Userland: Convert TLS::TLSv12 to a Core::Stream::Socket

This commit converts TLS::TLSv12 to a Core::Stream object, and in the process allows TLS to now wrap other Core::Stream::Socket objects. As a large part of LibHTTP and LibGemini depend on LibTLS's interface, this also converts those to support Core::Stream, which leads to a simplification of LibHTTP (as there's no need to care about the underlying socket type anymore). Note that RequestServer now controls the TLS socket options, which is a better place anyway, as RS is the first receiver of the user-requested options (though this is currently not particularly useful).
2025-07-26 20:17:44 +00:00 · 2022-02-02 19:21:55 +03:30 · 2022-02-02 19:21:55 +03:30 · aafc451016
commit aafc451016
parent 7a95c451a3
47 changed files with 841 additions and 1157 deletions
--- a/Userland/Libraries/LibTLS/Record.cpp
+++ b/Userland/Libraries/LibTLS/Record.cpp
@ -7,6 +7,7 @@
 #include <AK/Debug.h>
 #include <AK/Endian.h>
 #include <AK/MemoryStream.h>
+#include <LibCore/EventLoop.h>
 #include <LibCore/Timer.h>
 #include <LibCrypto/PK/Code/EMSA_PSS.h>
 #include <LibTLS/TLSv12.h>
@ -32,7 +33,7 @@ void TLSv12::alert(AlertLevel level, AlertDescription code)
 {
    auto the_alert = build_alert(level == AlertLevel::Critical, (u8)code);
    write_packet(the_alert);
-    flush();
+    MUST(flush());
 }

 void TLSv12::write_packet(ByteBuffer& packet)
@ -41,7 +42,7 @@ void TLSv12::write_packet(ByteBuffer& packet)
        if (m_context.connection_status > ConnectionStatus::Disconnected) {
            if (!m_has_scheduled_write_flush && !immediate) {
                dbgln_if(TLS_DEBUG, "Scheduling write of {}", m_context.tls_buffer.size());
-                deferred_invoke([this] { write_into_socket(); });
+                Core::deferred_invoke([this] { write_into_socket(); });
                m_has_scheduled_write_flush = true;
            } else {
                // multiple packet are available, let's flush some out
@ -540,15 +541,17 @@ ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
            if (code == (u8)AlertDescription::CloseNotify) {
                res += 2;
                alert(AlertLevel::Critical, AlertDescription::CloseNotify);
-                m_context.connection_finished = true;
                if (!m_context.cipher_spec_set) {
                    // AWS CloudFront hits this.
                    dbgln("Server sent a close notify and we haven't agreed on a cipher suite. Treating it as a handshake failure.");
                    m_context.critical_error = (u8)AlertDescription::HandshakeFailure;
                    try_disambiguate_error();
                }
+                m_context.close_notify = true;
            }
            m_context.error_code = (Error)code;
+            check_connection_state(false);
+            notify_client_for_app_data(); // Give the user one more chance to observe the EOF
        }
        break;
    default: