server: swallow TLS errors in the accept loop #1990
+14
−10
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
krispraws
reviewed
Oct 10, 2024
djc
reviewed
Oct 11, 2024
djc
approved these changes
Oct 14, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
#1989
A previous commit altered the handling of errors during TLS handshakes. Prior to that change, the various and sundry error IO errors which can arise during a handshake were ignored. The commit in question changed the behavior to instead exit the accept loop (and thus shut down the server) if any IO error which is not explicitly listed occurs. Since that commit, several error kinds have been added to the list piecemeal to address shutdowns, but the tail of errors which might need to be added is likely long.
Solution
This change aims to return the handling of TLS errors to the previous state where all errors from
tls.acceptwould be swallowed.This "de-unifies" the handling for those two classes of error, but I believe this to be the correct approach to preserve server stability - TLS handshake errors should not generally be fatal to the server.