From 45ae6053329efce72ba91c1550e1395d0209e850 Mon Sep 17 00:00:00 2001
From: Yossi Gottlieb <yossigo@gmail.com>
Date: Tue, 5 Jul 2022 08:41:17 +0300
Subject: [PATCH] TLS: Notify clients on connection shutdown. (#10931)

Use SSL_shutdown(), in a best-effort manner, when closing a TLS
connection. This change better supports OpenSSL 3.x clients that will
not silently ignore the socket-level EOF.
---
 src/tls.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/tls.c b/src/tls.c
index e7787e63a..e8d8a4f64 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -722,6 +722,8 @@ static void connTLSClose(connection *conn_) {
     tls_connection *conn = (tls_connection *) conn_;
 
     if (conn->ssl) {
+        if (conn->c.state == CONN_STATE_CONNECTED)
+            SSL_shutdown(conn->ssl);
         SSL_free(conn->ssl);
         conn->ssl = NULL;
     }