On Tue, Aug 11, 2020 at 05:26:22PM -0400, Predrag Punosevac wrote:
> This is a regression report for 019_libssl.patch
> After applying libssl binary patch to 6.7 release s-nail-14.9.19 can no
> longer close STARTTLS IPMI session with Gmail server. I recompiled
> s-nail and rebooted the machine. After reverting the patch s-nail works
> as expected. Interestingly enough I can only see this with Gmail
> servers. 019_libssl.patch doesn't break Hotmail IPMI connection. Patch
> does break SMTP session with Gmail server in the same fashion as IPMI.
> It just doesn't terminate cleanly. I don't know enough about the subject
> to look further into the problem but I am 100% sure this is LibreSSL
> bug.
Thanks for the report. Could you give this patch a spin on a -stable
system, that is, on top of the 019_libssl patch?
Index: lib/libssl/tls13_legacy.c
===================================================================
RCS file: /var/cvs/src/lib/libssl/tls13_legacy.c,v
retrieving revision 1.3.4.2
diff -u -p -r1.3.4.2 tls13_legacy.c
--- lib/libssl/tls13_legacy.c 10 Aug 2020 18:59:47 -0000 1.3.4.2
+++ lib/libssl/tls13_legacy.c 12 Aug 2020 18:46:12 -0000
@@ -497,6 +497,7 @@ tls13_legacy_shutdown(SSL *ssl)
if ((ret = tls13_record_layer_send_pending(ctx->rl)) !=
TLS13_IO_SUCCESS)
return tls13_legacy_return_code(ssl, ret);
+ ctx->close_notify_sent = 1;
} else if (!ctx->close_notify_recv) {
/*
* If there is no application data pending, attempt to read more
