On Fri, Jun 19, 2020 at 11:42:44AM -0000, Christian Weisgerber wrote:
> On 2020-06-18, Marc Espie <[email protected]> wrote:
>
> > What pkg_add does internally is a pipeline:
> >
> > ftp | signify|internal gunzip
> >
> > closing the end file handle should kill the whole chain.
> > So I need to figure out where it goes wrong, what's the
> > part that doesn't die "instantly".
>
> That's ftp(1). Our SSL people are sitting on a patch to libtls^H^H^Hssl.
Yes, jsing wanted to take a closer look. I will commit the diff tonight
UTC unless I hear an objection (I have an ok beck).
Index: tls13_legacy.c
===================================================================
RCS file: /var/cvs/src/lib/libssl/tls13_legacy.c,v
retrieving revision 1.8
diff -u -p -r1.8 tls13_legacy.c
--- tls13_legacy.c 29 May 2020 17:47:30 -0000 1.8
+++ tls13_legacy.c 11 Jun 2020 12:19:30 -0000
@@ -477,6 +477,7 @@ tls13_legacy_shutdown(SSL *ssl)
struct tls13_ctx *ctx = ssl->internal->tls13;
uint8_t buf[512]; /* XXX */
ssize_t ret;
+ int want_close_notify = 1;
/*
* We need to return 0 when we have sent a close-notify but have not
@@ -492,6 +493,11 @@ tls13_legacy_shutdown(SSL *ssl)
/* Send close notify. */
if (!(ssl->internal->shutdown & SSL_SENT_SHUTDOWN)) {
ssl->internal->shutdown |= SSL_SENT_SHUTDOWN;
+ /*
+ * Do not try to read application data to support unilateral
+ * shutdown semantics for SSL_shutdown(3).
+ */
+ want_close_notify = 0;
if ((ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY))
< 0)
return tls13_legacy_return_code(ssl, ret);
}
@@ -501,7 +507,7 @@ tls13_legacy_shutdown(SSL *ssl)
return tls13_legacy_return_code(ssl, ret);
/* Receive close notify. */
- if (!ctx->close_notify_recv) {
+ if (want_close_notify && !ctx->close_notify_recv) {
/*
* If there is still application data pending then we have no
* option but to discard it here. The application should have
