From c2827483f9d92c7abbc71a93c5a7607642826f1c Mon Sep 17 00:00:00 2001 From: Daniel Schadt Date: Mon, 8 Nov 2021 15:56:32 +0100 Subject: properly send close_notify after the response This is already mandated by the TLS spec, but has been made explicit as well for Gemini servers[1]: > As per RFCs 5246 and 8446, Gemini servers MUST send a TLS > `close_notify` prior to closing the connection after sending a > complete response. This is essential to disambiguate completed > responses from responses closed prematurely due to network error or > attack. We want to be well-behaved, therefore we now send close_notify properly after writing a response. You can verify this easily using [2]. [1] https://gemini.circumlunar.space/docs/specification.html [2] https://portal.mozz.us/ --- src/Cana.hs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/Cana.hs b/src/Cana.hs index 2e616ac..4d5c4d2 100644 --- a/src/Cana.hs +++ b/src/Cana.hs @@ -171,8 +171,13 @@ canaClient socket = do } -- | Render a response and write it to the TLS encrypted socket. +-- +-- Note that this function also sends the TLS @close_notify@, as mandated by +-- the TLS and the Gemini specifications. writeResponse :: TLS.Context -> GeminiResponse -> Cana () -writeResponse context = TLS.sendData context . renderResponse +writeResponse context response = do + TLS.sendData context $ renderResponse response + TLS.bye context -- | Find the fitting route for the given request. findRoute :: GeminiRequest -> Cana (Maybe Handler) -- cgit v1.2.3