diff options
| author | Daniel Schadt <kingdread@gmx.de> | 2021-11-08 15:56:32 +0100 |
|---|---|---|
| committer | Daniel Schadt <kingdread@gmx.de> | 2021-11-08 16:00:34 +0100 |
| commit | c2827483f9d92c7abbc71a93c5a7607642826f1c (patch) | |
| tree | cbf71648b96e13fc0ff09a58db10fb51f3c29570 | |
| parent | 7ae86ad2f32994791edcd4d4ac4ec8499034181f (diff) | |
| download | Cana-c2827483f9d92c7abbc71a93c5a7607642826f1c.tar.gz Cana-c2827483f9d92c7abbc71a93c5a7607642826f1c.tar.bz2 Cana-c2827483f9d92c7abbc71a93c5a7607642826f1c.zip | |
properly send close_notify after the response
This is already mandated by the TLS spec, but has been made explicit as
well for Gemini servers[1]:
> As per RFCs 5246 and 8446, Gemini servers MUST send a TLS
> `close_notify` prior to closing the connection after sending a
> complete response. This is essential to disambiguate completed
> responses from responses closed prematurely due to network error or
> attack.
We want to be well-behaved, therefore we now send close_notify properly
after writing a response.
You can verify this easily using [2].
[1] https://gemini.circumlunar.space/docs/specification.html
[2] https://portal.mozz.us/
| -rw-r--r-- | src/Cana.hs | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/Cana.hs b/src/Cana.hs index 2e616ac..4d5c4d2 100644 --- a/src/Cana.hs +++ b/src/Cana.hs @@ -171,8 +171,13 @@ canaClient socket = do } -- | Render a response and write it to the TLS encrypted socket. +-- +-- Note that this function also sends the TLS @close_notify@, as mandated by +-- the TLS and the Gemini specifications. writeResponse :: TLS.Context -> GeminiResponse -> Cana () -writeResponse context = TLS.sendData context . renderResponse +writeResponse context response = do + TLS.sendData context $ renderResponse response + TLS.bye context -- | Find the fitting route for the given request. findRoute :: GeminiRequest -> Cana (Maybe Handler) |