On Tue, Aug 11, 2020 at 05:26:22PM -0400, Predrag Punosevac wrote: > This is a regression report for 019_libssl.patch > After applying libssl binary patch to 6.7 release s-nail-14.9.19 can no > longer close STARTTLS IPMI session with Gmail server. I recompiled > s-nail and rebooted the machine. After reverting the patch s-nail works > as expected. Interestingly enough I can only see this with Gmail > servers. 019_libssl.patch doesn't break Hotmail IPMI connection. Patch > does break SMTP session with Gmail server in the same fashion as IPMI. > It just doesn't terminate cleanly. I don't know enough about the subject > to look further into the problem but I am 100% sure this is LibreSSL > bug.
Thanks for the report. Could you give this patch a spin on a -stable system, that is, on top of the 019_libssl patch? Index: lib/libssl/tls13_legacy.c =================================================================== RCS file: /var/cvs/src/lib/libssl/tls13_legacy.c,v retrieving revision 1.3.4.2 diff -u -p -r1.3.4.2 tls13_legacy.c --- lib/libssl/tls13_legacy.c 10 Aug 2020 18:59:47 -0000 1.3.4.2 +++ lib/libssl/tls13_legacy.c 12 Aug 2020 18:46:12 -0000 @@ -497,6 +497,7 @@ tls13_legacy_shutdown(SSL *ssl) if ((ret = tls13_record_layer_send_pending(ctx->rl)) != TLS13_IO_SUCCESS) return tls13_legacy_return_code(ssl, ret); + ctx->close_notify_sent = 1; } else if (!ctx->close_notify_recv) { /* * If there is no application data pending, attempt to read more