Theo Buehler <[email protected]> wrote:
> On Tue, Aug 11, 2020 at 05:26:22PM -0400, Predrag Punosevac wrote:
> > This is a regression report for 019_libssl.patch
> > After applying libssl binary patch to 6.7 release s-nail-14.9.19 can no
> > longer close STARTTLS IPMI session with Gmail server. I recompiled
> > s-nail and rebooted the machine. After reverting the patch s-nail works
> > as expected. Interestingly enough I can only see this with Gmail
> > servers. 019_libssl.patch doesn't break Hotmail IPMI connection. Patch
> > does break SMTP session with Gmail server in the same fashion as IPMI.
> > It just doesn't terminate cleanly. I don't know enough about the subject
> > to look further into the problem but I am 100% sure this is LibreSSL
> > bug.
>
> Thanks for the report. Could you give this patch a spin on a -stable
> system, that is, on top of the 019_libssl patch?
>
> Index: lib/libssl/tls13_legacy.c
> ===================================================================
> RCS file: /var/cvs/src/lib/libssl/tls13_legacy.c,v
> retrieving revision 1.3.4.2
> diff -u -p -r1.3.4.2 tls13_legacy.c
> --- lib/libssl/tls13_legacy.c 10 Aug 2020 18:59:47 -0000 1.3.4.2
> +++ lib/libssl/tls13_legacy.c 12 Aug 2020 18:46:12 -0000
> @@ -497,6 +497,7 @@ tls13_legacy_shutdown(SSL *ssl)
> if ((ret = tls13_record_layer_send_pending(ctx->rl)) !=
> TLS13_IO_SUCCESS)
> return tls13_legacy_return_code(ssl, ret);
> + ctx->close_notify_sent = 1;
^^^^^^^^^^^^^^^^^^^^^^^^^
Right on the money! That did the trick. The patch works for me. Theo
thank you so much for patching this so quickly. Thank you Steffen for
figuring out the problem from my initial report.
Cheers,
Predrag
> } else if (!ctx->close_notify_recv) {
> /*
> * If there is no application data pending, attempt to read more
