Do not wait for server close-notify on TLS close

Resolves: RHEL-100406
2025-07-03 13:43:05 +02:00 · 2025-07-03 13:43:05 +02:00 · e073323662
commit e073323662
parent eac3b1b495
2 changed files with 17 additions and 7 deletions
--- a/lftp-4.9.2-tls-close.patch
+++ b/lftp-4.9.2-tls-close.patch
@ -1,6 +1,6 @@
-commit 68163723f05887acf86c82413d94481b57b53001
+commit 8e0929dc88b1bd4b3f21e9265176b106a47df949
 Author: Tomas Korbar <tkorbar@redhat.com>
-Date:   Thu Jun 26 14:11:50 2025 +0200
+Date:   Thu Jul 3 13:41:19 2025 +0200

    Ensure close-notify is sent on end of TLS connection

@ -106,7 +106,7 @@ index d3cf7f0..8915066 100644
 #endif
 
 diff --git a/src/lftp_ssl.cc b/src/lftp_ssl.cc
-index 14a3b9d..6986bd3 100644
+index 14a3b9d..1d7f079 100644
 --- a/src/lftp_ssl.cc
 +++ b/src/lftp_ssl.cc
@@ -48,6 +48,7 @@ lftp_ssl_base::lftp_ssl_base(int fd1,handshake_mode_t m,const char *h)
@ -117,7 +117,7 @@ index 14a3b9d..6986bd3 100644
    handshake_mode=m;
    fatal=false;
    cert_error=false;
-@@ -340,10 +341,24 @@ void lftp_ssl_gnutls::load_keys()
+@@ -340,10 +341,30 @@ void lftp_ssl_gnutls::load_keys()
    }
    gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred);
 }
@ -129,11 +129,17 @@ index 14a3b9d..6986bd3 100644
 -      gnutls_bye(session,GNUTLS_SHUT_RDWR);  // FIXME - E_AGAIN
 +   int res;
 +   if(handshake_done) {
-+      res = gnutls_bye(session,GNUTLS_SHUT_WR);
+      res = gnutls_bye(session,GNUTLS_SHUT_RDWR);
 +      if (res == GNUTLS_E_SUCCESS) {
 +         goodbye_done = true;
 +         return DONE;
 +      } else if (res == GNUTLS_E_AGAIN || res == GNUTLS_E_INTERRUPTED) {
+         /* In ideal world we would not need this if, but windows does not
+          * send close-notify, so do not wait on server close-notify */
+         if (gnutls_record_get_direction(session) == 0) {
+            goodbye_done = true;
+            return DONE;
+         }
 +         return RETRY;
 +      }
 +      fatal=check_fatal(res);
@ -145,7 +151,7 @@ index 14a3b9d..6986bd3 100644
 }
 lftp_ssl_gnutls::~lftp_ssl_gnutls()
 {
-@@ -965,10 +980,23 @@ void lftp_ssl_openssl::load_keys()
+@@ -965,10 +986,23 @@ void lftp_ssl_openssl::load_keys()
       }
    }
 }
--- a/lftp.spec
+++ b/lftp.spec
@ -1,7 +1,7 @@
 Summary:	A sophisticated file transfer program
 Name:		lftp
 Version:	4.9.2
-Release:	6%{?dist}
+Release:	7%{?dist}
 License:	GPLv3+
 Source0:	http://lftp.yar.ru/ftp/%{name}-%{version}.tar.xz
 URL:		http://lftp.yar.ru/
@ -94,6 +94,10 @@ desktop-file-install	\


 %changelog
+* Thu Jul 03 2025 Tomas Korbar <tkorbar@redhat.com> - 4.9.2-7
+- Do not wait for server close-notify on TLS close
+- Resolves: RHEL-100406
+
 * Thu Jun 26 2025 Tomas Korbar <tkorbar@redhat.com> - 4.9.2-6
 - Improve fix for close of TLS connection
 - Resolves: RHEL-90997