From f12a54738a7bd25099ed4050b7a67eb67f8fa63e Mon Sep 17 00:00:00 2001 From: Jeong YunWon Date: Thu, 25 Dec 2025 12:54:10 +0900 Subject: [PATCH] Fix SSL test_preauth_data_to_tls_server --- crates/stdlib/src/ssl/compat.rs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/crates/stdlib/src/ssl/compat.rs b/crates/stdlib/src/ssl/compat.rs index 45aa9c4fce9..fa12855e242 100644 --- a/crates/stdlib/src/ssl/compat.rs +++ b/crates/stdlib/src/ssl/compat.rs @@ -391,6 +391,8 @@ pub(super) enum SslError { ZeroReturn, /// Unexpected EOF without close_notify (protocol violation) Eof, + /// Non-TLS data received before handshake completed + PreauthData, /// Certificate verification error CertVerification(rustls::CertificateError), /// I/O error @@ -562,6 +564,15 @@ impl SslError { .upcast(), SslError::ZeroReturn => create_ssl_zero_return_error(vm).upcast(), SslError::Eof => create_ssl_eof_error(vm).upcast(), + SslError::PreauthData => { + // Non-TLS data received before handshake + Self::create_ssl_error_with_reason( + vm, + None, + "before TLS handshake with data", + "before TLS handshake with data", + ) + } SslError::CertVerification(cert_err) => { // Use the proper cert verification error creator create_ssl_cert_verification_error(vm, &cert_err).expect("unlikely to happen") @@ -1245,6 +1256,12 @@ pub(super) fn ssl_do_handshake( } } + // InvalidMessage during handshake means non-TLS data was received + // before the handshake completed (e.g., HTTP request to TLS server) + if matches!(e, rustls::Error::InvalidMessage(_)) { + return Err(SslError::PreauthData); + } + // Certificate verification errors are already handled by from_rustls return Err(SslError::from_rustls(e));