No way to shut down a SecureTransport TLS connection with alert
| Originator: | wiml | ||
| Number: | rdar://16761956 | Date Originated: | 29-Apr-2014 |
| Status: | Open | Resolved: | |
| Product: | Product Version: | ||
| Classification: | Reproducible: | Always |
There does not seem to be any way to shut down a SecureTransport connection by sending a specific fatal alert. The only options are a clean shutdown (which can be incorrect behavior) or to drop the underlying TCP connection without terminating the TLS session (which is usually sufficient for basic correctness, but makes the resulting system hard to debug). One particular case where this is necessary is when using kSSLSessionOptionBreakOnServerAuth in order to perform application-specific certificate validation.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!