[Date Prev][Date Next]
Re: (ITS#4940) libldap doesn't wait for server's TLS close_notify
On Fri, 11 May 2007, Howard Chu wrote:
> That sounds like you're seeing a bug in the kernel's TCP stack then. A
> TCP close sends a FIN to the other end and is required to wait for the
> FIN to be ACK'd before the connection can be torn down. (Subject to 2MSL
> timeout.) That is most certainly not our problem.
The FIN sent by the client *is* ACKed by the server. The data sent by the
client is reliably delivered. The issue is the behavior when data is sent
to a endpoint which has already called close(). The data can't be
delivered to the application, so the kernel send back a RST to inform the
other end of the data loss. That issue---the data loss---is a direct
result of the server sending a TLS close_notify and client not reading it
before closing the socket. Unless one of those changes, a RST must be
generated to report the data loss to the sender.
All the UNIX versions that I have tried behave as described. If this is a
bug in TCP stacks, it is *very* well entrenched.