From f1bf269876f4e32b074d271168edc2af64e1c7a6 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 1 Apr 2023 21:47:20 +0100 Subject: Expansions: Fix ${readsocket } to do nicer TLS close --- doc/doc-txt/ChangeLog | 3 +++ src/src/lookups/readsock.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 71f71a6ca..16d2b8ef8 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -119,6 +119,9 @@ JH/25 Bug 2827: Restrict size of References: header in bounce messages to 998 a not-impossible References: in the message being bounced could still be over-large and get stopped in the transport. +JH/26 For a ${readsocket } in TLS mode, send a TLS Close Alert before the TCP + close. Previously a bare socket close was done. + Exim version 4.96 ----------------- diff --git a/src/src/lookups/readsock.c b/src/src/lookups/readsock.c index a3f87108a..73cc02813 100644 --- a/src/src/lookups/readsock.c +++ b/src/src/lookups/readsock.c @@ -275,6 +275,10 @@ if (!lf.cache) *do_cache = 0; out: +#ifndef DISABLE_TLS +if (cctx->tls_ctx) tls_close(cctx->tls_ctx, TLS_SHUTDOWN_NOWAIT); +#endif + (void) close(cctx->sock); cctx->sock = -1; return ret; @@ -294,7 +298,7 @@ readsock_close(void * handle) client_conn_ctx * cctx = handle; if (cctx->sock < 0) return; #ifndef DISABLE_TLS -if (cctx->tls_ctx) tls_close(cctx->tls_ctx, TRUE); +if (cctx->tls_ctx) tls_close(cctx->tls_ctx, TLS_SHUTDOWN_NOWAIT); #endif close(cctx->sock); cctx->sock = -1; -- cgit v1.2.3