1ConnectionStateMachine {
 
     mutating func runNewRequest(
         head: HTTPRequestHead,
-        metadata: RequestFramingMetadata,
-        ignoreUncleanSSLShutdown: Bool
+        metadata: RequestFramingMetadata
     ) -> Action {
         guard case .idle = self.state else {
             preconditionFailure("Invalid state")
         }
 
-        var requestStateMachine = HTTPRequestStateMachine(
-            isChannelWritable: self.isChannelWritable,
-            ignoreUncleanSSLShutdown: ignoreUncleanSSLShutdown
-        )
+        var requestStateMachine = HTTPRequestStateMachine(isChannelWritable: self.isChannelWritable)
         let action = requestStateMachine.startRequest(head: head, metadata: metadata)
 
         // by default we assume a persistent connection. however in `requestVerified`, we read the

Diff for: Sources/AsyncHTTPClient/ConnectionPool/HTTP2/HTTP2ClientRequestHandler.swift

@@ -24,7 +24,7 @@ final class HTTP2ClientRequestHandler: ChannelDuplexHandler {
 
     private let eventLoop: EventLoop
 
-    private var state: HTTPRequestStateMachine = .init(isChannelWritable: false, ignoreUncleanSSLShutdown: false) {
+    private var state: HTTPRequestStateMachine = .init(isChannelWritable: false) {
         willSet {
             self.eventLoop.assertInEventLoop()
         }

Diff for: Sources/AsyncHTTPClient/ConnectionPool/HTTPRequestStateMachine.swift

@@ -103,11 +103,8 @@ struct HTTPRequestStateMachine {
 
     private var isChannelWritable: Bool
 
-    private let ignoreUncleanSSLShutdown: Bool
-
-    init(isChannelWritable: Bool, ignoreUncleanSSLShutdown: Bool) {
+    init(isChannelWritable: Bool) {
         self.isChannelWritable = isChannelWritable
-        self.ignoreUncleanSSLShutdown = ignoreUncleanSSLShutdown
     }
 
     mutating func startRequest(head: HTTPRequestHead, metadata: RequestFramingMetadata) -> Action {
@@ -201,17 +198,37 @@ struct HTTPRequestStateMachine {
             self.state = .failed(error)
             return .failRequest(error, .none)
 
-        case .running(.streaming, .receivingBody),
-             .running(.endSent, .receivingBody)
-                 where error as? NIOSSLError == .uncleanShutdown && self.ignoreUncleanSSLShutdown == true:
+        case .running(.streaming, .waitingForHead),
+             .running(.endSent, .waitingForHead) where error as? NIOSSLError == .uncleanShutdown:
+            // if we received a NIOSSL.uncleanShutdown before we got an answer we should handle
+            // this like a normal connection close. We will receive a call to channelInactive after
+            // this error.
             return .wait
 
+        case .running(.streaming, .receivingBody(let responseHead, _)),
+             .running(.endSent, .receivingBody(let responseHead, _)) where error as? NIOSSLError == .uncleanShutdown:
+
+            // if we have already received the response head, the parser will ensure that we receive
+            // the complete response. we can ignore this error. we might see a HTTPParserError very
+            // soon.
+            if responseHead.headers.contains(name: "content-length") || responseHead.headers.contains(name: "transfer-encoding") {
+                return .wait
+            }
+
+            // if the response is EOF terminated, we need to rely on a clean tls shutdown to be sure
+            // we have received all necessary bytes. For this reason we forward the uncleanShutdown
+            // error to the user.
+            self.state = .failed(error)
+            return .failRequest(error, .close)
+
         case .running:
             self.state = .failed(error)
             return .failRequest(error, .close)
+
         case .finished, .failed:
             // ignore error
             return .wait
+
         case .modifying:
             preconditionFailure("Invalid state: \(self.state)")
         }

Diff for: Sources/AsyncHTTPClient/ConnectionPool/RequestOptions.swift

@@ -18,20 +18,15 @@ struct RequestOptions {
     /// The maximal `TimeAmount` that is allowed to pass between `channelRead`s from the Channel.
     var idleReadTimeout: TimeAmount?
 
-    /// Should `NIOSSLError.uncleanShutdown` be forwarded to the user in HTTP/1 mode.
-    var ignoreUncleanSSLShutdown: Bool
-
-    init(idleReadTimeout: TimeAmount?, ignoreUncleanSSLShutdown: Bool) {
+    init(idleReadTimeout: TimeAmount?) {
         self.idleReadTimeout = idleReadTimeout
-        self.ignoreUncleanSSLShutdown = ignoreUncleanSSLShutdown
     }
 }
 
 extension RequestOptions {
     static func fromClientConfiguration(_ configuration: HTTPClient.Configuration) -> Self {
         RequestOptions(
-            idleReadTimeout: configuration.timeout.read,
-            ignoreUncleanSSLShutdown: configuration.ignoreUncleanSSLShutdown
+            idleReadTimeout: configuration.timeout.read
         )
     }
 }

Diff for: Sources/AsyncHTTPClient/HTTPClient.swift

@@ -601,7 +601,11 @@ public class HTTPClient {
         /// Enables automatic body decompression. Supported algorithms are gzip and deflate.
         public var decompression: Decompression
         /// Ignore TLS unclean shutdown error, defaults to `false`.
-        public var ignoreUncleanSSLShutdown: Bool
+        @available(*, deprecated, message: "AsyncHTTPClient now correctly supports handling unexpected SSL connection drops. This property is ignored")
+        public var ignoreUncleanSSLShutdown: Bool {
+            get { false }
+            set {}
+        }
 
         // TODO: make public
         // TODO: set to automatic by default
@@ -645,7 +649,6 @@ public class HTTPClient {
             self.timeout = timeout
             self.connectionPool = connectionPool
             self.proxy = proxy
-            self.ignoreUncleanSSLShutdown = ignoreUncleanSSLShutdown
             self.decompression = decompression
             self.httpVersion = httpVersion
         }

Diff for: Tests/AsyncHTTPClientTests/HTTP1ConnectionStateMachineTests.swift

@@ -25,7 +25,7 @@ class HTTP1ConnectionStateMachineTests: XCTestCase {
 
         let requestHead = HTTPRequestHead(version: .http1_1, method: .POST, uri: "/", headers: ["content-length": "4"])
         let metadata = RequestFramingMetadata(connectionClose: false, body: .fixedSize(4))
-        XCTAssertEqual(state.runNewRequest(head: requestHead, metadata: metadata, ignoreUncleanSSLShutdown: false), .wait)
+        XCTAssertEqual(state.runNewRequest(head: requestHead, metadata: metadata), .wait)
         XCTAssertEqual(state.writabilityChanged(writable: true), .sendRequestHead(requestHead, startBody: true))
 
         let part0 = IOData.byteBuffer(ByteBuffer(bytes: [0]))
@@ -63,7 +63,7 @@ class HTTP1ConnectionStateMachineTests: XCTestCase {
 
         let requestHead = HTTPRequestHead(version: .http1_1, method: .GET, uri: "/")
         let metadata = RequestFramingMetadata(connectionClose: false, body: .none)
-        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata, ignoreUncleanSSLShutdown: false)
+        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata)
         XCTAssertEqual(newRequestAction, .sendRequestHead(requestHead, startBody: false))
 
         let responseHead = HTTPResponseHead(version: .http1_1, status: .ok, headers: ["content-length": "12"])
@@ -91,7 +91,7 @@ class HTTP1ConnectionStateMachineTests: XCTestCase {
         XCTAssertEqual(state.channelActive(isWritable: true), .fireChannelActive)
         let requestHead = HTTPRequestHead(version: .http1_1, method: .GET, uri: "/", headers: ["connection": "close"])
         let metadata = RequestFramingMetadata(connectionClose: true, body: .none)
-        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata, ignoreUncleanSSLShutdown: false)
+        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata)
         XCTAssertEqual(newRequestAction, .sendRequestHead(requestHead, startBody: false))
 
         let responseHead = HTTPResponseHead(version: .http1_1, status: .ok)
@@ -107,7 +107,7 @@ class HTTP1ConnectionStateMachineTests: XCTestCase {
         XCTAssertEqual(state.channelActive(isWritable: true), .fireChannelActive)
         let requestHead = HTTPRequestHead(version: .http1_1, method: .GET, uri: "/")
         let metadata = RequestFramingMetadata(connectionClose: false, body: .none)
-        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata, ignoreUncleanSSLShutdown: false)
+        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata)
         XCTAssertEqual(newRequestAction, .sendRequestHead(requestHead, startBody: false))
 
         let responseHead = HTTPResponseHead(version: .http1_0, status: .ok, headers: ["content-length": "4"])
@@ -123,7 +123,7 @@ class HTTP1ConnectionStateMachineTests: XCTestCase {
         XCTAssertEqual(state.channelActive(isWritable: true), .fireChannelActive)
         let requestHead = HTTPRequestHead(version: .http1_1, method: .GET, uri: "/")
         let metadata = RequestFramingMetadata(connectionClose: false, body: .none)
-        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata, ignoreUncleanSSLShutdown: false)
+        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata)
         XCTAssertEqual(newRequestAction, .sendRequestHead(requestHead, startBody: false))
 
         let responseHead = HTTPResponseHead(version: .http1_0, status: .ok, headers: ["content-length": "4", "connection": "keep-alive"])
@@ -140,7 +140,7 @@ class HTTP1ConnectionStateMachineTests: XCTestCase {
         XCTAssertEqual(state.writabilityChanged(writable: true), .wait)
         let requestHead = HTTPRequestHead(version: .http1_1, method: .GET, uri: "/")
         let metadata = RequestFramingMetadata(connectionClose: false, body: .none)
-        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata, ignoreUncleanSSLShutdown: false)
+        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata)
         XCTAssertEqual(newRequestAction, .sendRequestHead(requestHead, startBody: false))
 
         let responseHead = HTTPResponseHead(version: .http1_1, status: .ok, headers: ["connection": "close"])
@@ -169,7 +169,7 @@ class HTTP1ConnectionStateMachineTests: XCTestCase {
 
         let requestHead = HTTPRequestHead(version: .http1_1, method: .GET, uri: "/")
         let metadata = RequestFramingMetadata(connectionClose: false, body: .none)
-        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata, ignoreUncleanSSLShutdown: false)
+        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata)
         XCTAssertEqual(newRequestAction, .sendRequestHead(requestHead, startBody: false))
 
         XCTAssertEqual(state.channelInactive(), .failRequest(HTTPClientError.remoteConnectionClosed, .none))
@@ -181,7 +181,7 @@ class HTTP1ConnectionStateMachineTests: XCTestCase {
 
         let requestHead = HTTPRequestHead(version: .http1_1, method: .POST, uri: "/", headers: ["content-length": "4"])
         let metadata = RequestFramingMetadata(connectionClose: false, body: .fixedSize(4))
-        XCTAssertEqual(state.runNewRequest(head: requestHead, metadata: metadata, ignoreUncleanSSLShutdown: false), .wait)
+        XCTAssertEqual(state.runNewRequest(head: requestHead, metadata: metadata), .wait)
         XCTAssertEqual(state.writabilityChanged(writable: true), .sendRequestHead(requestHead, startBody: true))
 
         let part0 = IOData.byteBuffer(ByteBuffer(bytes: [0]))
@@ -225,7 +225,7 @@ class HTTP1ConnectionStateMachineTests: XCTestCase {
         XCTAssertEqual(state.channelActive(isWritable: false), .fireChannelActive)
         let requestHead = HTTPRequestHead(version: .http1_1, method: .POST, uri: "/", headers: ["content-length": "4"])
         let metadata = RequestFramingMetadata(connectionClose: false, body: .fixedSize(4))
-        XCTAssertEqual(state.runNewRequest(head: requestHead, metadata: metadata, ignoreUncleanSSLShutdown: false), .wait)
+        XCTAssertEqual(state.runNewRequest(head: requestHead, metadata: metadata), .wait)
         XCTAssertEqual(state.requestCancelled(closeConnection: false), .failRequest(HTTPClientError.cancelled, .informConnectionIsIdle))
     }
 
@@ -234,7 +234,7 @@ class HTTP1ConnectionStateMachineTests: XCTestCase {
         XCTAssertEqual(state.channelActive(isWritable: true), .fireChannelActive)
         let requestHead = HTTPRequestHead(version: .http1_1, method: .GET, uri: "/")
         let metadata = RequestFramingMetadata(connectionClose: false, body: .none)
-        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata, ignoreUncleanSSLShutdown: false)
+        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata)
         XCTAssertEqual(newRequestAction, .sendRequestHead(requestHead, startBody: false))
         let responseHead = HTTPResponseHead(version: .http1_1, status: .ok)
         XCTAssertEqual(state.channelRead(.head(responseHead)), .forwardResponseHead(responseHead, pauseRequestBodyStream: false))
@@ -249,7 +249,7 @@ class HTTP1ConnectionStateMachineTests: XCTestCase {
         XCTAssertEqual(state.channelActive(isWritable: true), .fireChannelActive)
         let requestHead = HTTPRequestHead(version: .http1_1, method: .GET, uri: "/")
         let metadata = RequestFramingMetadata(connectionClose: false, body: .none)
-        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata, ignoreUncleanSSLShutdown: false)
+        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata)
         XCTAssertEqual(newRequestAction, .sendRequestHead(requestHead, startBody: false))
         let responseHead = HTTPResponseHead(version: .http1_1, status: .switchingProtocols)
         XCTAssertEqual(state.channelRead(.head(responseHead)), .forwardResponseHead(responseHead, pauseRequestBodyStream: false))
@@ -261,7 +261,7 @@ class HTTP1ConnectionStateMachineTests: XCTestCase {
         XCTAssertEqual(state.channelActive(isWritable: true), .fireChannelActive)
         let requestHead = HTTPRequestHead(version: .http1_1, method: .GET, uri: "/")
         let metadata = RequestFramingMetadata(connectionClose: false, body: .none)
-        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata, ignoreUncleanSSLShutdown: false)
+        let newRequestAction = state.runNewRequest(head: requestHead, metadata: metadata)
         XCTAssertEqual(newRequestAction, .sendRequestHead(requestHead, startBody: false))
         let responseHead = HTTPResponseHead(version: .http1_1, status: .init(statusCode: 103, reasonPhrase: "Early Hints"))
         XCTAssertEqual(state.channelRead(.head(responseHead)), .wait)

Diff for: Tests/AsyncHTTPClientTests/HTTPClientTests+XCTest.swift

@@ -59,14 +59,6 @@ extension HTTPClientTests {
             ("testProxyPlaintextWithCorrectlyAuthorization", testProxyPlaintextWithCorrectlyAuthorization),
             ("testProxyPlaintextWithIncorrectlyAuthorization", testProxyPlaintextWithIncorrectlyAuthorization),
             ("testUploadStreaming", testUploadStreaming),
-            ("testNoContentLengthForSSLUncleanShutdown", testNoContentLengthForSSLUncleanShutdown),
-            ("testNoContentLengthWithIgnoreErrorForSSLUncleanShutdown", testNoContentLengthWithIgnoreErrorForSSLUncleanShutdown),
-            ("testCorrectContentLengthForSSLUncleanShutdown", testCorrectContentLengthForSSLUncleanShutdown),
-            ("testNoContentForSSLUncleanShutdown", testNoContentForSSLUncleanShutdown),
-            ("testNoResponseForSSLUncleanShutdown", testNoResponseForSSLUncleanShutdown),
-            ("testNoResponseWithIgnoreErrorForSSLUncleanShutdown", testNoResponseWithIgnoreErrorForSSLUncleanShutdown),
-            ("testWrongContentLengthForSSLUncleanShutdown", testWrongContentLengthForSSLUncleanShutdown),
-            ("testWrongContentLengthWithIgnoreErrorForSSLUncleanShutdown", testWrongContentLengthWithIgnoreErrorForSSLUncleanShutdown),
             ("testEventLoopArgument", testEventLoopArgument),
             ("testDecompression", testDecompression),
             ("testDecompressionLimit", testDecompressionLimit),