rpms/lftp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Do not wait for server close-notify on TLS close

Browse Source 
Resolves: RHEL-99571
This commit is contained in:
Tomas Korbar 2025-07-04 11:17:47 +02:00
parent 646bcb26a5
commit 4efd83ef27
2 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lftp-4.8.4-tls-close.patch
View File

@ -1,6 +1,6 @@
commit cf7867757a4f888942b9600a5cc95ff2befabd75
commit 4156522476192bd9a90aa747cdb8193ffc3a1f24
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Thu Jun 26 11:31:03 2025 +0200
Date: Fri Jul 4 11:15:42 2025 +0200
Ensure close-notify is sent on end of TLS connection
@ -106,7 +106,7 @@ index d3cf7f0..8915066 100644
#endif
diff --git a/src/lftp_ssl.cc b/src/lftp_ssl.cc
index 0a0078a..b994bfe 100644
index 0a0078a..19870da 100644
--- a/src/lftp_ssl.cc
+++ b/src/lftp_ssl.cc
@@ -45,6 +45,7 @@ lftp_ssl_base::lftp_ssl_base(int fd1,handshake_mode_t m,const char *h)
@ -117,7 +117,7 @@ index 0a0078a..b994bfe 100644
handshake_mode=m;
fatal=false;
cert_error=false;
@@ -347,10 +348,24 @@ void lftp_ssl_gnutls::load_keys()
@@ -347,10 +348,30 @@ void lftp_ssl_gnutls::load_keys()
Log::global->Format(9, "Loaded %d CRLs\n", res);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred);
}
@ -129,11 +129,17 @@ index 0a0078a..b994bfe 100644
- gnutls_bye(session,GNUTLS_SHUT_RDWR); // FIXME - E_AGAIN
+ int res;
+ if(handshake_done) {
+ res = gnutls_bye(session,GNUTLS_SHUT_WR);
+ res = gnutls_bye(session,GNUTLS_SHUT_RDWR);
+ if (res == GNUTLS_E_SUCCESS) {
+ goodbye_done = true;
+ return DONE;
+ } else if (res == GNUTLS_E_AGAIN || res == GNUTLS_E_INTERRUPTED) {
+ /* In ideal world we would not need this if, but windows does not
+ * send close-notify, so do not wait on server close-notify */
+ if (gnutls_record_get_direction(session) == 0) {
+ goodbye_done = true;
+ return DONE;
+ }
+ return RETRY;
+ }
+ fatal=check_fatal(res);
@ -145,7 +151,7 @@ index 0a0078a..b994bfe 100644
}
lftp_ssl_gnutls::~lftp_ssl_gnutls()
{
@@ -849,10 +864,23 @@ void lftp_ssl_openssl::load_keys()
@@ -849,10 +870,23 @@ void lftp_ssl_openssl::load_keys()
}
}
}

6
lftp.spec
View File

@ -1,7 +1,7 @@
Summary: A sophisticated file transfer program
Name: lftp
Version: 4.8.4
Release: 5%{?dist}
Release: 6%{?dist}
License: GPLv3+
Group: Applications/Internet
Source0: http://lftp.yar.ru/ftp/%{name}-%{version}.tar.xz
@ -107,6 +107,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Fri Jul 04 2025 Tomas Korbar <tkorbar@redhat.com> - 4.8.4-6
- Do not wait for server close-notify on TLS close
- Resolves: RHEL-99571
* Thu Jun 26 2025 Tomas Korbar <tkorbar@redhat.com> - 4.8.4-5
- Improve fix for close of TLS connection
- Resolves: RHEL-99571