set_require_close_notify
Description:
Sets whether or not this expects a proper TLS close notification before the connection is closed.
If this is true (the default), then this will expect to receive a TLS close notification from its peer before the connection is closed, and will return a g_tls_error_eof error if the connection is closed without proper notification (since this may indicate a network error, or man-in-the-middle attack).
In some protocols, the application will know whether or not the connection was closed cleanly based on application-level data (because the application-level data includes a length field, or is somehow self-delimiting); in this case, the close notify is redundant and sometimes omitted. (TLS 1.1 explicitly allows this; in TLS 1.0 it is technically an error, but often done anyway.) You can use set_require_close_notify to tell this to allow an "unannounced" connection close, in which case the close will show up as a 0-length read, as in a non-TLS SocketConnection, and it is up to the application to check that the data has been fully received.
Note that this only affects the behavior when the peer closes the connection; when the application calls close itself on this, this will send a close notification regardless of the setting of this property. If you explicitly want to do an unclean close, you can close this's base_io_stream rather than closing this itself, but note that this may only be done when no other operations are pending on this or the base I/O stream.
Parameters:
| this | |
| require_close_notify |
whether or not to require close notification |