Expansions: Fix ${readsocket } to do nicer TLS close

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 71f71a6cacc55f50f2f0047d21bcdc3e5720ea47..16d2b8ef84fc3dd4797e73667298e42a6e9b87bf 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -119,6 +119,9 @@ JH/25 Bug 2827: Restrict size of References: header in bounce messages to 998
       a not-impossible References: in the message being bounced could still
       be over-large and get stopped in the transport.
 
+JH/26 For a ${readsocket } in TLS mode, send a TLS Close Alert before the TCP
+      close.  Previously a bare socket close was done.
+
 
 Exim version 4.96
 -----------------

diff --git a/src/src/lookups/readsock.c b/src/src/lookups/readsock.c
index a3f87108a1cf31bfcada38b5a04fd31b06ae1b3a..73cc02813f1686b4ab73e47fe3147991e633633a 100644 (file)
--- a/src/src/lookups/readsock.c
+++ b/src/src/lookups/readsock.c
@@ -275,6 +275,10 @@ if (!lf.cache) *do_cache = 0;
 
 out:
 
+#ifndef DISABLE_TLS
+if (cctx->tls_ctx) tls_close(cctx->tls_ctx, TLS_SHUTDOWN_NOWAIT);
+#endif
+
 (void) close(cctx->sock);
 cctx->sock = -1;
 return ret;
@@ -294,7 +298,7 @@ readsock_close(void * handle)
 client_conn_ctx * cctx = handle;
 if (cctx->sock < 0) return;
 #ifndef DISABLE_TLS
-if (cctx->tls_ctx) tls_close(cctx->tls_ctx, TRUE);
+if (cctx->tls_ctx) tls_close(cctx->tls_ctx, TLS_SHUTDOWN_NOWAIT);
 #endif
 close(cctx->sock);
 cctx->sock = -1;