On Fri, Jun 19, 2020 at 11:42:44AM -0000, Christian Weisgerber wrote: > On 2020-06-18, Marc Espie <es...@nerim.net> wrote: > > > What pkg_add does internally is a pipeline: > > > > ftp | signify|internal gunzip > > > > closing the end file handle should kill the whole chain. > > So I need to figure out where it goes wrong, what's the > > part that doesn't die "instantly". > > That's ftp(1). Our SSL people are sitting on a patch to libtls^H^H^Hssl.
Yes, jsing wanted to take a closer look. I will commit the diff tonight UTC unless I hear an objection (I have an ok beck). Index: tls13_legacy.c =================================================================== RCS file: /var/cvs/src/lib/libssl/tls13_legacy.c,v retrieving revision 1.8 diff -u -p -r1.8 tls13_legacy.c --- tls13_legacy.c 29 May 2020 17:47:30 -0000 1.8 +++ tls13_legacy.c 11 Jun 2020 12:19:30 -0000 @@ -477,6 +477,7 @@ tls13_legacy_shutdown(SSL *ssl) struct tls13_ctx *ctx = ssl->internal->tls13; uint8_t buf[512]; /* XXX */ ssize_t ret; + int want_close_notify = 1; /* * We need to return 0 when we have sent a close-notify but have not @@ -492,6 +493,11 @@ tls13_legacy_shutdown(SSL *ssl) /* Send close notify. */ if (!(ssl->internal->shutdown & SSL_SENT_SHUTDOWN)) { ssl->internal->shutdown |= SSL_SENT_SHUTDOWN; + /* + * Do not try to read application data to support unilateral + * shutdown semantics for SSL_shutdown(3). + */ + want_close_notify = 0; if ((ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY)) < 0) return tls13_legacy_return_code(ssl, ret); } @@ -501,7 +507,7 @@ tls13_legacy_shutdown(SSL *ssl) return tls13_legacy_return_code(ssl, ret); /* Receive close notify. */ - if (!ctx->close_notify_recv) { + if (want_close_notify && !ctx->close_notify_recv) { /* * If there is still application data pending then we have no * option but to discard it here. The application should have